Microsoft Email Hack Shows the Lurking Danger of Customer Support

Microsoft Email Hack Shows the Lurking Danger of Customer Support

Between January 1 and March 28 of this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account data like email addresses in messages, message subject lines, and folder names inside accounts.

Trump’s Homeland Security Purge Worries Cybersecurity Experts

Trump’s Homeland Security Purge Worries Cybersecurity Experts

“DHS’s voice is vital around the Situation Room table,” says Edelman “Looking ahead, as we consider issues like national security controls over AI, or limits to foreign investment, DHS is going to be more crucial than ever—and their absence of leadership could lead to some very skewed outcomes.”.

Mar-a-Lago's Security Problems Go Way Beyond a Thumb Drive

Mar-a-Lago's Security Problems Go Way Beyond a Thumb Drive

“It's an attacker's dream and a physical security nightmare,” a former NSA hacker says about Mar-a-Lago, one of President Trump's favorite properties to visit.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

Want Apple Card’s Security Benefits? Just Use Apple Pay

Want Apple Card’s Security Benefits? Just Use Apple Pay

Just Use Apple Pay. You don't need to wait until Apple Card comes out this summer to experience the security features Apple touted on Monday.

Mastercard Wades Into Murky Waters With Its New Digital ID

Mastercard Wades Into Murky Waters With Its New Digital ID

In December, Mastercard announced that it was working to develop an international digital identity scheme which could be used as a flexible verifier for financial transactions, government interactions, or online services.

FEMA Leaked Data From 2.3 Million Disaster Survivors

FEMA Leaked Data From 2.3 Million Disaster Survivors

On Friday, FEMA publicly acknowledged a Homeland Security Department Office of the Inspector General report that the emergency response agency wrongly shared personal data from 2.3 million disaster survivors with a temporary-housing-related contractor.

Here's What It's Like to Accidentally Expose the Data of 230M People

Here's What It's Like to Accidentally Expose the Data of 230M People

"As you can imagine," Hardigree says, "I went into panic mode." The day before that scrum, WIRED had revealed that Exactis exposed a database of 340 million records on the open internet, as first spotted by an independent security researcher named Vinny Troia.

Why It's So Hard to Restart Venezuela's Power Grid

Why It's So Hard to Restart Venezuela's Power Grid

Government statements and reports indicate that the blackout stems from a problem at the enormous Guri dam hydropower plant in eastern Venezuela, which generates 80 percent of the country's electricity.

Turn On Auto-Updates Everywhere You Can

Turn On Auto-Updates Everywhere You Can

Turn On Auto-Updates Everywhere You Can Alyssa Foote This week, Google announced that it had patched a wicked vulnerability in Chrome, by far the most popular browser in the world.

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

(Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level, or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.

Quantum Physics Could Protect the Grid From Hackers—Maybe

Quantum Physics Could Protect the Grid From Hackers—Maybe

“It’s like working on a car with its engine running.” Sungjin Kim/Getty Images Cybersecurity experts have sounded the alarm for years: Hackers are ogling the U.S. power grid. Peters’s group thinks that a utility company could use quantum-encrypted data to communicate with their hardware.

Android Is Helping Kill Passwords on a Billion Devices

Android Is Helping Kill Passwords on a Billion Devices

Google's Brand points out that under FIDO2, developers will even be able to streamline their mobile browser and local app sign-in infrastructure so a user can set up password-less login on the web, and have that same easy authentication step carry over to the service's app or vice versa.

A Hidden Nest Secure Mic, Facebook's Dead VPN, and More Security News This Week

A Hidden Nest Secure Mic, Facebook's Dead VPN, and More Security News This Week

Security News This Week: Google Forgot To Mention the Nest Secure's Hidden Mic Nest The Mueller investigation has lasted so long, it's easy to forget that it'll end at some point.

Chinese Surveillance, Facebook Tracking, and More Security News This Week

Chinese Surveillance, Facebook Tracking, and More Security News This Week

LEARN MORE The WIRED Guide to Data Breaches This week, a security researcher found that Chinese company SenseNets, which allegedly facilitates that facial recognition tracking, had left a database containing the associated data completely exposed online.

Don’t Get Your Valentine an Internet-Connected Sex Toy

Don’t Get Your Valentine an Internet-Connected Sex Toy

“Even simply opening the Bluetooth explorer on your phone will reveal nearby smart adult devices that are powered on.” When Bluetooth is used to hack into and take over a sex toy, it’s called “screwdriving”—a term coined by Pen Test Partners in 2017, when its researchers discovered that the Lovense Hush butt plug could be found and remotely controlled via Bluetooth.

Google's Making It Easier to Encrypt Even Cheap Android Phones

Google's Making It Easier to Encrypt Even Cheap Android Phones

"The design is solid, based on trusted components, and likely to adequately protect users of the products integrating this new algorithm." The Google researchers says that they are confident in Adiantum's integrity, and they hope it will help call attention to the importance of storage encryption for IoT and other low-resource devices.

Be Careful Using Bots on Telegram

Be Careful Using Bots on Telegram

"A bot would dramatically undercut the security properties of a chat." Kenn White, Open Crypto Audit Project But Telegram's bot platform relies instead on the Transport Layer Security protocol used in HTTPS web encryption. While researching one such malware scheme, Forcepoint accidentally discovered that Telegram chats that include bots have reduced security.

A Worldwide Hacking Spree Uses DNS Trickery to Nab Data

A Worldwide Hacking Spree Uses DNS Trickery to Nab Data

Using a classic tactic to undermine data security as it moves across the web, hackers have grabbed sensitive data like login credentials and business details from telecoms, internet service providers, government organizations, and other institutions in the Middle East, North Africa, Europe, and North America.

The Elite Intel Team Still Fighting Meltdown and Spectre

The Elite Intel Team Still Fighting Meltdown and Spectre

"In the past no one was aware of these issues, so they weren’t willing to sacrifice any performance for security." Jon Masters, Red Hat At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats.

The Worst Hacks of 2018

The Worst Hacks of 2018

But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.Atlanta RansomwareIn March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations.

Hacking Diplomatic Cables Is Expected. Exposing Them Is Not

Hacking Diplomatic Cables Is Expected. Exposing Them Is Not

It is news that they totally got caught, though," says Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera.In the attack Area 1 identified, hackers first breached the European communication network known as Coreu in April 2015, and actively exfiltrated data until last week.

The WIRED Guide to Data Breaches

The WIRED Guide to Data Breaches

The site the company set up for victims was itself vulnerable to attack, and it asked for the last six digits of people's Social Security numbers to check if their data had been impacted by the breach.

GOP Email Hack Shows How Bad Midterm Election Meddling Got

GOP Email Hack Shows How Bad Midterm Election Meddling Got

GOP Email Hack Shows How Bad Midterm Election Meddling GotUS President Donald Trump delivers remarks at the National Republican Congressional Committee in March.Kevin Dietsch/Getty ImagesThough sporadic hacker intrusions and phishing campaigns targeted political entities in the lead-up to November's midterm elections, things seemed pretty quiet overall on the election-meddling front in the US.

ITunes Doesn't Encrypt Downloads—on Purpose

ITunes Doesn't Encrypt Downloads—on Purpose

He agrees that there are always potential downsides to sending data unencrypted, but notes that an attacker who wants to track what a target is downloading might still be able to do it even with TLS encryption, based on an app's size.For its part, the Google Play Store seems to have found a way around this caching mechanism, which is not totally surprising since Google specifically staked out its support for ubiquitous HTTPS years ago.

You Know What? Go Ahead and Use the Hotel Wi-Fi

You Know What? Go Ahead and Use the Hotel Wi-Fi

The most important thing to know about HTTPS, though, is that it obviates most of the attacks that (rightly) scared you off of public Wi-Fi in the first place.“If you’re in the US, the web is pretty well encrypted.

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

Security News This Week: Japan's Top Cybersecurity Official Has Never Used a ComputerTOSHIFUMI KITAMURA/AFP/Getty ImagesThe US refused to join a new global cybersecurity agreement this week—maybe because it was created by French president Emmanuel Macron, with whom President Trump isn’t on great terms with.On the same day, internet traffic that was supposed to route through Google’s cloud servers instead went haywire, traveling through unplanned servers based in the likes of Russia and China.

Surveillance Kills Freedom By Killing Experimentation

Surveillance Kills Freedom By Killing Experimentation

Of course the story is more complicated than that, but the ability for members of society to privately smoke weed was essential for putting it on the path to legalization.We don’t yet know which subversive ideas and illegal acts of today will become political causes and positive social change tomorrow, but they’re around.

Top US Intelligence Official Sue Gordon Wants Silicon Valley on Her Side

Top US Intelligence Official Sue Gordon Wants Silicon Valley on Her Side

Artificial intelligence, she says, presents a huge opportunity for the government and the private sector, but the risks of its being abused, biased, or deployed by foreign adversaries is so real that the government and tech companies should be collaborate to secure it.Some in tech openly agree with that notion—Bezos told the audience at WIRED 25 last month that “if big tech companies are going to turn their back on US Department of Defense, this country is going to be in a lot of trouble”—much of the rank and file are uneasy or flat-out hostile to the idea of working with the government on matters of war.Google, in particular, has had a recently rocky relationship.

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns

And in some cases, it’s easy to forget that they’re even connected to the internet.”Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla’s rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn’t take a PhD to parse."We’re trying to give people essentially a way to look at any product and what to look for, what questions to ask."Ashley Boyd, MozillaThe most surprising result of Mozilla’s testing may be how many products actually earned its seal of approval.

More