Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.
Plus, here's a look back at the worst cybersecurity incidents of 2019 so far . See if your favorite data disaster or act of international cyber-aggression made the cut!
And even on a holiday weekend there's more. Every Saturday we round up the security and privacy stories we didn’t break or report on in depth, which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.Süddeutsche Zeitung, and the German public broadcaster NDR.Chronicle Security say that the exploit samples posted by Cyber Command in its announcement this week offer some of the first public hard evidence of this connection.Hacker Interchange, an ethical computer science training group, started having the video security lessons on its Cyber Weapons Lab channel flagged and taken down by YouTube. The group was also blocked from uploading new videos. YouTube later reversed its decision and said that the channel was flagged in error, but the incident raised concerns in the security research community about what type of content is allowed on YouTube. The guidelines prohibit, "Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data." The entry appears on a list with other banned video types like "Instructions to kill or harm" and "Instructional theft." But while it's obvious why YouTube would want to ban videos that disseminate instructions on how to do dangerous or illegal hacking, the use of the word "instructional" is problematic for the cybersecurity defense community, because educating defenders often requires a component of explaining how malicious hacking is done. Additionally, the policy is potentially at odds with the longstanding cybersecurity practice of responsible disclosure, in which researchers may publish proof of a vulnerability after a set period (often 90 days) of notifying a developer and waiting for them to fix the problem.Virginia became one of the first places worldwide to make distribution of manipulated, non-consensual "deepfake" visual content a criminal offense. The ban comes as an amendment to an existing Virginia "revenge porn" law that prohibits distribution of sexual or nude imagery without the subject's permission. The updated version of the law now specifically prohibits sharing "falsely created videographic or still image" content without the subject's consent.the Google Play Store. But in mid-April Google pulled the app and forced 4shared to add a new version to the store. 4shared says it doesn't know why it was subjected to this treatment and that perhaps it had to do with third-party components in the old app from a Hong Kong developer called Elephant Data. Researchers told TechCrunch, though, that this wasn't just a minor confusion, and that the old version of 4shared was displaying invisible adds to users and secretly using simulated screen taps to subscribe users to services without their knowledge—potentially pilfering millions of dollars from 4shared customers. The researchers say that Elephant Data modules were directly powering this fraudulent behavior, and included numerous monitoring and URL-redirect mechanisms seemingly to ensure that the illicit activity stayed hidden. The resubmitted version of 4shared's app already as 10 million new downloads. Users that are still running the old version of the app need to delete it and download the new version to protect themselves.
- Apollo 11: Mission (out of) control
- The simple way Apple and Google let abusers stalk victims
- Notifications are stressing us out. How did we get here ?
- One boy’s dream vacation to see construction equipment
- How nine people built an illegal $5 million Airbnb empire
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones .
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter