Intel's popular Thunderbolt port has a flaw that could allow a hacker with hands-on access to bypass a victim computer's lock screen and steal all of its data. It affects devices sold before 2019, and more importantly only really impacts people who might be targeted by sophisticated nation state hackers. Which is not most people.
In the UK especially, false 5G conspiracy theories have led to a surge of attacks against telecom workers and others. In the US, online voting has seen a wellspring of support even though security experts still say it's not safe . And we talked you through how to control who sees what posts of yours on social media.
And there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.Law Firm Ransomware Hackers Threaten to Leak Trump InfoLast week, ransomware hackers struck a law firm that has an extensive celebrity clientele list. The group known as REvil locked up the files Grubman Shire Meiselas & Sacks, claimed to have stolen 756 gigabytes of data, and demanded a $21 million ransom to restore order. The hackers further threatened to leak the files they had stolen if the firm refused to pay. Which it has. That brings us to this week, when REvil not only doubled the ransom to $42 million, but leaked what it says are 2.4 GB worth of Lady Gaga's legal documents. Take this next part comes with a grain of salt, or even a boulder: The hackers also said they had "dirty laundry" on Donald Trump, that they would release in a week if they weren't paid. Trump has apparently never been a GSMS client, though, making it entirely possible or even likely that REvil is bluffing. Given that GSMS has steadfastly refused to pay up, we should know for sure in a few days either way.
Senate Votes to Renew Warrantless Online SurveillanceIn a 59-37 vote, the Senate this week failed to pass an amendment that would have required law enforcement to get a warrant before surveilling online browsing and search data. It needed 60 to pass. It's not quite a done deal yet; the chamber did approve another amendment that would improve oversight of the Foreign Intelligence Surveillance Court, meaning the whole bill has to go back to the House of Representatives and then to Donald Trump to sign before it becomes law. It's a disappoint shortfall, though, especially given that some senators that could have made the difference—including Vermont's Bernie Sanders—didn't show up for the vote.
Security News this Week: Palantir Manual Shows How Law Enforcement Tracks Families. If you happened to buy the Blue Smart hair straightener from Glamorizer—perhaps not even realizing it had Bluetooth capability, because why would it?—then TechCrunch is sorry to report but hackers could totally seize your device, and well, change the temperature of the hot iron remotely, if they wanted to.
Ransomware Hits the Texas Court SystemTexas officials this week revealed that the state's court system had been attacked by ransomware. The state's Office of Court Administration said in a statement that it had disabled the affected branch network to avoid further spread. Cloud-based services like document filing and review weren't impacted, and the state says it has no interest in paying the ransom.A Vulnerability Vendor Has So Many iOS Exploits It's Not Buying AnymoreZerodium is the most influential zero-day broker out there. This week, the company said it would stop accepting several classes of iOS vulnerabilities for the next two to three months, citing a glut in the market. There's not a lot of visibility into what precisely that means for obvious reasons, but it seems in line with a series of recent high-profile security issues that have plagued Apple devices. Please note, though: iOS is still plenty secure for almost every user.
The good news is that the so-called Simjacker attack revealed this week by AdaptiveMobile Security doesn't appear to affect the major US carriers.The Treasury Department this week leveled sanctions against three North Korean hacking groups, including the Lazarus Group, a team thought responsible for the 2014 hack of Sony Pictures and other major targets.
- The confessions of Marcus Hutchins, the hacker who saved the internet
- Who invented the wheel? And how did they do it ?
- 27 days in Tokyo Bay: What happened on the Diamond Princess
- Why farmers are dumping milk, even as people go hungry
- Tips and tools for cutting your hair at home
- 👁 AI uncovers a potential Covid-19 treatment . Plus: Get the latest AI news
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones