SIMILAR ARTICLES:

Security News This Week: Telegram Says China Is Behind DDoS

FBI Takes Down Site With 12 Billion Stolen Records

Myspace Employees Used to Spy on Users

Trump's North Korea Summit Inspires Spearphishing

Google Play Store’s Malware Problem, and More Security News This Week

Security News This Week: A Teen Waltzed Into Mar-a-Lago

The 'Robo Revenge' App Makes It Easy to Sue Robocallers

Spies Say Covid-19 Isn't Manmade

Security News This Week: The US Tracked Journalists Reporting on the Migrant Caravan

Security News This Week: Julian Assange Faces Extradition to the US

WannaCry Hero Marcus Hutchins Won't Go to Jail for Old Hacking Crimes

Encryption-Busting EARN IT Act Advances in Senate

'Simjacker' Attack Can Track Phones Just by Sending a Text

Google Calls Out Safari for Privacy Flaws

Election Systems Are Even More Vulnerable Than We Thought

The NSA's Tips to Keep Your Phone From Tracking You

As 5G Rolls Out, Troubling New Security Flaws Emerge

Twitter Now Has Better Two-Factor Authentication, So Use It

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

Last weekend, during and in the aftermath of a contentious presidential election, the country of Belarus effectively shut off access to most of the internet for its 9.5 million citizens. It's a tactic that has become increasingly popular among authoritarian regimes, whether it's a total blackout like Belarus' or more targeted censorship of specific apps like Telegram and WhatsApp. The outage lasted around three days, although some sites remain blocked.Elsewhere, we took a look at an Alexa bug that could have let a hacker access your entire voice history. It's patched now, but it's a good reminder to be careful what you say around your voice assistant. Covid-19 scams are so abundant that even ISIS allegedly got in on the grift with a site called FaceMaskCenter.com. And flaws in Qualcomm's ubiquitous Snapdragon chips put over a billion Android devices at risk . A fix has been issued, but those can take some time to trickle down to individual users.

READ ALSO:

Sneaky Mac Malware Is Posing as Flash Downloads

Speaking of flaws, mistakes in open-source libraries could have exposed cryptocurrency exchanges to denial-of-service attacks or worse. A British AI tool intended to predict violent crime turned out not to work as advertised. And we looked at the increasingly sophisticated methods ATM hackers have used for "jackpotting," which is when they make the money machine go brrrrr.We continued our Dark Patterns series with a dive into how Facebook and other social media sites capture your attention—and erode your privacy. And in the magazine we detailed the FBI's heart-pounding hunt for Cesar Sayoc, known as the "MAGA bomber."

READ ALSO:

Cops Take Over a Botnet to Clear Malware Off Nearly a Million PCs

But with tensions between the US and China continuing to escalate , The Wall Street Journal reported this week that the effort might not survive a national security review.

And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The NSA and FBI Expose a Sneaky Russian Hacking ToolThe National Security Agency is not known for being especially chatty. But it has made some useful public overtures of late; last week it offered tips to limit location tracking on your smartphone , and this week it followed up by going public with sneaky new Russian malware it discovered alongside the FBI. The announcement links the so-called Drovorub malware to Fancy Bear , the elite hacking group behind the hack of the Democratic National Committee in 2016 and more. Russia allegedly used Drovorub to plant backdoors; the versatile malware consisted of an implant, kernel module rootkit, file transfer and port forwarding tool, and command and control server. By shining a light on the malware, the US agencies hope to better enable potential targets to defend themselves.

READ ALSO:

Zoom Security Gets a Boost With Keybase Acquisition

The good news is that a relatively very small number of people could actually have been identified by data, and CAM4 says no malicious hackers found it.Other bad news: A Facebook bug caused popular iOS apps like Spotify and TikTok to crash repeatedly for a couple of hours this week.

TikTok Dodged Google's Rules to Track Android UsersThe Wall Street Journal this week reported that TikTok used a banned method to track users for advertising purposes until last November. TikTok collected so-called MAC addresses using a security loophole that let it circumvent measures Android has in place to prevent that behavior. A MAC address is significant because it can be used to track a user even if they uninstall an app and reinstall it later. Perhaps more significant, though, is a line is the Journal report that TikTok sent those MAC addresses and other data back to ByteDance, the app's Chinese parent company. TikTok has repeatedly insisted that it does not, has not, and will not share user data with ByteDance. President Donald Trump has ordered ByteDance to sell TikTok by September 15 , or the administration will take steps to shut down the app in the US.

READ ALSO:

Cellebrite Now Says It Can Unlock Any iPhone for Cops

Cellebrite, too, has likely possessed the ability to unlock iOS 12.3 devices prior to this announcement, says Dan Guido, the founder of the New York-based security firm Trail of Bits and a longtime iOS-focused security researcher.

The ReVoLTE Attack Requires Just $7,000 of Equipment to Eavesdrop on CallsIn the era of 4G, many mobile phone conversations happen over Voice over LTE. Not only does VoLTE offer more bandwidth than the 3G calls of yesteryear, it also has a built-in layer of encryption that protects your calls from snoops. A team of researchers, though, has figured out how to undermine that security, using radio equipment that costs about $7,000 to grab that encrypted data as it heads to a cell tower and unscramble it. The attack has some important limitations, but it's a good reminder that modern telephony still has more than its share of security holes—and 5G isn't looking that much better .

READ ALSO:

Clearview AI's Massive Client List Got Hacked

A declassified study by the intelligent community’s Privacy and Civil Liberties Oversight Board shared with Congress this week revealed that the metadata program cost $100 million, and only on two occasions produced information that the FBI didn’t already possess.

Crooks Use 'Russian SIMs' to Outfox Law EnforcementMotherboard this week took a deep dive down the rabbit hole of Russian SIMs, also known as white SIMs, that let criminals spoof phone numbers at will, or in some cases allow for real-time voice manipulation. While not illegal in and of themselves, the SIMs are a boon to phishing scams and other social engineering attacks.
  • San Francisco was uniquely prepared for Covid-19
  • How courthouse break-ins landed two white hat hackers in jail
  • Tips to make your video calls look and sound better
  • How to spot—and avoid—dark patterns on the web
  • The fantasy and the cyberpunk futurism of Singapore
  • 🎙️ Listen to Get WIRED , our new podcast about how the future is realized. Catch the latest episodes and subscribe to the 📩 newsletter to keep up with all our shows
  • ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers

READ ALSO:

The FBI Backs Down Against Apple—Again

After claiming for months that Apple alone could unlock the two iPhones of Pensacola, Florida shooter Mohammed Saeed Alshamrani, the agency announced today that it had managed to do so without Cupertino’s help—and without undermining the encryption that protects over 1 billion iOS devices worldwide.

The article source: www.wired.com
Tags: security, malware, week, voice, bytedance, mac, tool, belarus, access, team,