What Is Zero Trust? It Depends What You Want to Hear

What Is Zero Trust? It Depends What You Want to Hear

Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other.Once an attacker slipped by those perimeter defenses, remotely or by physically infiltrating an organization, the network would instantly grant them a lot of trust and freedom.

The Biggest DDoS Attack in History Hit Russian Tech Giant Yandex

The Biggest DDoS Attack in History Hit Russian Tech Giant Yandex

The Russian tech giant Yandex said this week that in August and September it was hit with the internet's largest-ever recorded distributed denial-of-service or DDoS attack.

The Case for Video Game Tutorials

The Case for Video Game Tutorials

We start every game like a newborn giraffe struggling to stand; a well-designed tutorial mitigates the time wasted on unproductive stumbles.“The real story of a game is teaching how to play it,” says Désilets.

6 Things You Need to Do to Prevent Getting Hacked

6 Things You Need to Do to Prevent Getting Hacked

Even if you do have a password that’s easy to guess (we’ll get to that shortly), an attacker is unlikely to get access to an account with multi-factor authentication turned on unless they have your phone.

California Man Stole 620,000 iCloud Photos in Search of Nudes

California Man Stole 620,000 iCloud Photos in Search of Nudes

Razer said it's going to vix the vulnerability, but it speaks to broader concerns around similar software that relies on the Windows "plug-and-play" set-up.📩 The latest on tech, science, and more: Get our newsletters !When the next animal plague hits, can this lab stop it.

The Stealthy iPhone Hacks That Apple Still Can't Stop

The Stealthy iPhone Hacks That Apple Still Can't Stop

Apple hasn't issued a fix for this particular vulnerability and corresponding attack, dubbed “Megalodon” by Amnesty International and “ForcedEntry” by Citizen Lab. An Apple spokesperson told WIRED that it intends to harden iMessage security beyond BlastDoor, and that new defenses are coming with iOS 15, which will likely come out next month.

A Far-Right Extremist Allegedly Plotted to Blow Up Amazon Data Centers

A Far-Right Extremist Allegedly Plotted to Blow Up Amazon Data Centers

But he would “happily die a young man knowing that I didn’t allow the evils in this world to continue unjustly treating my fellow Americans so disrespectfully.” Over the following months, prosecutors say, that man, whose real name was Seth Pendley, focused his anger at Amazon, concocting a plot to destroy an Amazon Web Services data center in northern Virginia with C-4 plastic explosives.

The Accellion Breach Keeps Getting Worse—and More Expensive

The Accellion Breach Keeps Getting Worse—and More Expensive

Since then, dozens of companies and government organizations worldwide have acknowledged that they were breached as a result of the flaws—and many face extortion, as the ransomware group Clop has threatened to make the data public if they don't pay up.

A Windows Defender Vulnerability Lurked Undetected for 12 Years

A Windows Defender Vulnerability Lurked Undetected for 12 Years

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender—renamed Microsoft Defender last year—uses to delete the invasive files and infrastructure that malware can create.

'Cyberpunk 2077' Maker Was Hit With Ransomware—and Won't Pay Up

'Cyberpunk 2077' Maker Was Hit With Ransomware—and Won't Pay Up

The attackers encrypted some computers and stole data, but CD Projekt Red said it would not pay the ransom and that it was restoring its systems from backups.The incident comes as CD Projekt Red faces months of sustained criticism for its bug-ridden, overhyped Cyberpunk 2077 release.

Government Demands for Amazon Data Shot Up 800 Percent in 2020

Government Demands for Amazon Data Shot Up 800 Percent in 2020

This week, Twitter, Instagram, and TikTok took part in a coordinated action to reclaim hundreds of accounts that had been used to facilitate trading of those ill-gotten handles within the so-called OGUsers community.Google says that it patched a so-called zero-day bug that hackers had been actively exploiting.

The SolarWinds Hackers Used Tactics Other Groups Will Copy

The SolarWinds Hackers Used Tactics Other Groups Will Copy

Once an attacker has the network privileges to manipulate this authentication scheme, they can generate legitimate tokens to access any of the organization's Microsoft 365 and Azure accounts, no passwords or multifactor authentication required.

Ransomware Is Headed Down a Dire Path

Ransomware Is Headed Down a Dire Path

At the end of September, an emergency room technician in the United States gave WIRED a real-time account of what it was like inside their hospital as a ransomware attack raged .

The Worst Hacks of 2020, a Surreal Pandemic Year

The Worst Hacks of 2020, a Surreal Pandemic Year

Such digital extortion attempts have been around for decades, but the Vastaamo situation was particularly egregious, because the stolen data, which went back roughly two years, included psychotherapy notes and other sensitive information about patients' mental health treatment.

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.

Russia's SolarWinds Hack Is a Historic Mess

Russia's SolarWinds Hack Is a Historic Mess

But because the SolarWinds hack was what's known as a "supply chain" attack, in which Russia compromised a trusted tool rather than using known malware to break in, Einstein failed spectacularly.

Russia’s Hacking Frenzy Is a Reckoning

Russia’s Hacking Frenzy Is a Reckoning

This week, several major United States government agencies—including the Departments of Homeland Security, Commerce, Treasury, and State—discovered that their digital systems had been breached by Russian hackers in a months-long espionage operation .

The Christchurch Shooter and YouTube’s Radicalization Trap

The Christchurch Shooter and YouTube’s Radicalization Trap

According to the report, released last night, the terrorist regularly watched extremist content online and donated to organizations like the Daily Stormer, a white supremacist site, and Stefan Molyneux’s far-right Freedomain Radio.

The US Used the Patriot Act to Justify Logging Website Visitors

The US Used the Patriot Act to Justify Logging Website Visitors

This week, three years later, Twitter finally took the step—a welcome change, if a belated one, given that attackers are more attuned than ever to the potential value of taking over a high-profile Twitter account .Hacker Defaces Spotify Pages of Celebrity MusiciansA hacker going by the name "Daniel" took control of prominent Spotify pages on Wednesday from artists like Dua Lipa, Lana Del Rey, Future, and Pop Smoke.

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

The genius of the attack, though, is that the bug was exploitable through an iPhone's Wi-Fi features, meaning that an attacker just needed some antennas and adapters to launch the assault whenever they chose, compromising any nearby iOS device.

A Facebook Messenger Flaw Could Have Let Hackers Listen In

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Discovered by Natalie Silvanovich of Google's Project Zero bug hunting team , the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack.

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

The indictment also lays out new details of Sandworm's targeting of the nation of Georgia in 2019, which included an attempt to compromise the Georgian parliament in addition to a previously known campaign of web defacements across the country's internet, affecting 15,000 sites .Perhaps most significantly, the criminal charges mark the first global law enforcement response targeting Sandworm's hackers for their release of the NotPetya malware that ravaged networks across the world .

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

And we took a closer look at the election threats that US intelligence officials are actually worried about .Hackers managed to break into Facebook accounts and steal $4 million dollars that they spent on ads.

A Ransomware Attack Has Struck a Major US Hospital Chain

A Ransomware Attack Has Struck a Major US Hospital Chain

The company's statement did confirm that the "IT network across Universal Health Services facilities is currently offline, due to an IT security issue," and that patient and employee data appear not to have been compromised in the attack.

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hartford invested roughly $500,000 last year to improve its cybersecurity defenses, and officials said that while this did not stop the attack, it did help the city recover quickly.📩 Want the latest on tech, science, and more?

A Critical Flaw Is Affecting Thousands of WordPress Sites

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.

A Tesla Employee Thwarted an Alleged Ransomware Plot

A Tesla Employee Thwarted an Alleged Ransomware Plot

The next day, Kriuchkov took his Tesla contact to a Reno bar and made the offer: Half a million dollars in cash or bitcoin to install malware on Tesla's network, using either a USB drive or by opening an email's malicious attachment.

An Alexa Bug Could Have Exposed Your Voice History to Hackers

An Alexa Bug Could Have Exposed Your Voice History to Hackers

Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses.

Hackers Could Use IoT Botnets to Manipulate Energy Markets

Hackers Could Use IoT Botnets to Manipulate Energy Markets

At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnets—made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.