100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the internet.

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

The specifics of how Travnichek allegedly obtained access to Post Rock Rural Water District’s network after he left the utility remain unclear; the indictment says only that he “logged in remotely.” He’d had a remote login when he worked there, court documents say, for after-hours monitoring.

The Dire Possibility of Cyberattacks on Weapons Systems

The Dire Possibility of Cyberattacks on Weapons Systems

Technical details of the report are not available to the public, but what we can see allows us to reasonably conclude that serious cybersecurity vulnerabilities exist in weapons systems, including those that would let the potential adversary take control over a system.

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

Hafnium has now exploited zero-day vulnerabilities in Microsoft's Exchange servers' Outlook Web Access to indiscriminately compromise no fewer than tens of thousands of email servers, according to sources with knowledge of the investigation into the hacking campaign who spoke to WIRED.

Utah's ‘Porn Filter’ Law Passes the State Legislature

Utah's ‘Porn Filter’ Law Passes the State Legislature

This week, Microsoft and security firm FireEye both shared new details about malware strains the Russia-linked group used to get such devastating access to so many targets.

The FTC Cracks Down on Bot-Wielding Ticket Scalpers

The FTC Cracks Down on Bot-Wielding Ticket Scalpers

A new site called Faces of the Riot has run that trove through some machine-learning and facial-recognition software to publish thousands of images of people who were at the Capitol Hill protests —and riots—on January 6.

Watch Highlights From WIRED's CES Conversations

Watch Highlights From WIRED's CES Conversations

Moderna’s Melissa Moore explained why we should be excited about the dawn of mRNA vaccines; the former director of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, talked about the cybersecurity issues that pose the biggest threat to our democracy; and Slack's Stewart Butterfield and Salesforce's Bret Taylor told us about how digital-first workplaces will become the norm even when we can return to the office.

The SolarWinds Investigation Ramps Up

The SolarWinds Investigation Ramps Up

Now, after a federal career that many credited with helping to secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the last year: the Russian hacker intrusion into SolarWinds , a Texas-based company whose software was hijacked and used to penetrate the networks of at least half a dozen federal agencies.

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

Some of the remediation will involve steps that congressional security already performs as a matter of course, like extensively reviewing security camera footage from the House and Senate floor, in hallways, and other spaces to see what intruders did, including what interactions they may have had with electronics.

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave

The US government alert lays out recommendations and best practices for how hospitals can protect themselves, and private firms like Mandiant have been sharing "indicators of comprise" as well, so health care facilities can monitor their systems extra closely and try to head off potential attacks.

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

The indictment also lays out new details of Sandworm's targeting of the nation of Georgia in 2019, which included an attempt to compromise the Georgian parliament in addition to a previously known campaign of web defacements across the country's internet, affecting 15,000 sites .Perhaps most significantly, the criminal charges mark the first global law enforcement response targeting Sandworm's hackers for their release of the NotPetya malware that ravaged networks across the world .

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them.

Encryption-Busting EARN IT Act Advances in Senate

Encryption-Busting EARN IT Act Advances in Senate

The law enforcement operation lasted more than three months and was made possible through police access to a secure communications platform called EncroChat, which offered encrypted messaging, disappearing messages, and an emergency data wiping feature.

The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots

The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots

Now a new report from the Government Accountability Office is highlighting systemic shortcomings in the Pentagon's efforts to prioritize cybersecurity at every level and making seven recommendations for shoring up DoD's digital defenses.

India's Data Protection Bill Threatens Global Cybersecurity

India's Data Protection Bill Threatens Global Cybersecurity

It is in the clear interest of policymakers, organizations, and the public to receive feedback from security researchers directly, instead of risking the information reaching other potentially malicious parties.

FBI Takes Down Site With 12 Billion Stolen Records

FBI Takes Down Site With 12 Billion Stolen Records

But the country's high court decided in December that blocking access violated its citizens' rights, and this week it was finally restored.This week Mick Baccio left his post over "differences with campaign leadership over how to manage information security," according to a report in the Wall Street Journal.

Meet the Mad Scientist Who Wrote the Book on How to Hunt Hackers

Meet the Mad Scientist Who Wrote the Book on How to Hunt Hackers

And for a smaller core of cybersecurity practitioners within that massive readership, it’s become a kind of legend: the ur-narrative of a lone hacker hunter, a text that has inspired an entire generation of network defenders chasing their own anomalies through a vastly larger, infinitely more malicious internet.

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Like, say, the revelation that you can hack Alexa, Google Assistant, and Siri with lasers .Take the two former Twitter employees who allegedly used their insider access to spy on behalf of Saudi Arabia —a stark reminder of how ill prepared even the biggest companies are to protect consumer data from the people who work there.

Come Hang Out With WIRED at Our 2-Day Festival

Come Hang Out With WIRED at Our 2-Day Festival

You see, there are only a few working days left before WIRED25, our two-day live event that, in many ways, brings to life the November issue of WIRED, titled Have a Nice Future: Stories of 25 People Racing to Save Us .A few months back, as we began planning the November issue, we started to feel that national malaise, the distress that surrounded the environment, health, cybersecurity, politics.

Rudy Giuliani Butt-Dialed a Reporter (Twice!)

Rudy Giuliani Butt-Dialed a Reporter (Twice!)

Because it relates the tale of how Rudy Giuliani—lawyer to an embattled president, unlikely proprietor of a cybersecurity firm—managed to butt-dial NBC News reporter Rich Shapiro not once, but twice in the last several weeks.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

Apple Contractors Will Stop Listening to Your Siri Recordings—For Now

Apple Contractors Will Stop Listening to Your Siri Recordings—For Now

Security News This Week: Apple Contractors Will Stop Listening to Your Siri Recordings—For Now. Justin Sullivan. After a report in The Guardian detailed Apple's use of contractors to "grade" the recordings of Siri users, the company has said it will suspend the program.

$700 Million Equifax Fine Is Still Too Little, Too Late

$700 Million Equifax Fine Is Still Too Little, Too Late

The state and federal groups that investigated Equifax touted the payout as an important wake-up call for all US corporations—especially since Equifax will also be required to make hundreds of millions of dollars of additional internal cybersecurity improvements on top of the fines.

China Distributes Spyware at Its Border and Beyond

China Distributes Spyware at Its Border and Beyond

Though they are developed by well-known companies and the location sharing is advertised for accepted uses, these apps also have the potential to be exploited by attackers who have access to victim devices.

Under Trump, the Fight Against Cybercrime Has Waned

Under Trump, the Fight Against Cybercrime Has Waned

Though the White House has not opposed specific legislation coming out of Congress—the president has signed all the cybersecurity bills sent to his desk—it also has not demonstrated an overarching strategy necessary to combat this pressing issue.

A Push to Protect Political Campaigns from Hackers Hits a Snag

A Push to Protect Political Campaigns from Hackers Hits a Snag

Now, the United States Federal Election Commission may apply the same laws to block a cybersecurity firm from offering free or low-cost defense services to campaigns, at a time when those protections are badly needed .During the 2016 US presidential election, Russian hackers not only threatened election networks and voting systems, but wreaked havoc by targeting campaigns and political parties, particularly the Democratic National Committee, and leaking troves of sensitive data.

Trump’s Homeland Security Purge Worries Cybersecurity Experts

Trump’s Homeland Security Purge Worries Cybersecurity Experts

“DHS’s voice is vital around the Situation Room table,” says Edelman “Looking ahead, as we consider issues like national security controls over AI, or limits to foreign investment, DHS is going to be more crucial than ever—and their absence of leadership could lead to some very skewed outcomes.”.

How An Entire Nation Became Russia's Test Lab for Cyberwar

How An Entire Nation Became Russia's Test Lab for Cyberwar

From that foothold, it appeared, the hackers had spread through the power companies’ networks and eventually compromised a VPN the companies had used for remote access to their network—including the highly specialized industrial control software that gives operators remote command over equipment like circuit breakers.

Turn On Auto-Updates Everywhere You Can

Turn On Auto-Updates Everywhere You Can

Turn On Auto-Updates Everywhere You Can Alyssa Foote This week, Google announced that it had patched a wicked vulnerability in Chrome, by far the most popular browser in the world.