The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

On Monday morning Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers, known by security industry names including UNC2452 and Dark Halo, and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake.

The SolarWinds Investigation Ramps Up

The SolarWinds Investigation Ramps Up

Now, after a federal career that many credited with helping to secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the last year: the Russian hacker intrusion into SolarWinds , a Texas-based company whose software was hijacked and used to penetrate the networks of at least half a dozen federal agencies.

Ransomware Is Headed Down a Dire Path

Ransomware Is Headed Down a Dire Path

At the end of September, an emergency room technician in the United States gave WIRED a real-time account of what it was like inside their hospital as a ransomware attack raged .

Russia’s Hacking Frenzy Is a Reckoning

Russia’s Hacking Frenzy Is a Reckoning

This week, several major United States government agencies—including the Departments of Homeland Security, Commerce, Treasury, and State—discovered that their digital systems had been breached by Russian hackers in a months-long espionage operation .

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

But one security researcher has shown how vulnerabilities in the Tesla Model X's keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes.

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave

The US government alert lays out recommendations and best practices for how hospitals can protect themselves, and private firms like Mandiant have been sharing "indicators of comprise" as well, so health care facilities can monitor their systems extra closely and try to head off potential attacks.

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

The malware the Kaspersky researchers discovered uses its UEFI foothold to plant a second, more traditional piece of spyware on the computer's hard drive, a unique piece of code Kaspersky has called MosaicRegressor.

When Coffee Machines Demand Ransom, You Know IoT Is Screwed

When Coffee Machines Demand Ransom, You Know IoT Is Screwed

The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices.

The Attack That Broke Twitter Is Hitting Dozens of Companies

The Attack That Broke Twitter Is Hitting Dozens of Companies

Branching Out. As in the Twitter hack, the perpetrators don't appear to be state-sponsored hackers or foreign cybercrime organizations, but young, English-speaking hackers organizing on forums like the website and the chat service Discord, says Zack Allen, the director of threat intelligence at security firm ZeroFox, who has also worked with the industry group tracking the incidents.

ISIS Allegedly Ran a Covid-19 PPE Scam Site

ISIS Allegedly Ran a Covid-19 PPE Scam Site

In a series of civil and criminal complaints and forfeiture notices released today, the Justice Department has revealed that it seized hundreds of bitcoin and ethereum accounts, millions of dollars, and four websites from known Islamic extremist groups that were using those accounts and funds to support terrorist operations.

An Ethics Guide for Tech Gets Rewritten With Workers in Mind

An Ethics Guide for Tech Gets Rewritten With Workers in Mind

Now, the Omidyar Network has a new tool kit, designed to get tech workers talking about the way their products shape society, democracy, and more.Some companies in Silicon Valley have even created internal corporate positions to focus on those issues, like Salesforce’s Office of Ethical and Humane Use.

New Mac Ransomware Is Even More Sinister Than It Appears

New Mac Ransomware Is Even More Sinister Than It Appears

In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.

Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump

Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump

We'll get to the rest of this week's security news in just a second, but before all that you need to carve out a little chunk of your day to read WIRED senior writer Andy Greenberg's profile of Marcus Hutchins , the hacker who stopped the berserking WannaCry ransomware three years ago.

Solar Panels Could Be the Best Fad Ever

Solar Panels Could Be the Best Fad Ever

I was nursing a beer at his winter holiday party as he told me about the solar panels on his Brooklyn brownstone roof.It was a neighbor from around the corner who'd seen my solar array and, like me before him, was intrigued.

Harvey Weinstein Reportedly Tests Positive for Coronavirus

Harvey Weinstein Reportedly Tests Positive for Coronavirus

Per a report in the Niagara Gazette, the one-time mogul is currently isolated at Wende Correctional Facility in western New York state, where he’s serving a 23-year sentence after being convicted earlier this month of one count of rape and one count of a criminal sex act.In other coronavirus-related news, pop mogul Rihanna’s charitable organization is donating $5 million to Covid-19 relief.

Amazon Warehouses Will Now Accept Essential Supplies Only

Amazon Warehouses Will Now Accept Essential Supplies Only

Amazon customers can expect greater availability of things like soap and dog food, and potential shipping delays when it comes to less pressing items like clothing and electronics.“We are seeing increased online shopping, and as a result some products such as household staples and medical supplies are out of stock,” reads an announcement on Amazon’s official forum for sellers.

Elite Hackers Are Using Coronavirus Emails to Set Traps

Elite Hackers Are Using Coronavirus Emails to Set Traps

This week, the Chinese firm QiAnXin spotted Russian hackers—possibly affiliated with the groups Sandworm and Fancy Bear —sending phishing emails laced with malicious document attachments to Ukrainian targets.Meanwhile, the Vietnamese security firm VinCSS detected a high volume of novel coronavirus-related phishing emails over the last two weeks attributed to government hackers.

These Sleek Lamps Illuminate the Promise of 3D Printing

These Sleek Lamps Illuminate the Promise of 3D Printing

Yang is the founder and CEO of Gantri, a San Francisco company that designs, fabricates, and sells 3D-printed lamps.The Signal desk light is one of the new lamps in Gantri's collection that was designed by the SF firm Ammunition, which is famous for some of Silicon Valley's most iconic designs.

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft already offers Windows Secure Boot, a feature that checks for cryptographic signatures to confirm software integrity.Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way.

New Uber Rules, Bomber-Inspired Jet Design, and More News

New Uber Rules, Bomber-Inspired Jet Design, and More News

Uber has a response to a new California law that forces the company to treat drivers like employees: "Well fine, maybe we just won't pick you up ."Uber is now allowing drivers in California to see how much a ride would pay and where it would go before they accept it.

YouTube Gaming's Most-Watched Videos Are Dominated by Scams and Cheats

YouTube Gaming's Most-Watched Videos Are Dominated by Scams and Cheats

A chat box alongside the video displays frustrated messages: “I still haven’t got the money,” or “I did all the steps.” The stream, which often sits atop YouTube Gaming’s directory, remained live last weekend for over 21 hours, during which it was viewed over 1.1 million times.

Mysterious New Ransomware Targets Industrial Control Systems

Mysterious New Ransomware Targets Industrial Control Systems

Over the last month, researchers at security firms including Sentinel One and Dragos have puzzled over a piece of code called Snake or EKANS, which they now believe is specifically designed to target industrial control systems, the software and hardware used in everything from oil refineries to power grids to manufacturing facilities.

If Russia Hacked Burisma, Brace for the Leaks to Follow

If Russia Hacked Burisma, Brace for the Leaks to Follow

All of that makes Burisma an almost inevitable target for another hack-and-leak operation of the sort that Russia carried out against the Democratic National Committee and the Clinton campaign in 2016—once again with the goal of influencing a US election .Now the first evidence has surfaced, in a report from security firm Area 1, that the very same team of Russian hackers who hit those targets may in fact have hacked Burisma.

How to Secure Your Wi-Fi Router and Protect Your Home Network

How to Secure Your Wi-Fi Router and Protect Your Home Network

If you're not sure how to find these settings, check the documentation that came with the router, or run a quick web search using your router's make and model.You should be using WPA2 security to guard access to your router, which essentially requires every new device to submit a password to connect.

5G Is More Secure Than 4G and 3G—Except When It’s Not

5G Is More Secure Than 4G and 3G—Except When It’s Not

With the faster connection speeds will come increased security and privacy protections for users, as the wireless industry attempts to improve on the defenses of 3G and 4G.

Google Is Basically Daring the US to Block Its Fitbit Deal

Google Is Basically Daring the US to Block Its Fitbit Deal

Bringing user data concerns into antitrust, as Delrahim suggested, would require asking a similar question: Will the reduction in competition lead to consumers having to accept inferior privacy protections?.

A Brief History of Russian Hackers' Evolving False Flags

A Brief History of Russian Hackers' Evolving False Flags

Cyber Berkut was later revealed to be a front for the Russian military intelligence hacker group known as APT28 or Fancy Bear .Over the following years, the GRU would repeat those false flag "hacktivist" attacks again and again.

A DoorDash Breach Exposes Data of 4.9 Million Customers

A DoorDash Breach Exposes Data of 4.9 Million Customers

DoorDash, a takeout delivery company, confirmed a data breach on Thursday almost five months after it occurred on May 4, and a year after some users started complaining that their accounts had been inexplicably compromised.

How Trump’s Ukraine Mess Entangled CrowdStrike

How Trump’s Ukraine Mess Entangled CrowdStrike

Like other prominent companies of its kind, CrowdStrike conducts digital forensic investigations, and defends its clients in part by removing a hacker's access to compromised accounts and devices.But when CrowdStrike or another firm investigates an incident, they typically don't physically remove a client's devices.

London Is Changing Its Skyscraper Designs—to Favor Cyclists

London Is Changing Its Skyscraper Designs—to Favor Cyclists

Ozkan’s team also created a new category called “frequent sitting,” with outdoor cafés and restaurants in mind, where wind shouldn’t exceed 5.6 mph.