A Report Blames ‘CIA Failures’ for the Agency's Worst Hack

A Report Blames ‘CIA Failures’ for the Agency's Worst Hack

"The lax cybersecurity practices documented in the CIA's WikiLeaks Task Force report do not appear to be limited to just one part of the intelligence community," Wyden wrote.

Android 11 Will Help You Rein In Zombie App Permissions

Android 11 Will Help You Rein In Zombie App Permissions

And the release of Android 11 is particularly focused on expanding privacy improvements to give you more control over what your apps can access and giving more ways to distribute software updates across Android's fragmented and disjointed device population.

Zoom's End-to-End Encryption Will Be for Paying Customers Only

Zoom's End-to-End Encryption Will Be for Paying Customers Only

"Free users for sure we don’t want to give that," Zoom CEO Eric Yuan said in a company earnings call on Tuesday referring to end-to-end encryption, "because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose.".

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm , a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world.

Google Chrome Is Getting a Bunch of New Privacy Features

Google Chrome Is Getting a Bunch of New Privacy Features

"Chrome checks the URL of each site you visit or file you download against a local list, which is updated approximately every 30 minutes," Google explains in a blog post about the new setting.

Cryptocurrency Hardware Wallets Can Get Hacked Too

Cryptocurrency Hardware Wallets Can Get Hacked Too

Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February.The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target's PIN in the field.

Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump

Hackers Claim to Have ‘Dirty Laundry’ About Donald Trump

We'll get to the rest of this week's security news in just a second, but before all that you need to carve out a little chunk of your day to read WIRED senior writer Andy Greenberg's profile of Marcus Hutchins , the hacker who stopped the berserking WannaCry ransomware three years ago.

The US Says Chinese Hackers Went Too Far During the Covid-19 Crisis

The US Says Chinese Hackers Went Too Far During the Covid-19 Crisis

"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with Covid-19-related research," the joint announcement says.

Zoom Security Gets a Boost With Keybase Acquisition

Zoom Security Gets a Boost With Keybase Acquisition

The good news is that a relatively very small number of people could actually have been identified by data, and CAM4 says no malicious hackers found it.Other bad news: A Facebook bug caused popular iOS apps like Spotify and TikTok to crash repeatedly for a couple of hours this week.

The Covid-19 Pandemic Reveals Ransomware's Long Game

The Covid-19 Pandemic Reveals Ransomware's Long Game

New research from Microsoft shows that ransomware attackers are actively making that crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime.The Microsoft researchers often observed attackers getting their initial network access by exploiting unpatched vulnerabilities in victims' web infrastructure.

Fusion Energy Gets Ready to Shine—Finally

Fusion Energy Gets Ready to Shine—Finally

Since the isotopes creating the fusion energy will be 10 times hotter than the sun, two layers of magnetic coils ringing the machine will keep them caged within.

Signal Threatens to Leave the US If EARN IT Act Passes

Signal Threatens to Leave the US If EARN IT Act Passes

The pandemic has fueled debate about contact-tracing apps, but researchers say that it is possible to design encryption schemes for such services in a way that would successfully protect user privacy.

The Internet Avoided a Minor Disaster Last Week

The Internet Avoided a Minor Disaster Last Week

An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost.Let's Encrypt uses software called Boulder to make sure that it's allowed to issue a certificate to a site.

The Python Programming Language Is More Popular Than Ever

The Python Programming Language Is More Popular Than Ever

That milestone is all the more significant given a sometimes rocky transition from the second version of Python, which the language's developers stopped supporting this year, to the third version.

WireGuard Gives Linux a Faster, More Secure VPN

WireGuard Gives Linux a Faster, More Secure VPN

Jonsson expects adding WireGuard to the Linux kernel will make it useful for securing connections between Internet of Things devices, many of which run on Linux.

Clearview AI's Massive Client List Got Hacked

Clearview AI's Massive Client List Got Hacked

A declassified study by the intelligent community’s Privacy and Civil Liberties Oversight Board shared with Congress this week revealed that the metadata program cost $100 million, and only on two occasions produced information that the FBI didn’t already possess.

The Long Path out of the Vulnerability Disclosure Dark Ages

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.

Dangerzone Lets You Open Email Attachments Safely

Dangerzone Lets You Open Email Attachments Safely

Dangerzone also uses the optical character recognition software Tesseract to convert letters and numbers in the PDF back to machine-readable text, letting you copy text from and search the file.

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft already offers Windows Secure Boot, a feature that checks for cryptographic signatures to confirm software integrity.Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way.

A Tiny Piece of Tape Tricked Teslas Into Speeding Up 50 MPH

A Tiny Piece of Tape Tricked Teslas Into Speeding Up 50 MPH

The worse news is that said data has since been discovered in an online hacking forum, as first reported by ZDNet. The haul includes names, addresses, phone numbers, emails, and dates of birth, and celebrities, politicians, and journalists are among those affected.

The 'Robo Revenge' App Makes It Easy to Sue Robocallers

The 'Robo Revenge' App Makes It Easy to Sue Robocallers

The company has put a $50 million infusion towards building out features that make it not just secure, but accessible to normals .A Clever New App Makes Suing Robocallers a CinchThe good people at DoNotPay have previously automated the arduous processes of fighting parking tickets and canceling subscriptions.

Signal Is Finally Bringing Its Secure Messaging to the Masses

Signal Is Finally Bringing Its Secure Messaging to the Masses

Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone.

Dashlane's Super Bowl Ad Proves Password Managers Have Arrived

Dashlane's Super Bowl Ad Proves Password Managers Have Arrived

But among the companies coughing up a reported $5.6 million for 30 seconds of Big Game glory is one name most people have never heard of, selling a product that many don’t know exists: Dashlane, an app that manages your passwords.

The Sneaky Simple Malware That Hits Millions of Macs

The Sneaky Simple Malware That Hits Millions of Macs

But given that over 100 million people use macOS, and it hits at least 10 percent of those with Kaspersky installed, it’s reasonable to assume that millions of Mac users deal with it every year.

FBI Takes Down Site With 12 Billion Stolen Records

FBI Takes Down Site With 12 Billion Stolen Records

But the country's high court decided in December that blocking access violated its citizens' rights, and this week it was finally restored.This week Mick Baccio left his post over "differences with campaign leadership over how to manage information security," according to a report in the Wall Street Journal.

Inside the Feds’ Battle Against Huawei

Inside the Feds’ Battle Against Huawei

Meng is chief financial officer of Huawei , the world’s largest manufacturer of telecommunications equipment and second-­largest maker of smartphones.Meng was on her way to Mexico to secure a new beachhead for the next generation of wireless infrastructure, known as 5G .

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

In fact, Neuberger said that disclosing the code verification bug to Microsoft and the public is part of a new NSA initiative in which the agency will share its vulnerability findings more quickly and more often.

The FBI Wants Apple to Unlock iPhones Again

The FBI Wants Apple to Unlock iPhones Again

On the home front, Amazon swatted at money-saving extension Honey just in time for the holidays, warning users that it was a security risk without specifying how.

Alleged Spy App ToTok Puts Apple in a Bind

Alleged Spy App ToTok Puts Apple in a Bind

Last month, both Google and Apple removed a popular social messaging app called ToTok from their official app stores.This seems to imply that in reviewing ToTok, Google didn't find anything about the app that violates Play Store policies.

How to Secure Your Wi-Fi Router and Protect Your Home Network

How to Secure Your Wi-Fi Router and Protect Your Home Network

If you're not sure how to find these settings, check the documentation that came with the router, or run a quick web search using your router's make and model.You should be using WPA2 security to guard access to your router, which essentially requires every new device to submit a password to connect.