Former US Intelligence Operatives Admit They Hacked for UAE

Former US Intelligence Operatives Admit They Hacked for UAE

India May Have Used US-Company's Tech in Hacking SpreeBased in Austin, Texas, Exodus Intelligence is a so-called zero day broker, a firm that sells information about vulnerabilities in software that the developers don't know about—and therefore can't fix—and the exploits required to compromise them.

You Can Now Ditch the Password on Your Microsoft Account

You Can Now Ditch the Password on Your Microsoft Account

"I remember it was 2017 and we started talking about what if instead of improving multifactor authentication we change course to just eliminate passwords," says Microsoft chief information security officer Bret Arsenault.

It’s a Good Day to Update All Your Devices. Trust Us

It’s a Good Day to Update All Your Devices. Trust Us

But if you haven’t, today is an especially good day to be on top of it, because Apple, Google, and Microsoft have all pushed security fixes in the past two days for vulnerabilities that hackers are actively exploiting.

What Is Zero Trust? It Depends What You Want to Hear

What Is Zero Trust? It Depends What You Want to Hear

Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other.Once an attacker slipped by those perimeter defenses, remotely or by physically infiltrating an organization, the network would instantly grant them a lot of trust and freedom.

The Biggest DDoS Attack in History Hit Russian Tech Giant Yandex

The Biggest DDoS Attack in History Hit Russian Tech Giant Yandex

The Russian tech giant Yandex said this week that in August and September it was hit with the internet's largest-ever recorded distributed denial-of-service or DDoS attack.

WhatsApp Fixes Its Biggest Encryption Loophole

WhatsApp Fixes Its Biggest Encryption Loophole

It’s a complex solution to a longstanding issue, and one that sets a precedent for companies that don’t want to rely quite so extensively on the security of the world’s handful of dominant cloud providers .“We’ve been working on this problem for many years and to build this, we had to develop an entirely new framework for key storage and cloud storage that can be used across the world’s largest operating systems,” says WhatsApp product manager Calvin Pappas.

BrakTooth Flaws Affect Billions of Bluetooth Devices

BrakTooth Flaws Affect Billions of Bluetooth Devices

The latest version, demonstrated this week, comes in new formats like Lightning to USB-C and USB-C to USB-C, has a wider range, and introduces geofencing features.

Apple Backs Down on Its Controversial Photo-Scanning Plans

Apple Backs Down on Its Controversial Photo-Scanning Plans

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material,” the company said in statement Friday.

6 Things You Need to Do to Prevent Getting Hacked

6 Things You Need to Do to Prevent Getting Hacked

Even if you do have a password that’s easy to guess (we’ll get to that shortly), an attacker is unlikely to get access to an account with multi-factor authentication turned on unless they have your phone.

California Man Stole 620,000 iCloud Photos in Search of Nudes

California Man Stole 620,000 iCloud Photos in Search of Nudes

Razer said it's going to vix the vulnerability, but it speaks to broader concerns around similar software that relies on the Windows "plug-and-play" set-up.📩 The latest on tech, science, and more: Get our newsletters !When the next animal plague hits, can this lab stop it.

The Stealthy iPhone Hacks That Apple Still Can't Stop

The Stealthy iPhone Hacks That Apple Still Can't Stop

Apple hasn't issued a fix for this particular vulnerability and corresponding attack, dubbed “Megalodon” by Amnesty International and “ForcedEntry” by Citizen Lab. An Apple spokesperson told WIRED that it intends to harden iMessage security beyond BlastDoor, and that new defenses are coming with iOS 15, which will likely come out next month.

38M Records Were Exposed Online—Including Contact-Tracing Info

38M Records Were Exposed Online—Including Contact-Tracing Info

More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.

100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the internet.

How to Log In to Your Devices Without Passwords

How to Log In to Your Devices Without Passwords

Screenshot: Microsoft via David NieldWindows Hello is the name Microsoft gives you password-free access to your computer: It can include facial recognition via a webcam, fingerprint scanning via a sensor, and the use of a short PIN code.

The Opportunities—and Obstacles—for Women at NSA and Cyber Command

The Opportunities—and Obstacles—for Women at NSA and Cyber Command

Inequalities persist, but three senior-level women at the National Security Agency and Cyber Command offered WIRED rare insights into how those organizations have evolved—and the hard work that remains to be done.

Encryption Has Never Been More Essential—or Threatened

Encryption Has Never Been More Essential—or Threatened

Five years ago today, WhatsApp completed our roll out of end-to-end encryption, which provides people all over the world with the ability to communicate privately and securely.

Cops Take Down the ‘World’s Biggest' Video Game Cheating Ring

Cops Take Down the ‘World’s Biggest' Video Game Cheating Ring

Ubiquiti Appears to Have Downplayed a 'Catastrophic' BreachA whistleblower tells independent security journalist Brian Krebs that a recent breach of networking equipment company Ubiquiti was much worse than initially reported.

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

The specifics of how Travnichek allegedly obtained access to Post Rock Rural Water District’s network after he left the utility remain unclear; the indictment says only that he “logged in remotely.” He’d had a remote login when he worked there, court documents say, for after-hours monitoring.

Homecoming Queen (and Her Mom) Arrested for Alleged Vote Hacking

Homecoming Queen (and Her Mom) Arrested for Alleged Vote Hacking

This week saw new revelations of election interference, both big and small: On one end of the spectrum, an alleged mother-daughter conspiracy to digitally rig a Florida high school's vote for homecoming queen.

How to Write a Living Will

How to Write a Living Will

Their site also has a wealth of resources to help you understand every aspect of estate planning from types of wills, legal jargon, unusual aspects of probate (the legal process where all assets and property are dispelled after a death), and more.

Hackers Accessed Security Cams Inside Tesla and Beyond

Hackers Accessed Security Cams Inside Tesla and Beyond

Microsoft-Owned GitHub Takes Down Exchange Server ExploitSecurity researchers warned this week that a full, public proof-of-concept exploit for recently-patched Microsoft Exchange Server vulnerabilities would further roil a hacking frenzy that had already escalated in recent days.

Netflix's Password-Sharing Crackdown Has a Silver Lining

Netflix's Password-Sharing Crackdown Has a Silver Lining

The practice of throwing a bunch of purloined user names and passwords at various services to see what sticks is known as credential stuffing , and it’s hit the media industry particularly hard in recent years.

The Dire Possibility of Cyberattacks on Weapons Systems

The Dire Possibility of Cyberattacks on Weapons Systems

Technical details of the report are not available to the public, but what we can see allows us to reasonably conclude that serious cybersecurity vulnerabilities exist in weapons systems, including those that would let the potential adversary take control over a system.

Bitcoin’s Greatest Feature Is Also Its Existential Threat

Bitcoin’s Greatest Feature Is Also Its Existential Threat

Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.To be fair, not absolutely everyone who uses a blockchain holds a copy of the entire ledger.

The Accellion Breach Keeps Getting Worse—and More Expensive

The Accellion Breach Keeps Getting Worse—and More Expensive

Since then, dozens of companies and government organizations worldwide have acknowledged that they were breached as a result of the flaws—and many face extortion, as the ransomware group Clop has threatened to make the data public if they don't pay up.

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

Hafnium has now exploited zero-day vulnerabilities in Microsoft's Exchange servers' Outlook Web Access to indiscriminately compromise no fewer than tens of thousands of email servers, according to sources with knowledge of the investigation into the hacking campaign who spoke to WIRED.

Utah's ‘Porn Filter’ Law Passes the State Legislature

Utah's ‘Porn Filter’ Law Passes the State Legislature

This week, Microsoft and security firm FireEye both shared new details about malware strains the Russia-linked group used to get such devastating access to so many targets.

Thousands of Android and iOS Apps Leak Data From the Cloud

Thousands of Android and iOS Apps Leak Data From the Cloud

Zimperium ran automated analysis on more than 1.3 million Android and iOS apps to detect common cloud misconfigurations that exposed data.

China and Russia's Spying Sprees Will Take Years to Unpack

China and Russia's Spying Sprees Will Take Years to Unpack

First spotted by security firm Volexity, a nation-state group that Microsoft calls Hafnium has been using multiple zero-day exploits —which attack previously unknown vulnerabilities in software—to break into Exchange Servers, which manage email clients including Outlook.

Far-Right Platform Gab Has Been Hacked—Including Private Data

Far-Right Platform Gab Has Been Hacked—Including Private Data

DDoSecrets cofounder Emma Best says that the hacked data includes not only all of Gab's public posts and profiles—with the exception of any photos or videos uploaded to the site—but also private group and private individual account posts and messages, as well as user passwords and group passwords.