Security, Spoken

Researchers found troubling bugs in open-source libraries used by financial institutions. Learn about your ad choices: dovetail.prx.org/ad-choices

Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive. Learn about your ad choices: dovetail.prx.org/ad-choices

Through deceptive designs known as “dark patterns,” online retailers try to nudge you toward purchases you wouldn’t otherwise make. Learn about your ad choices: dovetail.prx.org/ad-choices

The now-patched vulnerability would have let hackers target Microsoft Office using Symbolic Link—a file type that hasn't been in common use in over 30 years. Learn about your ad choices: dovetail.prx.org/ad-choices

With access to just 50,000 high-wattage smart devices, attackers could make a bundle off of causing minor fluctuations. Learn about your ad choices: dovetail.prx.org/ad-choices

The story of a guy who wouldn't let a few quintillion possible decryption keys stand between him and his cryptocurrency. Learn about your ad choices: dovetail.prx.org/ad-choices

Researchers found 18 exploits that take advantage of inconsistencies in the email plumbing most people never think about. Learn about your ad choices: dovetail.prx.org/ad-choices

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks. Learn about your ad choices: dovetail.prx.org/ad-choices

You've seen them before: the UX ploys designed to trick you into spending money, or make it nearly impossible to unsubscribe. Here's what to look out for. Learn about your ad choices: dovetail.prx.org/ad-choices

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. Learn about your ad choices: dovetail.prx.org/ad-choices

A combination of technologies helped scientists discover a potentially illegal fishing operation involving more than 900 vessels. Learn about your ad choices: dovetail.prx.org/ad-choices

A WIRED investigation found dozens of channels belong to children apparently under 13, and anonymous chat participants sending inappropriate messages their way. Learn about your ad choices: dovetail.prx.org/ad-choices

A ransomware hit and subsequent outage caused problems in the company's aviation services, including flight planning and mapping. Learn about your ad choices: dovetail.prx.org/ad-choices

A previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus. Learn about your ad choices: dovetail.prx.org/ad-choices

Last year, Apple announced a special device just for hackers. The phone—for approved researchers only—has started to ship. Learn about your ad choices: dovetail.prx.org/ad-choices

The new hardware-based attack, which has targeted machines across Europe, can yield a stream of cash for the attacker. Learn about your ad choices: dovetail.prx.org/ad-choices

Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread. Learn about your ad choices: dovetail.prx.org/ad-choices

Officials in the three countries believe a state-linked group is trying to steal intellectual property and information about potential vaccine candidates. Learn about your ad choices: dovetail.prx.org/ad-choices

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon. Learn about your ad choices: dovetail.prx.org/ad-choices

Turf wars are heating up over the routers that fuel distributed denial of service attacks—and cybermercenaries are running rampant. Learn about your ad choices: dovetail.prx.org/ad-choices

The SigRed vulnerability exists in Windows DNS, used by practically every small and medium-sized organization in the world. Learn about your ad choices: dovetail.prx.org/ad-choices

Confidential Virtual Machines allows Google Cloud Services Customers to keep data secret—even when it's being actively processed. Learn about your ad choices: dovetail.prx.org/ad-choices

A sophisticated scheme was designed to trick businesses in more than 60 countries into wiring large sums of money to attackers. Learn about your ad choices: dovetail.prx.org/ad-choices

Dozens of people have come forward over the past week, many pointing to a culture that they say enabled rampant predatory behavior. Learn about your ad choices: dovetail.prx.org/ad-choices

US lawmakers have repeatedly raised security concerns over the app's Chinese ownership. Are US businesses next? Learn about your ad choices: dovetail.prx.org/ad-choices

Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers. Learn about your ad choices: dovetail.prx.org/ad-choices

There's finally a way to get off of email lists with your privacy intact. Learn about your ad choices: dovetail.prx.org/ad-choices

As China exerts more power over the city, companies like Facebook and Google have stopped handing over data—for now. Learn about your ad choices: dovetail.prx.org/ad-choices

A group dubbed "Cosmic Lynx" uses surprisingly sophisticated methods—and targets big game. Learn about your ad choices: dovetail.prx.org/ad-choices

For companies that haven't patched their BIG-IP products, it may already be too late. Learn about your ad choices: dovetail.prx.org/ad-choices

A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online. Learn about your ad choices: dovetail.prx.org/ad-choices

The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers. Learn about your ad choices: dovetail.prx.org/ad-choices

Starting today, the search giant will make a previously opt-in auto-delete feature the norm. Learn about your ad choices: dovetail.prx.org/ad-choices

Plus: Evil Corp hacking, an anti-encryption bill, and more of the week's top security news. Learn about your ad choices: dovetail.prx.org/ad-choices

Computers constantly give off more information than you might realize—which hackers can use to pry out their secrets. Learn about your ad choices: dovetail.prx.org/ad-choices

Kenton Varda gets dozens of messages a day from Spanish-speakers around the world, all thanks to a Gmail address he registered 16 years ago. Learn about your ad choices: dovetail.prx.org/ad-choices

A series of WikiLeaks disclosures that exposed a trove of the intelligence organization's secrets could have been avoided, a task force found. Learn about your ad choices: dovetail.prx.org/ad-choices

The video conferencing platform had previously said that only paid accounts would get the feature—a move privacy advocates roundly decried. Learn about your ad choices: dovetail.prx.org/ad-choices

Secondary Infektion appears to be a distinct effort from the meddling of the IRA and GRU—and it went undetected for years. Learn about your ad choices: dovetail.prx.org/ad-choices

Blizzard has suspended or closed over 74,000 accounts in the last month, as bots have upended the game's economy. Learn about your ad choices: dovetail.prx.org/ad-choices

Amid worldwide protests over racism and police violence, lawmakers are once again turning to the devices as a tool for reform. Learn about your ad choices: dovetail.prx.org/ad-choices

The so-called Ripple20 vulnerabilities affect equipment found in data centers, power grids, and more. Learn about your ad choices: dovetail.prx.org/ad-choices

Surveillance. Harassment. A live cockroach delivery. US Attorneys have charged six former Ebay workers in association with an outrageous cyberstalking campaign. Learn about your ad choices: dovetail.prx.org/ad-choices

The programmer who became a flagrant drug lord and weapons trafficker was sentenced in New York City to 25 years in prison. Learn about your ad choices: dovetail.prx.org/ad-choices

Though the Facebook-owned app doesn't give users complete control, there are ways to limit the data it collects and the types of ads you see. Learn about your ad choices: dovetail.prx.org/ad-choices

The so-called lamphone technique allows for real-time listening in on a room that's hundreds of feet away. Learn about your ad choices: dovetail.prx.org/ad-choices

The latest update to Google's operating system has a host of privacy and security improvements. Learn about your ad choices: dovetail.prx.org/ad-choices

Limiting in-person polling sites makes it both harder to vote and more dangerous. Learn about your ad choices: dovetail.prx.org/ad-choices

Another key aspect of the security and privacy label project is that the information is also encoded to be machine readable. This way, even if different countries or industries develop their own assessment tools, there's still a way to compare and process all the data. The researchers point out that data from the labels could make it easier to search for products by their privacy and security features, creating the potential for these to be mainstream product considerations rather than niche points that are difficult for consumers to research. Ecommerce websites could even offer filters for privacy and security features like they already do for things like price, weight, or screen size. In this way, consumers could make intentional choices about the products they buy, with digital safety as one of the factors.The researchers say that they've had a lot of private-sector and congressional interest in their label. But so far they've only been able to make example labels based on imaginary products or mock up labels for real products based on public data. The researchers are looking for a manufacturer to pilot the labels in a more serious way, with honest information about the products.There is real momentum toward doing these types of tests. Finland, Singapore, and the United Kingdom are all working on national IoT label programs focused on security. And while some IoT security bills have floated around the US Congress, the National Telecommunications and Information Administration within the Department of Commerce is actively working on a similar type of project for software. The idea is to develop a software "bill of materials" that would help the industry keep track of all the different open source and third-party components that go into one single software program or platform."Standardization I think will help, just like the ingredients label on food educates people about how much sugar or sodium they're consuming," says Chris Wysopal, chief technology officer of the software auditing firm Veracode. "Standardizing a software bill of materials would make it more clear to a consumer what they’re getting."The researchers are realistic that for their work to have a long-term impact there would either need to be widespread voluntary adoption of the label by manufacturers or a government mandate to do so. But they say that's why they've designed the label with room for manufacturers to explain their choices to consumers."There may be a really good reason that your thermostat has a microphone, but if the company doesn’t tell you, then you’re shocked," says Lorrie Cranor, director of Carnegie Mellon's usable privacy and security lab. "If they tell you about the microphone up front and explain why that is, then you might say 'Oh, OK, that makes sense.'"Conventional wisdom says that consumers won't typically pay a premium for privacy and security features. The researchers had preliminary findings, though, that an easy-to-read label might help people better understand potential risks and make them more willing to pay more for strong guarantees. It will take more investigation to expand on that finding, and the easiest way to do extensive testing would be for companies to start adopting security and privacy labels on their IoT products. You likely won't be seeing IoT privacy labels on store shelves anytime soon. But the stakes are high enough that something certainly needs to change. Learn about your ad choices: dovetail.prx.org/ad-choices

Plus: An iOS zero day, surveillance planes, and more of the week's top security news. Learn about your ad choices: dovetail.prx.org/ad-choices