Security, Spoken

Plus: A Windows zero day, an iOS watering hole, and more of the week's top security news. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple kicked Alex Jones out of the App Store in 2018. The Google Play Store has finally followed suit. Learn about your ad choices: dovetail.prx.org/ad-choices

The US is desperate for hospital beds. The USACE can build thousands of them in a matter of days. Learn about your ad choices: dovetail.prx.org/ad-choices

After over a million downloads, the Tekya-infected Android offerings are finally on ice. Learn about your ad choices: dovetail.prx.org/ad-choices

A years-long investigation and global cooperation disrupted one of the biggest botnets ever. Learn about your ad choices: dovetail.prx.org/ad-choices

The World Health Organization is partnering with the messaging app to help disseminate trustworthy information. Learn about your ad choices: dovetail.prx.org/ad-choices

As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage. Learn about your ad choices: dovetail.prx.org/ad-choices

Shadowserver has helped keep the internet safe for 15 years. Unless it can raise funds fast, it's going to disappear. Learn about your ad choices: dovetail.prx.org/ad-choices

A new documentary makes crystal clear how little time remains to protect the 2020 election. Learn about your ad choices: dovetail.prx.org/ad-choices

It's a rule of thumb in cybersecurity that the more sensitive your system, the less you want it to touch the internet. But as the US hunkers down to limit the spread of Covid-19, cybersecurity measures presents a difficult technical challenge to working remotely for employees at critical infrastructure, intelligence agencies, and anywhere else with high-security networks. In some cases, working from home isn't an option at all. Learn about your ad choices: dovetail.prx.org/ad-choices

You'd think that mammography machines, radiology systems, and ultrasounds would maintain the strictest possible security hygiene. But new research shows that a whopping 83 percent of medical imaging devices run on operating systems that are so old they no longer receive any software updates at all. That issue is endemic to Internet of Things devices generally, many of which aren't designed to receive software improvements or offer only a complicated path to doing so. Learn about your ad choices: dovetail.prx.org/ad-choices

Since Russia’s stunning influence operations during the 2016 United States presidential race, state and federal officials, researchers, and tech companies have been on high alert for a repeat performance. With the 2020 election now just seven months away, though, newly surfaced social media posts indicate that Russia’s Internet Research Agency is adapting its methods to circumvent those defenses. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. Learn about your ad choices: dovetail.prx.org/ad-choices

Opening email attachments from untrusted senders has long been one of the easiest ways to get hacked. But unlike other common security screw-ups—using "password" for your password, downloading pirated software from shady websites—there's no practical way for a modern human to avoid opening the occasional mystery-meat attachment. Now one technologist has produced a solution. Learn about your ad choices: dovetail.prx.org/ad-choices

This is a story about something that could have gone wrong on the internet this week but instead turned out mostly OK. How often can you say that? Around nine o’clock on the East Coast on Friday, February 28, bad news arrived on the doorstep of Let’s Encrypt. An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost. Learn about your ad choices: dovetail.prx.org/ad-choices

As the novel coronavirus continues to propagate, phishing scams that pose as Covid-19 advice do as well. The trend started over a month ago, but it's only going to get worse. Abide by these tips to avoid them, and also please keep washing those hands. In non-pandemic news, researchers figured out how to clone the mechanical keys of tens of millions of cars from Toyota, Hyundai, and Kia, making theft a much simpler matter. Learn about your ad choices: dovetail.prx.org/ad-choices

A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2003, security researchers Katie Moussouris and a colleague at enterprise security firm @stake—which would later be acquired by Symantec—found a bad flaw in an encrypted flash drive from Lexar. It was trivial to uncover the password that decrypted the drive's data. But when they tried to let Lexar know? "Things went wrong," says Chris Wyspol, who was also working at @stake at the time. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, North Korea's Lazarus Group hackers have plundered and pillaged the global internet, scamming and infecting digital devices around the world for espionage, profit, and sabotage. One of their weapons of choice: a so-called loader that allows them to clandestinely run a diverse array of malware on targeted Macs with hardly a trace. But Lazarus didn't create the loader on its own. The group seems to have found it laying around online, and repurposed it to elevate their attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

It was the RSA security conference in San Francisco this week, and the security industry descended on Moscone Center for days of handing out free stickers, demoing products, and presenting research. And the week was punctuated by fewer handshakes and more elbow bumps thanks to Covid-19. WIRED looked at research that North Korea is recycling Mac malware, and how it's indicative of booming malware reuse. Learn about your ad choices: dovetail.prx.org/ad-choices

John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom. In fairness, it was Rita Strand's idea. Learn about your ad choices: dovetail.prx.org/ad-choices

As Richard Grenell, the current US ambassador to Germany, starts his second day on the job as the nation’s acting director of national intelligence, his arrival also marks the ouster of not only his predecessor, Joseph Maguire, but reportedly also of DNI principle executive Andrew Hallman. By the end of the day, almost all of the roles created after 9/11 literally to prevent the next 9/11 will be either vacant or lack permanent appointees. Learn about your ad choices: dovetail.prx.org/ad-choices

Distributing malware by attaching tainted documents to emails is one of the oldest tricks in the book. It's not just a theoretical risk—real attackers use malicious documents to infect targets all the time. So on top of its anti-spam and anti-phishing efforts, Gmail expanded its malware detection capabilities at the end of last year to include more tailored document monitoring. And it's working. Learn about your ad choices: dovetail.prx.org/ad-choices

At 10:28 pm on November 1, an image of an unknown and classified Pokémon appeared in a Discord group. Gigantamax Machamp, the megasized version of the body-builder Pokémon, was slated to appear in the then-unreleased games Pokémon Sword and Pokémon Shield. Within minutes, JPEGs of it were posted to 4chan. Then, on a dedicated Pokémon Reddit. It wasn’t long until 300 URLs were hosting it. Learn about your ad choices: dovetail.prx.org/ad-choices

This week was filled with wide-scale calamity. Hundreds of millions of PCs have components whose firmware is vulnerable to hacking—which is to say, pretty much all of them. It's a problem that's been known about for years, but doesn't seem to get any better. Likewise, Bluetooth implementation mistakes in seven SoC—system on chips—have exposed at least 480 internet of things devices to a range of attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

If there’s one line intelligence officials have stuck to about Russian interference in US elections, it’s that it never stopped. Not after the 2016 election, not after the 2018 midterms, and certainly not now, well into the 2020 primary season. Which is why it should be no great surprise that, as the Washington Post first reported Friday, US officials warned Bernie Sanders that Russia is “attempting to help” his presidential campaign. Learn about your ad choices: dovetail.prx.org/ad-choices

Bluetooth is used in everything from speakers to implanted pacemakers, which means that Bluetooth-related vulnerabilities can affect a dizzying array of devices. In the latest instance, a newly discovered round of 12 Bluetooth bugs potentially exposes more than 480 devices to attack, including fitness trackers, smart locks, and dozens of medical tools and implants. Learn about your ad choices: dovetail.prx.org/ad-choices

YouTube Gaming has been clawing its way into streaming platform Twitch’s market share for months. But new data retrieved by WIRED suggests that YouTube Gaming also has a serious problem with scammers and cheat-makers—and lots and lots of bots. In January, all seven of the most-watched YouTube Gaming channels weren’t run by happy gamers livestreaming the game du jour. Learn about your ad choices: dovetail.prx.org/ad-choices

That laptop on your desk or server on a data center rack isn't so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads, largely sourced from third parties—have their own dedicated chips and code as well. Learn about your ad choices: dovetail.prx.org/ad-choices

West Virginia and Oregon have both recently deployed mobile a voting app called Voatz to facilitate absentee voting. But Voatz now turns out to have major security flaws, according to researchers from the Massachusetts Institute of Technology—including vulnerabilities that could let a hacker manipulate results. The newly unearthed bugs could allow an attacker to reveal someone's votes, block votes from being submitted, or even manipulate them. Learn about your ad choices: dovetail.prx.org/ad-choices

In an age of hyper-partisanship, Americans increasingly get their news from sites that align with their political beliefs. But more separates those right and left-leaning sides of the web than their opposite ideologies. According to a new study, the right end of the fractured online news industry also tracks its audience far more aggressively than the left does. Learn about your ad choices: dovetail.prx.org/ad-choices

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal. Learn about your ad choices: dovetail.prx.org/ad-choices

Malign foreign influence operations during the 2016 United States presidential election season raised awareness about the need for tighter security within campaigns. And while the 2020 presidential campaigns have shown some improvement, many are still seriously lagging—and facing real threats—with nine months left before election day. Now Google is trying to help move the needle. Learn about your ad choices: dovetail.prx.org/ad-choices

Well, here we are again. Even years later, it's still hard to fully grasp the degree to which Yahoo failed at protecting the data of billions of people across multiple breaches in the 2010s. But now, thanks to a class action suit against Yahoo that has reached a proposed settlement, you have until July 20 to file a claim if you were impacted. Don't miss out on your chance for a $100 apology. Learn about your ad choices: dovetail.prx.org/ad-choices

Despite its best damage control efforts, Facebook is still dogged by its checkered past on data privacy. But at least some of the security mechanisms the company has put in place are catching problems—and helping them get fixed. Facebook said on Friday that in 2019 its bug bounty saw its largest number of accepted bugs since the program launched nine years ago, paid out its highest single reward ever, and began inviting select researchers to evaluate new features before they launched. Learn about your ad choices: dovetail.prx.org/ad-choices

The week kicked off with the Iowa caucuses, which went very poorly, in so many ways! We'll talk about a few of them below, but the main takeaway is that adding unvetted technology to the voting process—or anything—rarely makes things better. Other states, please take note! Actually, Nevada and New Hampshire already have. It's a start. In another unwelcome technological evolution, ransomware has started targeting industrial control systems, which bodes poorly for critical infrastructure. Learn about your ad choices: dovetail.prx.org/ad-choices

Welcome to a dark day in America’s modern experiment with democracy. Despite becoming the first president ever to receive votes from both parties to convict and remove him from office in an impeachment trial, President Donald Trump today woke up in the White House unbound. Learn about your ad choices: dovetail.prx.org/ad-choices

Almost three years ago, artist Simon Weckert noticed something unusual at a May Day demonstration in Berlin: Google Maps showed there was a massive traffic jam, even though there were zero cars on the road. Soon enough, Weckert realized that it was the mass of people, or more specifically their smartphones, that had inadvertently tricked Google into seeing gridlock on an empty street. And then he decided to do it himself. Learn about your ad choices: dovetail.prx.org/ad-choices

Kaliya Young doesn’t want to break up Facebook. She wants to make it obsolete. She was an Olympic-level water polo player for Canada, but in 2002 was diagnosed with Hodgkin’s lymphoma. Freshly graduated from university and living in the San Francisco Bay Area, she went through months of radiation and chemotherapy that sapped her physical strength. In her mid-twenties, far from home, no longer an athlete, Young felt intensely alone. Wired UK This story originally appeared on WIRED UK. Learn about your ad choices: dovetail.prx.org/ad-choices

Have you heard about this little thing called Space Force? If so, it's probably through ridicule; the latest branch of the US military has received no shortage of it since it launched at the end of last year. Still, at least it had a better week than Intel, which had to release a patch for a patch for its patch of its ZombieLoad problem. Say that five times fast. This week we also took a look at the most common Mac malware, at least by antivirus firm Kaspersky's reckoning. Learn about your ad choices: dovetail.prx.org/ad-choices

This year’s crop of Super Bowl ads includes plenty of the usual suspects: expensive cars, cheap beers, big tech. But among the companies coughing up a reported $5.6 million for 30 seconds of Big Game glory is one name most people have never heard of, selling a product that many don’t know exists: Dashlane, an app that manages your passwords. It’s not that password management is entirely novel. Learn about your ad choices: dovetail.prx.org/ad-choices

Elizabeth Warren has a plan for dealing with disinformation. Sort of. Yesterday, the Democratic senator and presidential candidate known for her detailed policy objectives released a proposal titled “Fighting Digital Disinformation.” The part about what she intends to do as president, however, is a bit thin by her standards. The bulk of the plan is devoted instead to what Warren wants social media platforms to do. Learn about your ad choices: dovetail.prx.org/ad-choices

The internet was designed to make information free and easy for anyone to access. But as the amount of personal information online has grown, so too have the risks. Last weekend, a nightmare scenario for many privacy advocates arrived. The New York Times revealed Clearview AI, a secretive surveillance company, was selling a facial recognition tool to law enforcement powered by “three billion images” culled from the open web. Learn about your ad choices: dovetail.prx.org/ad-choices

Law enforcement in the United States, international spies, and criminals have all used (and abused) the surveillance tools known as "stingrays" for more than a decade. The devices can track people's locations and even eavesdrop on their calls, all thanks to weaknesses in the cellular network. Today, researchers are detailing a way to stop them—if only telecoms would listen. Learn about your ad choices: dovetail.prx.org/ad-choices

The popular misconception that Macs don’t get viruses has become a lot less popular in recent years, as Apple devices have weathered their fair share of bugs. But it’s still surprising that the most prolific malware on macOS—by one count, affecting one in 10 devices—is so relatively crude. This week, antivirus company Kaspersky detailed the 10 most common threats its macOS users encountered in 2019. Learn about your ad choices: dovetail.prx.org/ad-choices

In a criminal complaint released Monday, the Brazilian government is charging journalist Glenn Greenwald with committing cybercrimes. The accusations are connected to leaked text messages that Greenwald reported on last year for The Intercept Brasil, which the outspoken journalist launched in 2016 as a spinoff of the US-based news site he had founded two years prior. Learn about your ad choices: dovetail.prx.org/ad-choices

On a small, blue-lit stage in a dim side room of the Fillmore Theater in Miami on Tuesday, three men sat behind laptops in front of a small crowd. Two of them nervously reviewed the commands on a screen in front of them. Learn about your ad choices: dovetail.prx.org/ad-choices

On November 8, 2018, Amazon CEO Jeff Bezos received an unexpected text message from Saudi Arabian leader Mohammed bin Salman. The two had exchanged numbers a few months prior, in April, at a small dinner in Los Angeles, but weren’t in regular contact; Bezos had previously received only a video file from the crown prince in May that reportedly extolled Saudi Arabia’s economy. Learn about your ad choices: dovetail.prx.org/ad-choices

Chrome is protecting and Sonos is disconnecting, but first: a cartoon about the new big screen. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today’s News Don't ignore Chrome's new password checkup feature If you've logged in to any accounts on Google Chrome recently, you've probably noticed a new pop-up nagging you about your password security. Learn about your ad choices: dovetail.prx.org/ad-choices

End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices? The Swiss cryptography firm Teserakt is trying just that. Learn about your ad choices: dovetail.prx.org/ad-choices