Security, Spoken

After a solid decade of nonstop corporate data breaches and exposures you'd think large organizations would have at least fixed the most basic and obviously damaging types of data mishandling. But there's clearly still a long way to go. On Friday, independent security journalist Brian Krebs revealed that the real estate and title insurance giant First American had 885 million sensitive customer financial records, going back to 2003, exposed on its website for anyone to access. Learn about your ad choices: dovetail.prx.org/ad-choices

The Memorial Day weekend begins on a dire note for constitutional protections. On Thursday, the US government indicted Wikileaks founder Julian Assange for violating the Espionage Act. This is the first time in modern history that the US has charged the publisher of sensitive materials rather than the person who leaked it. Learn about your ad choices: dovetail.prx.org/ad-choices

On Thursday, the Department of Justice unsealed new charges against WikiLeaks founder Julian Assange. Unlike the previous indictment—which focused narrowly on an apparent offer to help crack a password—the 17 superseding counts focus instead on alleged violations of the Espionage Act. In doing so, the DOJ has aimed a battering ram at the freedom of the press, whether you think Assange is a journalist or not. Learn about your ad choices: dovetail.prx.org/ad-choices

New charges against Julian Assange threaten all of the press, scientists have figured out how to alter emotional memories, and Memorial Day is coming. Here's the news you need to know, in two minutes or less. Today's Headlines Julian Assange's charges put all of the press at risk New charges unveiled by the Justice Department against WikiLeaks founder Julian Assange paint a troublesome picture for him---and for all journalists. Learn about your ad choices: dovetail.prx.org/ad-choices

As facial recognition technologies have evolved from fledgling projects into powerful software platforms, researchers and civil liberties advocates have consistently warned about their potential to erode privacy. Those mounting fears came to a head Wednesday in Congress. Alarms over facial recognition had already gained urgency in recent years, as studies have shown that the systems still produce relatively high rates of false positives, and consistently contain racial and gender bias. Learn about your ad choices: dovetail.prx.org/ad-choices

It happened again. Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. GSuite users, pay attention. Google says that the bug affected "a small percentage of GSuite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. Learn about your ad choices: dovetail.prx.org/ad-choices

Bluetooth is the invisible glue that binds devices together. Which means that when it has bugs, it affects everything from iPhones and Android devices, to scooters, and even physical authentication keys used to secure other accounts. The order of magnitude can be stunning: The BlueBorne flaw, first disclosed in September 2017, impacted five billion PCs, phones, and IoT units. Learn about your ad choices: dovetail.prx.org/ad-choices

In the three years since Russian operatives breached the servers of the Democratic National Committee and threw presidential politics into a state of perpetual chaos, countries around the world have been on notice to the threat of foreign interference in elections. Learn about your ad choices: dovetail.prx.org/ad-choices

A decade ago, Amazon abruptly deleted copies of George Orwell's 1984 from the Kindles of its American customers. The move instantly evoked the “memory holes” in the novel's totalitarian dystopia, and it inspired about equal measures of shock, outrage, and jokes. (If a fictional Amazon in a dystopian novel had performed the same mass deletion, critics would have said it was too on the nose. Learn about your ad choices: dovetail.prx.org/ad-choices

The week started out with a bang, or several of them really. Remember Meltdown and Spectre, the vulnerabilities that affected basically every Intel processor from the last decade? There’s a related attack called ZombieLoad—yes, ZombieLoad—with similarly broad and bad impact. Serious stuff! But honestly not even the worst disclosure of the week. That distinction probably goes to Cisco. Learn about your ad choices: dovetail.prx.org/ad-choices

For decades, the security industry has warned that the cybercriminal economy has been developing its own highly specialized, professional supply chain. But only when law enforcement tears the lid off a well-honed hacker operation—as they did today with the global Goznym malware crew—does the full picture of every interlinked step in that globalized crime network come into focus. Learn about your ad choices: dovetail.prx.org/ad-choices

As part of its expanded anti-phishing and account security measures, Google offers extensive support for physical authentication tokens. In a surprising setback, though, the company announced today that it has discovered a vulnerability in the Bluetooth version of its own Titan Security Key—which pairs to devices through the wireless Bluetooth Low Energy protocol, rather than through NFC or physical insertion into a port. Learn about your ad choices: dovetail.prx.org/ad-choices

The Tandberg video-teleconference monitor is sleeker than the average desktop computer but not much bigger. Developed by a Norwegian concern now owned by Cisco Systems, the desktop units—which look like knock-off iMacs, with a handset for dialing—support seamless and, when enabled, classified video-teleconferencing. Learn about your ad choices: dovetail.prx.org/ad-choices

Despite high-profile arrests and protocols with clever names, the robocall scourge remains indomitable. Wednesday, Federal Communications Commission chairman Ajit Pai teased a new proposal to put a serious dent in the problem. Stop us if you’ve heard this one before. On the face of it, Pai’s proposal sounds appealing. It would allow carriers to block robocalls by default, rather than on an opt-in basis. Learn about your ad choices: dovetail.prx.org/ad-choices

This week, Microsoft issued patches for 79 flaws across its platforms and products. One of them merits particular attention: a bug so bad that Microsoft released a fix for it on Windows XP, an operating system it officially abandoned five years ago. There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe. Learn about your ad choices: dovetail.prx.org/ad-choices

Hackers got into pretty much everything, and Amazon is paying employees to quit. Here's the news you need to know, in two minutes or less. Today's Headlines A phone call broke Whatsapp The messaging platform WhatsApp is well known for its end-to-end encryption, but recent news calls its security into question. The NSO Group, an Israeli spy firm, injected malware onto targeted phones in order to steal data by simply placing a phone call. Learn about your ad choices: dovetail.prx.org/ad-choices

You've heard the advice a million times. Don't click links in suspicious emails or texts. Don't download shady apps. But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn't need to pick up to be infected, and the calls often left no trace on the phone's log. Learn about your ad choices: dovetail.prx.org/ad-choices

Your Cisco routers aren't safe, the Supreme Court voted against Apple, and the nostalgic Tomagotchi has returned. Here's the tech news you need to know, in two minutes or less. Today's Headlines Hackers found a way into Cisco devices. Millions of them Everyone uses Cisco routers, including institutions that deal with hypersensitive information. Learn about your ad choices: dovetail.prx.org/ad-choices

The hack of health insurance giant Anthem Inc. has loomed large in the public consciousness since it first came to light in 2015—not just as one of the biggest breaches of all time, but also as a potential example of the Chinese government's longstanding cyber espionage campaign. Hackers stole names, birth dates, addresses, Social Security numbers, and employment details from 78 million Anthem customers. And for years China was reported to be behind it. Learn about your ad choices: dovetail.prx.org/ad-choices

It was a week of notable firsts, although not always welcome ones. Israel responded to a Hamas cyberattack by blowing up the building that apparently housed the responsible hacking group, a new escalation in cyberwar doctrine. Google for the first time lets you limit how long it keeps your data—so go do that. And the CIA became the first intelligence agency to establish an official presence on the Tor anonymous network. For some reason. Learn about your ad choices: dovetail.prx.org/ad-choices

Thanks to advances in machine learning, computers have gotten really good at identifying what’s in photographs. They started beating humans at the task years ago, and can now even generate fake images that look eerily real. While the technology has come a long way, it’s still not entirely foolproof. In particular, researchers have found that image detection algorithms remain susceptible to a class of problems called adversarial examples. Learn about your ad choices: dovetail.prx.org/ad-choices

On the dark web drug market Empire this week, business proceeds as usual. "Satisfied customer, will be back," writes one user on the product page of a meth dealer with the handle shardyshardface. "Excellent," reads a plaudit posted by a buyer of the opiate oxycodone. "Bravo," says another for a five-dollar sample of fentanyl, one of 18 reviews posted on the product's profile page in the last week. In all, Empire lists over 18,000-plus narcotic offerings, including hundreds for oxycodone alone. Learn about your ad choices: dovetail.prx.org/ad-choices

Binance is one of the world’s biggest cryptocurrency exchanges. As of Tuesday, it’s now also the scene of a major cryptocurrency theft. In what the company calls a “large scale security breach,” hackers stole not only 7,000 bitcoin—equivalent to over $40 million—but also some user two-factor authentication codes and API tokens. Learn about your ad choices: dovetail.prx.org/ad-choices

The First Amendment and the Computer Fraud and Abuse Act collided last month when the UK arrested Wikileaks founder Julian Assange on, among other things, a US extradition request for computer crime. He has since been sentenced to 50 weeks in a British prison. For roughly seven years before his arrest, he’d been living in the Ecuadorian Embassy in London, but on April 11, the Ecuadorian government withdrew his asylum. Learn about your ad choices: dovetail.prx.org/ad-choices

The anonymity service Tor has grown in popularity around the world over the last few years, but it has also long been a tool for intelligence agencies and clandestine communications—not to mention endless cat-and-mouse games between law enforcement and criminals. But now, the CIA is staking out a more public presence there. Learn about your ad choices: dovetail.prx.org/ad-choices

This weekend, violence between Israel and Gaza escalated to a degree not seen since 2014, with 25 Palestinians and four Israelis killed in the fighting. Decades into the entrenched tensions of the region, the incident overall was tragically unsurprising. But for cybersecurity professionals, one aspect particularly stood out: The Israeli Defense Force claimed that it bombed and partially destroyed one building in Gaza because it was allegedly the base of an active Hamas hacking group. Learn about your ad choices: dovetail.prx.org/ad-choices

The week began with dragon’s breath. After a major breach in its firewall, a scrappy security team in the north engaged in an epic battle to rid its system of an infected payload that kept growing bigger and bigger, spewing frozen ice flames across all critical infrastructure. Yes, I’m talking about Game of Thrones, folks, and yes, we asked an officer in the Army National Guard to do a tactical analysis of the battle of Winterfell, and yes, it’s wonderful and you should read it. Learn about your ad choices: dovetail.prx.org/ad-choices

Hackers are hacking, Portland is leading the charge for open internet, and Paris is pondering what to do with what's left of the Notre Dame Cathedral. Here's the news you need to know, in two minutes or less. A hacker group is on a hijacking spree Over the past three years, insidious supply chain attacks on at least six different companies have now all been tied to a single group of hackers. Learn about your ad choices: dovetail.prx.org/ad-choices

A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Learn about your ad choices: dovetail.prx.org/ad-choices

In the United States, the public discourse has lately centered around nation state disinformation campaigns much more than hacktivism. But internationally, dramatic or destructive digital acts that call attention to particular issues continue to simmer—and boiled over in the lead-up to the ouster of longtime Sudanese dictator Omar al-Bashir. The #OpSudan effort did not directly lead to al-Bashir's arrest. Learn about your ad choices: dovetail.prx.org/ad-choices

In December, WIRED took stock of then 17 known criminal investigations swirling around Donald Trump, Russia’s role in the 2016 election, and Trump’s network of businesses and business partners—probes by not just Special Counsel Robert Mueller but by at least a half-dozen other federal, state, and local investigators. Learn about your ad choices: dovetail.prx.org/ad-choices

Two years ago, as Nebraska was considering a “right to repair” bill designed to make it easier for consumers to fix their own gadgets, an Apple lobbyist made a frightening prediction. If the state passed the legislation, it would turn into a haven for hackers, Steve Kester told then-state senator Lydia Brasch. He argued the law would inadvertently give bad actors the opportunity to break into devices like smartphones. The bill was later shelved, in part because of industry pressure. Learn about your ad choices: dovetail.prx.org/ad-choices

By now we’re all familiar with the battle tactics in Game of Thrones: Confront your enemy head on—usually in some nicely arrayed lines—and hack at them until no one’s left alive or someone has won. It’s a tried and true method, with little in the way of actual operational depth. And as Sunday night’s Battle of Winterfell showed, it's particularly ineffective against an endless army of the undead. Spoilers ahead, obviously. Learn about your ad choices: dovetail.prx.org/ad-choices

The week in security news began much as you’d expect: still trying to make sense of the redacted Mueller report, which was released to congress late last week. Garrett M. Graff’s takeaways? The report makes clear that Trump was worse than a “useful idiot,” along with 14 other insights you may have missed. Learn about your ad choices: dovetail.prx.org/ad-choices

Around a year ago, André Tenreiro was called into a meeting between the chief technology officer of the phone carrier he worked for—one of the largest in Mozambique—and an executive of the country's largest bank. The latter had seen an escalating pattern of fraud based on so-called SIM swap attacks, where hackers trick or bribe a phone company employee into switching the SIM card associated with a victim's phone number. Learn about your ad choices: dovetail.prx.org/ad-choices

You’ve seen the ads in your email or online: Celebrities supposedly hawking miracle weight loss cures or galaxy brain supplements. They’re at this point endemic to the web, as deeply ingrained as hashtags and puppies. But even though plenty of people fall for them, no one ever really does anything about it. Of all the security threats online, spam ranks pretty low on the priority list. Learn about your ad choices: dovetail.prx.org/ad-choices

Back in January, approximately 1,000 Robert Mueller news-cycles ago, I argued that given the arc of the special counsel Russia probe, it’d be embarrassing for Donald Trump if he weren’t an agent of the Russian intelligence: “We’ve reached a point in the Mueller probe where there are only two scenarios left,” I wrote at the time. Learn about your ad choices: dovetail.prx.org/ad-choices

Democrats in Washington found themselves Friday confronting an unwelcome surprise conclusion following the release of the final report by special counsel Robert Mueller: Maybe we should impeach President Trump after all. Ever since taking back the House of Representatives in January, Democratic leaders have carefully modulated the demands for impeachment from their activist base. Learn about your ad choices: dovetail.prx.org/ad-choices

After a series of bombings killed over 300 people in Sri Lanka Easter Sunday, the country’s government blocked access to social media sites including Facebook, WhatsApp, Instagram, YouTube, Snapchat, and the chat app Viber, according to state media and independent organizations that monitor internet blocks. Learn about your ad choices: dovetail.prx.org/ad-choices

Netflix made a splash when it debuted Black Mirror: Bandersnatch in December, a "choose your own adventure"-style movie that put viewers in charge of their cinematic destiny. It has since invested in even more interactive programming, including a live-action show featuring survivalist Bear Grylls. Learn about your ad choices: dovetail.prx.org/ad-choices

Robert Mueller’s final 448-page report on Russian interference in the 2016 election—and Donald Trump’s apparent attempts to obstruct justice along the way—takes some time to read fully. On close examination, it turns out to be a deeply compelling document, full of tantalizing revelations and details. Washington Post book critic Carlos Lozada called the Mueller Report “the best book by far on the workings of the Trump presidency. Learn about your ad choices: dovetail.prx.org/ad-choices

After months of anticipation and fevered speculation by supporters and critics alike, the public finally laid eyes on the most important release of the past 25 years, its secrets guarded by a famously tight-lipped team up until the very end. That's right, Beyoncé dropped a new album this week. Scholars will analyze its influence for years to come. Robert Mueller's report also came out, at least in redacted form. Learn about your ad choices: dovetail.prx.org/ad-choices

This week kicked off a new, chaotic era at the Department of Homeland Security, where the only certainty seems to be the president’s obsession with immigration. As former Customs and Border Protection commissioner and prominent family-separation advocate Kevin McAleenan takes over as acting secretary, it’s fair to wonder what will happen to the rest of DHS’s many essential responsibilities. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: The Mueller Report is much worse for Trump than Barr let on The full (but redacted) Mueller Report is finally here, in its 448 pages of glory. There are lots of takeaways, but the bottom line is the report is much more damaging to Trump than Trump-appointed attorney general William Barr initially said. Learn about your ad choices: dovetail.prx.org/ad-choices

On March 22, special counsel Robert Mueller turned in his long-anticipated report on Russian interference in the 2016 election—and the question of whether President Donald Trump obstructed justice. Now you can read the whole thing for yourself. Or at least what’s left of it, after attorney general William Barr’s redactions. Barr had initially released a brief summary of the report’s key findings in a four-page letter he sent to Congress on March 24. Learn about your ad choices: dovetail.prx.org/ad-choices

The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet's cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the internet. Learn about your ad choices: dovetail.prx.org/ad-choices

Until a few weeks ago, sinmed was one of the largest drug vendors at Dream Market, the foremost dark web bazaar. It took in millions of dollars shipping fentanyl-laced heroin, methamphetamines, and hundreds of thousands of counterfeit Xanax tablets across the US—until the New York district attorney's office shut it down, and arrested the three men who allegedly ran it. Dark web takedowns happen all the time. Learn about your ad choices: dovetail.prx.org/ad-choices

When Ivan Medvedev joined Google as a privacy engineering manager in 2013, the company had rogue data anxiety. Its user base and set of services had become so massive that it seemed inevitable that sensitive data could accidentally crop up in unexpected places, like customers filing support tickets with more personal information than necessary. Learn about your ad choices: dovetail.prx.org/ad-choices

It's not every day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years. Learn about your ad choices: dovetail.prx.org/ad-choices

On Friday night, Microsoft sent notification emails to an unknown number of its individual email users—across Outlook, MSN, and Hotmail—warning them about a data breach. Between January 1 and March 28 of this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account data like email addresses in messages, message subject lines, and folder names inside accounts. By Sunday, it acknowledged that the problem was actually much worse. Learn about your ad choices: dovetail.prx.org/ad-choices