It was a busy week in security, but aren’t they all these days! It’s always something when yet another Yahoo hack ends up somehow not even cracking the top news.
What did? With the recent Customs and Border Patrol crackdown, we offered a guide on how to enter the US with your digital privacy intact. Privacy was on Edward Snowden’s mind as well, as he starts his new gig as the president of the Freedom of the Press Foundation, helping protect journalists from snooping spies. One thing that should help? Popular encrypted chat app Signal added video this week, although it comes with a potential privacy tradeoff.
Secrecy was a central issue in the White House this week as well. Encrypted apps like Confide and Signal are helping staffers leak, but also may be helping them break the law. One thing that’s certain? Leaks themselves are as American as apple pie. Although secrecy still has its place; for instance, it’s probably not ideal to hold high-level national security conversations in full view in the Mar-a-Lago resort dining room https://stag-komodo.wired.com/2017/02/trump-north-korea-scif/.
Not everything touched on politics this week, thank goodness. IBM introduced a cybersecurity-focused voice assistant, called Havyn, that an 11-year-old helped invent. A chip-level flaw leaves millions of devices exposed to previously innocuous bugs. And if you’re using an Android app to control your car, well, read this quick-like.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
The same Russian hacking group responsible for accessing and leaking DNC emails during last year’s presidential campaign, APT28, appears to have created a variant of its go-to trojan software for Mac. Known as X-Agent, the malware had previously been available for iOS, Android, Windows, and Linux, but this is believed to be the first time researchers have spotted a macOS variant in the wild. Mac malware remains comparatively rare, but high-profile targets who use MacBooks or iMacs should know they’re not immune.
After disclosing two distinct hacks late last year, one of which implicated a billion users, Yahoo has once again sent an email to users warning them of potentially compromised accounts. The scope is more limited than previously reported breaches, but the threat is both more specific and more devious. This time, it’s from state-sponsored hackers using forged cookies to dig into their information without needing their passwords.
In a reminder that malware and phishing campaigns can target just about anyone for every reason, the Citizen Lab reported last weekend that spyware targeted opponents of a years-old soda tax in Mexico. The software appears to have been made by NSO group, a shadowy Israeli organization that commonly works with nation-states in criminal or terrorism investigations. Not, as in this case, on behalf of Big Sugar.
Every month, Microsoft holds a “Patch Tuesday,” wherein it pushes out software fixes that keep Windows and more safe and stable. Not so this February. The company first announced that it would delay the originally scheduled update, only to cancel it wholesale shortly thereafter. The March 14 patch-fest appears to still be on track, so just try not to click too many suspicious links between now and then.
