Like the Biden the administration moves on a growing list of political initiatives, the White House imposed sanctions this week on a slate of Russian misdeeds, including interference in the 2020 elections, the poisoning of dissident Aleksey Navalny and the SolarWinds piracy that swept away the U.S. government. agencies and many private sector companies. The retaliatory movement is complicated when it comes to SolarWinds, however, because it understood the type of espionage operation that would normally fall within geopolitical norms.
Elsewhere in the U.S. government, the Justice Department took a drastic step this week to stop Chinese piracy by authorizing the FBI to obtain an order and then directly remove the piracy infrastructure of attackers from the internal systems of hundreds of victims. Many in the security community praised the effort, but the move also sparked some controversy given the precedent it could set for future U.S. government actions that could be more invasive.
Throughout the full world of Internet of Things security, researchers released findings Tuesday that more than 100 million embedded devices and IT management servers are potentially vulnerable to attacks, due to flaws in network protocols. fundamental. The devices are manufactured by numerous vendors and are used in environments from regular offices to healthcare and critical infrastructure, which can expose these networks to attacks.
If you are trying to block your accounts and reduce your reliance on passwords, we have an alternative guide that will guide you across multiple platforms. And if you have a general sense of existential fear about all sorts of threats, you’re not alone: the U.S. intelligence community seems to feel the same way.
And there are more. Every week we gather all the news that WIRED did not cover in depth. Click on the headlines to read the full stories. And stay safe.
In 2016, the U.S. government tried to force Apple to unlock the iPhone of one of San Bernardino’s shooters. The case could have set a precedent that the government could require technology companies to undermine the security protections of their products or insert “back doors”. (Several law enforcement agencies and lawmakers around the world still advocate this type of access). But privacy advocates and security experts have unequivocally and consistently said that back doors are dangerous and would expose people to unacceptable security and privacy risks. In the case of San Bernardino, the FBI finally found a way to the device without Apple’s help. Reports at the time indicated that the FBI paid approximately $ 1 million to use an iPhone hacking tool developed by a private company. This week, The Washington Post revealed that the company that sold the tool was not one of the best-known players, but a small Australian company known as Azimuth that is now owned by US defense contractor L3Harris. The news provides a useful detail as companies weigh up resistance to other such orders that may come from the U.S. Department of Justice or other governments in the future.
As part of this week’s White House sanctions against Russia, the Biden administration convened a list of cybersecurity providers who allegedly provided hacking tools and other services to the Russian government’s offensive pirates. One such company, Positive Technologies, is a member of the Microsoft Active Protection Program, a group of nearly 100 software vendors that receive advanced warnings from Microsoft about vulnerabilities in Windows or other Microsoft products before a patch. Microsoft sometimes shares proof of concept that a vulnerability can be maliciously exploited in an effort to coordinate public disclosure of the defect. The idea is that Microsoft’s trusted security partners can jump on the inevitable flood of malicious activity that occurs once patches are released and attackers everywhere can design them inversely to build their own hacking tools. If Positive Technologies worked closely with the Russian government, it could have leaked the information and allowed attackers to modify their techniques or arm flaws they were unaware of. The company strongly denied the allegations.
The European Commissioner for Budgets and Administration said this week that SolarWinds piracy could compromise six European Union offices. In total, 14 EU agencies ran some version of the affected SolarWinds Orion software at the time of the hacking. The EU’s IT emergency response team did not say which six agencies downloaded the contaminated update or detail how many of the six were actually deeply compromised by Russian hackers. CERT-EU said, however, that at least for some of the six there was a “significant impact” and “some personal data breaches occurred.”
Bigger cable stories
- 📩 The latest in technology, science and more: get our newsletters.
- A boy, his brain and a medical controversy of decades
- How To Put Layers Of Clothes For Your Next Outdoor Adventure
- Falcons, Lokis, nerd canons and why you shouldn’t worry
- Larry Brilliant has a plan to speed up the end of the pandemic
- Facebook’s “Red Team X” hunts insects beyond its walls
- 👁️ Explore AI like never before with our new database
- 🎮 WIRED Games: Get the latest tips, reviews and more
- 🎧 Things don’t sound right? Check out our favorite wireless headphones, sound bars, and Bluetooth speakers