There are many Worried about today’s world, so apologize in advance for this extra survival pressure: new research shows that if it happens The solar superstorm-the kind that struck in 1859-the internet could be completely paralyzed, And it will take longer than the grid restoration. The risk lies mainly in the submarine cables connecting the mainland. These cables are not grounded and rely on components that may be damaged by geomagnetic surges. Although solar storms of this scale are rare, they do happen—and the Internet infrastructure has never been tested.
Cheerful! Although it is undeniable, it has not gotten better from there.The cybersecurity record of medical equipment is very poor. This week researchers shared about Vulnerabilities of the infusion pump This allows hackers to manage additional doses. This is a complex attack, but its less complex version can still carry out ransomware attacks on hospital networks.
The privacy-unfriendly default settings in Microsoft Power Apps (features designed to make building web applications a breeze) result in Open 38 million records in thousands of organizationsThe data includes Covid-19 contact tracking information from Indiana, as well as from Microsoft’s own salary database.
other iOS “zero-click” attack exposed this week In a report from the Citizens Lab at the University of Toronto. These hackers don’t need the victim’s interaction: no attachments are opened, no links are clicked. This is the latest in a series of nation-state surveillance attacks against dissidents that exploit vulnerabilities in Apple’s iMessage security. The company can do many things to make messaging services safer for its most dangerous victims. The question is how far it is willing to go.
Although geofencing orders-targeting anyone in a specific area at a specific time-have long been a concern for privacy advocates, new data recently released by Google suggests Law enforcement agencies deployed them extensivelySince 2018, the number of geofencing authorization requests received by the company has increased tenfold and now accounts for 25% of the total number of authorization requests received.
there are more! Every week we collect all safety news that WIRED has not covered in depth. Click on the title to read the full story and stay safe there.
A man in the Los Angeles area pleaded guilty to four felonies this month in connection with a plan that resulted in the theft of more than 620,000 iCloud photos and videos from more than 300 victims. The perpetrator is not a loophole in iCloud itself, but relies on phishing and social engineering to send “customer support” emails from Gmail addresses such as “applebackupicloud” and “backupagenticloud”. He obtained private files for his own purposes and upon request—marking photos and videos containing nudity as “victory”—promoting an “icloudripper4you” service that provides hacking into iCloud accounts. He now faces up to 20 years in prison.
this Wall Street Journal Interview this week with the alleged hackers behind this month’s devastating events T-Mobile data breachIn it, the 21-year-old American described T-Mobile’s security as “terrible” but did not confirm whether he actually sold any data he had stolen and advertised on the dark web. This story details the hacker’s background and general vulnerability status; it’s definitely worth setting aside some time to read through.
The good news is that there is no indication that any hacker has actually abused the latest Microsoft Azure vulnerability. The bad news is that if they have it, they will get a lot of access to every database on the platform-read/write permissions, allowing them to view, edit, or delete as they please. Microsoft has patched this loophole, but it was a big loophole that it missed from the beginning.
Speaking of Microsoft and security! The Razer vulnerability makes it easy to obtain system-level permissions for Windows 10 devices by simply inserting a $20 mouse. Razer said it would fix the vulnerability, but it expressed broader concerns about similar software that relies on Windows “plug and play” settings.
More exciting connection stories