Apologies to anyone who was hoping for a quiet December on the cybersecurity front. Late in the week, a vulnerability in Apache’s Log4j logging framework exposed large swaths of the internet to relatively simple hacking. There’s not much you can do to protect yourself here, since the issue is largely server-focused, but the full fallout will likely affect many services you use on a daily basis. Worse still, malicious hackers have already developed ways to exploit it, and are actively hunting for potential victims. Cheers!
This week also marked the one-year anniversary of the SolarWinds hack, or at least the first public hints of it. We took a look at the progress that has been made to prevent this sort of supply chain attack in the future, and all that’s still left to do. The good news is that the campaign served as a wake-up call that spurred real commitments from the public and private sector alike. The bad news? There’s no one fix, and the available options will take a long time to implement in a meaningful way.
In the good news department, Microsoft this week said it seized domains used by a Chinese hacking group, the latest in a series of actions by the company that have cumulatively resulted in over 10,000 sites being taken down. It’s part of Microsoft’s strategy to disrupt these groups through the legal system, gaining court orders that allow it to shut down domains used for command-and-control servers.
Russia took steps toward blocking the anonymous browser Tor this week, telling the country’s internet service providers to prevent access Tor’s website and disrupting some access points. It’s the latest in a series of moves the Kremlin has taken lately to isolate its internet from the rest of the world.
And if you’re a Verizon customer, you may have been opted into some gnarly data tracking even if you’d previously opted out. Surprise! Here’s how to turn it off for real this time.
But wait, there’s more. Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.
Since his April 2019 arrest, Wikileaks founder Julian Assange has fought US attempts to extradite him to face hacking and Espionage Act charges. While he had previously won a lower court decision to deny sending him to the US based on the potential impact to his mental health, on Friday Britain’s Supreme Court overturned that order, putting Assange back on track for extradition. Assange can still appeal, but press freedom advocates universally decried the ruling, arguing that the charges should not have been brought in the first place and expressing skepticism over the Justice Department’s assertions that Assange would be treated humanely in US custody.
Brazil’s government delayed new pandemic-related requirements for travelers entering the country after a hack of its health ministry early Friday morning. The agency said on its website that several of its systems had been knocked offline by the attack including those that issue digital vaccine cards and track the country’s national immunization program. The statement said that the attack had “temporarily compromised some of its systems” and that they were unavailable. A ransomware gang known as Lapsus$ Group took credit for the attack on Friday, boasting that it stole and deleted about 50 terabytes of data from the ministry of health’s systems. “Contact us if you want the data back,” the group said in its ransom note, with email and Telegram details. The agency told reporters on Friday that it has backups of all the data that was deleted by the hackers.
The infamous Russian ransomware gang Conti listed the Australian electric utility CS Energy in its log of victims this week, undermining a flurry of media reports that Chinese state-backed hackers perpetrated the attack. “Chinese cyberattack almost shut off power for THREE MILLION Australians in terrifying demonstration of what the belligerent regime could do in wartime” The Daily Mail wrote on Tuesday. Australia and China have been locked in a trade war and relations have become increasingly cold in recent months, but CS Energy, which serves millions of customers in northeast Australia and is owned by the Queensland state, said on Tuesday that there is “currently no indication that the cyber incident was a state-based attack.”
On Monday, Politico led its West Wing Playbook newsletter with report that Vice President Kamala Harris is “Bluetooth-phobic,” and “insists on using wired headphones,” because of the risks associated with the decades-old wireless standard. It’s presented as a misguided quirk, but … she’s actually right! Bluetooth is a security nightmare and has been for years. We’ve been telling you to turn Bluetooth off when you’re not using it since 2017. The National Security Agency agrees with us. If the person next in line to be the US president wants to take a little extra precaution, well, let’s just say that’s a welcome improvement over the previous administration’s cybersecurity hygiene.
More Great WIRED Stories
- 📩 The latest on tech, science, and more: Get our newsletters!
- The Twitter wildfire watcher who tracks California’s blazes
- A new twist in the McDonald’s ice cream machine hacking saga
- Wish List 2021: Gifts for all the best people in your life
- The most efficient way to debug the simulation
- What is the metaverse, exactly?
- 👁️ Explore AI like never before with our new database
- ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers
Learn More: technology clipart,technology student association,technology management,technology readiness level,technology acceptance model,technology gif,technology transfer,technology consultant,technology package,technology addiction awareness scholarship,is technology good or bad,technology networks,technology movies,technology gap,technology jokes,is technology limiting creativity,technology leadership,technology drive,technology zero,technology help,technology 100 years ago,technology project manager,technology house,technology unlimited,technology background images,technology readiness level dod,g technology ssd,technology economics definition,technology obsolescence,is technology science,technology life cycle