There are many things to be concerned about in today's world. New research suggests that the internet could become completely offline in the event that a solar superstorm (the same one that struck in 1859) occurs. It may also take longer to restore power. The main risk is in the undersea cables connecting continents. These cables are not properly grounded and depend on components that could be disrupted by a geomagnetic storm. Although solar storms of this magnitude are uncommon, they can happen and internet infrastructure has never been tested against them.
Cheery! It doesn't get any better. As it stands, medical devices have a poor cybersecurity record. Researchers shared this week details about vulnerabilities in an infusion pump which could allow hackers to administer additional doses. Although it's difficult to execute, a simpler version could allow for ransomware attacks on hospitals' networks.
An unfriendly default setting in Microsoft Power Appsa made building web apps easy. It was intended to make privacy more user-friendly. This resulted in the disclosure of 38 million records from thousands of organizations. This data contained Covid-19 contact information from Indiana as well as a Microsoft payroll database.
A report by the University of Toronto's Citizen Lab revealed that another iOS "zero-click attack" was discovered this week. These hacks don't require any interaction from victims: there are no attachments opened and no links clicked. This is the latest in a series of nation-state surveillance attacks against dissidents, which exploits holes in Apple's iMessage Security. The company has a lot of things it could do to make the messaging platform safer for its most vulnerable victims. But the question is what the company is willing to do.
Privacy advocates have long been concerned about geofence warrants, which target individuals within a specific area at a particular time. However, Google released new data that shows how widely law enforcement has used them. Since 2018, the number of geofence warrants received by Google has increased tenfold and now accounts for 25% of all warrant requests.
There's more! Every week, we bring you all the security news WIRED hasn't covered in depth. To read the complete stories, click on the headlines. Stay safe out there.
In connection with a scheme to steal over 620,000 photos and videos from iCloud accounts, a Los Angeles man pleaded guilty to four felonies. The perpetrator used phishing and social-engineering to obtain the files. He sent emails from Gmail addresses like backupagenticloud and applebackupicloud, asking for customer support and requesting photos and videos. He could spend up to 20 years prison.
The Wall Street Journal published this week a interview with the hacker who was behind the massive T-Mobile data breach. The 21-year-old American says that T-Mobile's security is "awful" but does not confirm whether he sold any of the stolen data. He also advertised on the dark internet. It's worth taking the time to read the story, which covers the background of the hacker and details about breaches in general.
There is no evidence that any hacker used the Microsoft Azure bug. Bad news is that they could have accessed every single database on the platform with frightening accessread/write privileges. Microsoft has since fixed the issue, but it was a huge mistake to let this one slip by in the first instance.
Talk about Microsoft and security! It was as easy as plugging in a $20 mouse to gain system-level privileges on Windows 10 devices thanks to a Razer bug. Razer claimed it would fix the vulnerability but it raises concerns about similar software that uses the Windows "plug and play" setup.
Here are more great WIRED stories