Former US Intelligence Operatives Admit They Hacked for UAE

This week began with Apple, Microsoft and Google patching a number of zero-day vulnerabilities. You should plan to make some time Tuesday to update all your devices. You might not have done it yet. Do it now! We won't wait!
Okay, welcome back. Apple and Google removed the Russian opposition voting app from their apps in Russia at the Kremlin's request. It's not a great precedent, because authoritarian regimes are able to exert increasing tech giants that are too ingrained to leave their markets in protest. Russia has been the most vulnerable, while India and China are not far behind.

The Iranian government has released a new app that allows people to encrypt their messages even when the internet is down. Nahoft is an app that can convert messages into random Farsi jumbles or embed them in an image to prevent detection by the Iranian regime.

Now you can get rid of your Microsoft password. Zero trust is the most important cybersecurity concept of all time, even though no one can agree on its meaning. Are you concerned that there may be hidden files on your computer or phone? Here's how you can find them. Anonymous leaked large amounts of data from Epik domain registrar, which has attracted many far-right clients.

There's more! Every week, we bring you all the security news WIRED hasn't covered in depth. To read the complete stories, click on the headlines. Stay safe out there.

In a deal to avoid being prosecuted, three former US intelligence operatives confessed that they had hacked into US computers on behalf of the United Arab Emirates. Instead, they will have to pay $1.69 million in cumulative fines and be barred from applying for a US security clearance. This could severely impact their job prospects. Maybe not so severely. One of the three currently serves as chief information officer at ExpressVPN. This company has supported him through a lot of backlash. The full story about the US citizens who helped hack the UAE is available in the Reuters article that was published in 2019.

This week was busy for the Justice Department. For his elaborate and prolonged scheme to unlock nearly 2 million mobile phones, a Pakistani man was sentenced for 12 years. He bribed AT&T employees into unlocking phones for him, which he then would resell. He bribed an employee inside a call centre to install malware after AT&T stopped him from executing his plan.

Exodus Intelligence, located in Austin, Texas is a zero-day broker. This means that it sells information about software vulnerabilities that developers don't know and can't fix. It typically sells exploits only to government agencies, but it also keeps a list of vulnerabilities that anyone can access. Forbes exclusively reported this week that the Indian government had accessed that feed to search for weaknesses in networks in Pakistan or China, and attempted to compromise them. Although Exodus has since blocked India's access to the feed, the damage is already done.

The 74, a nonprofit news site about education, investigated the use of remote monitoring software by a Minneapolis school district on its students. It found a invasive program that notifies school officials of student browsing activities, online conversations, and personal files. While remote learning may have declined at this stage in the pandemics, surveillance software has not.

Here are more great WIRED stories