This week saw the first known appearance of malware written specifically for Apple’s M1 processors, inevitable, yet somewhat concerning development, especially given how little time it took the bad guys to adapt to the new ARM-based architecture. Fortunately, Apple also released its latest platform security guide this week, which should help protect security researchers and businesses from the latest and greatest threats from MacOS and iOS.
International burglary also made headlines this week. France has linked Russia’s destructive Sandworm hackers to a campaign that uses an IT monitoring tool from Centreon, a company based there. And the Justice Department this week charged three North Korean hackers with allegations that they were involved in a series of caps and scams that included the 2014 assault on Sony Pictures and a $ 1.3 billion theft attempt.
Elsewhere, we looked at how to avoid phishing scams and how Parler is back online, despite the fact that the big tech companies are shutting it down. We have the latest installment of 2034, a novel that looks at a fictional future war with China that feels all too real. And you should take some time this weekend to read this excerpt from Nicole Perlroth’s This is how they tell me that the world ends, which looks at the unlikely and previously innumerable origins of the market for so-called zero-day bugs.
And there is more! Every week we make all the news we have not thoroughly discussed. Click on the headings to read the full stories. And stay safe out there.
To be extremely clear, the technique we are about to give to websites to find you on the internet – even if you are cleaning your closet or using an incognito window – is one that researchers have found, not necessarily one that sites actually use, especially not on scale. (Then there is not much that these analytics companies will not do.) The technique works by focusing on favicons, the small icon that your browser displays to represent the site. Since most browsers store those favicons separately from your browser history and cookies, it affects traditional means of not keeping track of how to use a private mode or to remove your cache. This means, according to researchers from the University of Illinois, Chicago, that websites can use a unique set of favicons to identify you and track you on the internet, no matter what. Chrome, Safari and Edge are all currently vulnerable to the attack, though Google and Apple have both said they are investigating.
LastPass has long been one of the password managers, thanks in part to the relatively generous free level, which has so far worked on mobile and traditional computers. From March 16, however, you must choose one or the other for free unlimited access, or pony for LastPass Premium or LastPass Families. This is understandably frustrating for existing users, but also compares LastPass with many of its competitors. You still have many free options at your disposal, including WIRED pick Bitwarden. And no matter what, it’s a great reminder that everyone needs a password manager, even if it costs you a few dollars a month.
The audio social network Clubhouse is the rage among a certain section of Silicon Valley doyenne. But as it broadens its reach, security investigators have expressed a lot of concern about privacy and security measures. The Stanford Internet Observatory specifically took a closer look at Clubhouse’s relationship with China and did not like what it found. Researchers have found that Clubhouse uses a business in Shanghai for part of its back-end infrastructure, transmitting user IDs and room IDs in plain text and possibly exposing the raw audio to the Chinese government. Combined with the app’s aggressive contact list, it’s probably best not to go into beta before resolving some of the security issues.
John Deere has long been a focal point of the right to restore movement, as he has refused to allow farmers to repair their own tractors as high-tech components decline. In response to the growing setback, the company promised in 2018 to provide its customers with the necessary tools to be self-sufficient. However, a study by the American Public Interest Organization found that little or no progress had been made on it. Farmers generally do not yet have access to the tools and diagnostic tools they need to address software bugs and other interruptions related to John Deere’s own technology. Meanwhile, the right to restore legislation has gained momentum in dozens of states. It seems that this is the only way to empower farmers to fix the equipment they own as they please.
More great wired stories