California Man Stole 610,000 iCloud Photos in Search of Nudes
There are many to worry about the world today, so apologize in advance for this increased level of having stress: New research shows that if there is solar superstorm – the class that hit in 1859 – the internet could be completely destroyed, and takes longer than the power grid to recover. The danger is primarily with submarine cables connecting continents, which are incompatibly grounded and rely on components that could interfere with a geomagnetic surge. While solar storms of that magnitude are rare, they do happen – and the internet infrastructure has never been tested against it.
Congratulations! Although it really doesn’t get much better from there. Medical devices have a poor cybersecurity record like this, and researchers this week shared details about weaknesses of an infusion pump to allow hackers to administer additional doses. It’s a complicated attack to get rid of, but the less sophisticated version of it can still attack ransomware on a hospital’s network.
An unfriendly privacy setting in the Microsoft Power Apps setting – a feature intended to make building web apps a cinch – resulted in exposure of 38 million records to thousands of organizations. Included with the data is Covid-19 contact tracking information from the state of Indiana, as well as a payroll database from Microsoft itself.
Another “Zero-click” attacks on iOS have increased this week in a report from the University of Toronto’s Citizen Lab. These hacks require no interaction from the victims: no open links, no clicking links. This is the latest in a series of state-of-the-art spying attacks in the country against non-protesters taking advantage of Apple’s iMessage security holes. There is much the company can do to make the messaging service more secure for the most vulnerable; the question of how long it will be ready to go.
While geofence warrants-which target anyone within a certain area at a time-have long been a concern of privacy advocates, new data released by Google recently shows how widespread law enforcement spreading them. The number of geofence warrant requests the company has received since 2018 has increased tenfold, and they now make up 25 percent of future warranty requests overall.
And there is more! Each week we focus on all the WIRED security news not covered in depth. Click on the news headlines to read the full stories, and stay safe there.
A Los Angeles man pleaded guilty this month to four offenses in connection with a plot that resulted in the theft of more than 620,000 iCloud photos and videos from more than 300 users. victim. Rather than a vulnerability in iCloud itself, its makers rely on phishing and social engineering, sending “customer support” emails from Gmail addresses like “applebackupicloud” and “backupagenticloud.” He took private files for his own purpose and requested, promoting a service called “icloudripper4you” that offers access to iCloud accounts. He now faces up to 20 years in prison.
the Wall Street Journal this week runs a conversation with the pretend hacker behind the devastating moon T-Mobile data breach. In it, the 21-year-old American described T-Mobile’s security as “horrible,” but it was not confirmed whether he actually sold any data he stole and advertised on the dark web. The story goes on in detail about the hacker’s background and the status of the violations in general; definitely worth taking some time to read.
The good news is that there is no sign that any hacker actually abused the latest Microsoft Azure bug. The bad news is that if they have, they get an alarming amount of access-read / write privileges that could allow them to view, edit, or delete on whim-to every database on the platform. Microsoft has since fixed the vulnerability, but it’s a big one that was left to slip at first.
Talk about Microsoft and security! A Razer bug makes it a cinch to get system -level privileges on a Windows 10 device through the simple action of placing a $ 20 mouse. Razer says it will provide the vulnerability, but it addresses broader concerns around the same software that relies on Windows’s “plug-and-play” set-up.
More WIRED Stories