Update Your iPhone and iPad Now If You Haven’t Recently
Believe it or not, GameStop stock wasn’t the world’s only story this week. The last few days have been tumultuous for cybersecurity as well, especially after revelations that [North Korean hackers targeted security pros](https://www.wired.com/story/north-korea-hackers-target-cybersecurity-researchers/) with a campaign of convincing DMs. Lots of folks shared screenshots of how they dodged the bullet, but it’s still unclear how many more fell for the ruse.
Speaking of falling, an international team-up of law enforcement agencies took down the notorious Emotet botnet this week, arresting two alleged members of the gang behind it and seizing servers in the process. Ransomware operators and other bad actors who used Emotet to spread their wares will likely move on to other means of distribution, but at least the “most dangerous malware in the world,” as Europol called it, has been extinguished for now.
These things do have a tendency to persist, after all. Take Flash, the software that launched a thousand vulnerabilities. While Adobe killed it dead-dead last week (for real this time) it will continue to persist and cause problems on some systems for years to come. Another potential problem-causer: Telegram, the messaging app that has exploded in popularity as users have fled WhatsApp over privacy concerns and Parler over its current state of nonexistence. While Telegram does offer end-to-end encryption, it’s not on by default and not available at all for group chats, which may lead some users to expose themselves more than they might assume.
Plans for an encrypted federal gun registry also challenged assumptions this week, offering a potential way to balance accountability with privacy for a hot-stove topic. And we took a look at how Facebook allows advertisers to target military categories, which could have worrisome consequences.
Finally, be sure to read the first installment in the serialized novel we’re running in WIRED this month and next. It’s follows a conflict with China in 2034 that’s pure fiction, but feels all too close to real.
And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Most iOS updates contain some sort of security fix. But it’s a more rare occasion that the vulnerabilities they patch are being actively exploited by hackers. That’s the case with iOS 14.4, released earlier this week, which addresses not one but three bugs that attackers may be using in the wild, according to Apple’s accompanying security update. These also aren’t minor issues; the flaws in question, present in WebKit and the iOS kernel, would have allowed arbitrary remote code execution and privilege escalation, respectively, either of which could give a hacker a whole lot of access to your device and its data. Does that mean you’ve been hacked? Probably not! But there’s no sense in risking it when you can protect yourself by installing the dang update already.
Not all data leaks are created equal. In this case, ZDNet 2.28 million users of the MeetMindful dating app had information like their real names, dating preferences, geolocation, Facebook user IDs and authentication tokens, and “body details” shared as a free download on a hacking forum. According to ZNet, the forum thread that contained the download had been viewed over 1,500 times as of Sunday. Dating profile info is useful not only for identity theft, but also for more aggressive extortion schemes.
Ransomware has exploded lately, with hackers successfully targeting everything from hospitals to cities to international corporations. The DoJ this week took action against one of the many groups responsible for that scourge, arresting a Canadian man it alleges used Netwalker ransomware to shake down victims for a combined $27.6 million. Unfortunately, Netwalker is ransomware-as-a-service; the feds arrested an alleged affiliate rather than a core member of the group behind it. Still, progress is progress.
OK, well, it’s been a long week and this is an interview with a guy who had to use bolt cutters to free himself from a chastity belt that a hacker had locked remotely. You deserve this.
More Great WIRED Stories