The impact of CrowdStrike’s harmful software update was on full display this week as system administrators and IT staff scrambled to get digital systems back online and business operations back to normal. Elsewhere, the Olympics began this week, and Paris rolled out a controversial new surveillance system that hints at a future where CCTV cameras are everywhere. Researchers also published new findings this week about the innovative malware used by Russia to destroy heating plants in Lviv in January and shut off heat in 600 buildings in Ukraine during its coldest months.
The US Defense Department has a $141 billion plan to modernize America’s intercontinental ballistic missiles and missile silos around the country, while the European Commission has allocated €7.3 billion over the next seven years for defense research, from drones and tanks to warships and space intelligence. Hackers are also building “ghost” networks to covertly spread malware on the Microsoft-owned development platform GitHub.
In more encouraging news, ex-Google engineers have built a prototype search engine called “webXray” that will allow users to spot specific privacy violations online, determine which sites are tracking them, and see where all that data is being sent.
Plus, every week we round up security news we didn’t cover in depth. Click on the headlines to read the full stories and stay safe.
According to leaked files obtained by The Guardian, the Israeli government took the unusual step of preventing legal disclosure by seizing files directly from the company to prevent information about the Pegasus spyware system from reaching the hands of a US court. The spyware, a product of Israel-based NSO Group, infects users’ smartphones, exfiltrating messages and photos, recording calls and secretly activating microphones. NSO Group is facing a US lawsuit from WhatsApp, which claims the company designed Pegasus to target users of its messaging software. WhatsApp said more than 1,400 users were targeted. NSO, whose software has been implicated in the harassment and murder of journalist Jamal Khashoggi, denies any wrongdoing.
Following the disclosure of a powerful rootkit designed by Chinese researchers in 2007, Secure Boot has become widely adopted as part of efforts to thwart BIOS-based threats. Unfortunately, researchers from security firm Binarly have revealed that Secure Boot is now “fully compromised” on over 200 device models, affecting major hardware manufacturers such as Dell, Acer, and Intel. The incident was caused by a weak cryptographic key used to establish trust between the hardware and firmware systems. AMI, the owner of the key, said that the key was used for testing purposes and should never have been deployed in production.
Following Meta, Elon Musk’s X also quietly tweaked its settings this week, giving the company’s AI system (called Grok) access to all of its users’ posts. There is a way to prevent Grok from grabbing your posts, but it can’t be done from the mobile app. Use a desktop computer to access X’s settings,[プライバシーと安全性]Select[Grok]Select and uncheck the box. Or click here to go directly to the appropriate settings page. (If you have conversation history with Grok,[会話履歴を削除]You can also click to remove it.)
