A DDoS attack destroys Andorra’s Internet

This week, hacktivism entered a new phase, as a group known as Cyber ​​Partisans used ransomware to disrupt trains in Belarus. The pirates demanded the release of political prisoners and a promise that Belarusian railways would not transport Russian troops amid rising tensions in Ukraine. While nation-state actors have deployed bogus ransomware for political purposes before, this appears to be the first large-scale, politically motivated use of a method of attack typically reserved for cybercrime.

Google backtracked this week on FLoC, its controversial system for replacing cookies. Instead, the search and advertising giant will use Topics, a way to determine the broad categories you’re interested in based on your browsing history. Google then shares these assumed preferences with websites, which serve you with relevant advertisements. While it’s considered an improvement over a cookie that tracks you around the web, it doesn’t completely allay privacy advocates’ concerns about Google’s dominance in the advertising market and its ability to track its users. .

Security researcher Ryan Pickren this week revealed very serious flaws in Apple’s Safari browser that would have allowed an attacker to take control of a Mac’s microphone or camera, or access all accounts to which the victim was already connected. The vulnerabilities have since been patched, but this is the second major Apple bug Pickren has discovered in the last year, and it was serious enough that the company awarded a bug bounty of $100,500 when it was discovered. reported.

And while you’re working on your New Year’s resolutions, take some time to update your account recovery email addresses. Nothing worse than your digital future depending on a Yahoo! address you lost this password years ago.

And there’s more ! Each week, we round up all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories.

A distributed denial of service attack hit Andorra’s only internet service provider last weekend, knocking the entire country offline for hours over four days. Who would do such a thing? the Minecraft community, apparently. The timing of the attacks aligned with a squid gametheme Minecraft tournament, organized by Twitch, which attracted several participants from the small paradise nation. More than a dozen players had to drop out due to the disruptions. And while that might seem extreme for a block-building game, remember that the infamous Mirai botnet started out as a Minecraft hustle too.

Take a few minutes to read this deeply reported exclusive from The New York Times on the FBI’s purchase of the controversial Pegasus spyware from the Israel-based NSO group. The FBI ultimately decided against using the powerful surveillance tool against domestic targets, but the fact that it even considered doing so raises serious questions about the agency’s intent. It’s also another spotlight on the NSO Group, whose malware has been found on the phones of dozens of activists and journalists, including 9 US State Department officials, targeted by authoritarian regimes.

DDoS talking: Microsoft repelled a record attack in November. The onslaught peaked at 3.47 terabits per second, coming from more than 10,000 sources. Although it lasted a few minutes, Microsoft also saw slightly smaller, but still aggressive, attacks over the following weeks that were more sustained. This Ars story also includes a good summary of the technical evolution of DDoS attacks over the past few years, for anyone looking to learn a little more about weed.

The past few years have seen serious threats to the United States’ water supply systems from insiders and third-party hackers. While none appear to have caused any real-world damage yet, the intent is clear, as is the inability of many municipal water utilities to defend against these attacks. The Biden administration took an important step toward a cure this week, adding the water sector to a cybersecurity initiative that encourages utilities to improve their ability to detect attacks. It’s a voluntary program, but it’s at least Somethingand clarifies that the protection of the water supply is just as priority as the network and the oil and gas pipelines.

More Great WIRED Stories

Comments are closed.