Security

This summer, Google conspicuously paused its long-held plans to abolish third-party cookies in its Chrome browser after failing to please a mix of privacy campaigners, regulators, and advertisers. The backlash was immediate, with critics seeing the move as a disaster and admission of failure.

Soon after the announcement, an article in Digiday described how Google execs were now “in full-on damage control mode, trying to soothe everyone’s nerves, both publicly and behind the scenes.” Meanwhile, digital rights group the Electronic Frontier Foundation (EFF) called the move “bad for your privacy and good for Google’s business.”

Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33426, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

Pig butchering, the crypto-based scammer scourge that has pulled in an estimated $75 billion from victims globally, is spreading beyond its roots in Southeast Asia, with operations proliferating across the Middle East, Eastern Europe, Latin America, and West Africa.

The UK’s National Crime Agency disclosed new details about the identities of the Russian ransomware group known as Evil Corp—as well as the group’s ties to Russian intelligence agencies and even its direct participation in espionage operations targeting NATO allies.

In a future conflict, American troops will direct the newest war machines not with sprawling control panels or sci-fi-inspired touchscreens, but controls familiar to anyone who grew up with an Xbox or PlayStation in their home.

Over the past several years, the US Defense Department has been gradually integrating what appear to be variants of the Freedom of Movement Control Unit (FMCU) handsets as the primary control units for a variety of advanced weapons systems, according to publicly available imagery published to the department’s Defense Visual Information Distribution System media hub.

At 8:22 am on December 4 last year, a car traveling down a small residential road in Alabama used its license-plate-reading cameras to take photos of vehicles it passed. One image, which does not contain a vehicle or a license plate, shows a bright red “Trump” campaign sign placed in front of someone’s garage. In the background is a banner referencing Israel, a holly wreath, and a festive inflatable snowman.

US Immigration and Customs Enforcement has signed a $2 million contract with Israeli commercial spyware vendor Paragon Solutions, according to documents reviewed by WIRED.

The one-year contract between the company’s US subsidiary in Chantilly, Virginia, and ICE’s Homeland Security Investigations Division 3 was signed on September 27 and covers a “fully configured proprietary solution including license, hardware, warranty, maintenance and training.”

Paragon has received the award under the FAR 6.302-1 rule reserved for unique and innovative services not otherwise available to the government and not via the typical competitive process.

More than 200,000 people in Southeast Asia have been forced to run online scams in recent years, often being enslaved and brutalized, as part of criminal enterprises that have netted billions in stolen funds. Such “pig butchering” operations have largely been concentrated in Myanmar, Cambodia, and Laos, typically rooted in Chinese organized crime groups exploiting instability and poor governance in the region. Though they come at great humanitarian cost, pig butchering scams are undeniably lucrative and, perhaps inevitably, similar operations are now being uncovered on multiple continents and in numerous countries around the world.

Researchers found a vulnerability in a Kia web portal that allowed them to track millions of cars, unlock doors, honk horns, and even start engines in seconds, just by reading the car’s license plate. The findings are the latest in a string of web bugs that have impacted dozen of carmakers. Meanwhile, a handful of Tesla Cybertrucks have been outfitted for war and are literally being-battle tested by Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion.

The Greeks had their chariots. Patton had his tanks. Now, a handful of soldiers are riding into combat in one of the most unusual-looking vehicles in the history of warfare: an armed Cybertruck.

In a video posted to messaging platform Telegram last week, Ramzan Kadyrov, the leader of Russia’s Chechnya region, showed off a pair of Tesla’s distinctive boxy electric pickup trucks painted forest green and armed with what appear to be Soviet-era DShK 12.7 x 108 mm heavy machine guns—vehicles he claimed had been sent to fight alongside Russian forces taking part in the country’s ongoing invasion of Ukraine.

When security researchers in the past found ways to hijack vehicles’ internet-connected systems, their proof-of-concept demonstrations tended to show, thankfully, that hacking cars is hard. Exploits like the ones that hackers used to remotely take over a Chevrolet Impala in 2010 or a Jeep in 2015 took years of work to develop and required ingenious tricks: reverse engineering the obscure code in the cars’ telematics units, delivering malicious software to those systems via audio tones played over radio connections, or even putting a disc with a malware-laced music file into the car’s CD drive.