America's electoral crisis reached a new low this week, as Donald Trump fired Christopher Krebs, the widely respected director of the Cybersecurity and Infrastructure Security Agency. The reason? Krebs had dared point out, both through CISA and his personal Twitter account, that the election misinformation being spread by the president and his enablers was patently untrue. (This is also probably a good time to remember that Trump can still launch nuclear weapons any time he wants and no one can stop him.)
While Apple's M1 chip has deservedly grabbed more attention this week, Microsoft is also moving deeper into the silicon mix. Its Pluton security processor will work as part of a system-on-chip for Intel, AMD, and Qualcomm hardware, adding a layer of Windows security and eliminating an increasingly popular avenue of attack for hackers. Elsewhere, ad-blocking company Ghostery is adding a layer of privacy to search, launching its own browser and search engine tool in the coming months that promise an ad-free, untracked existence online.
Cheaters never prosper, unless they're playing Among Us. One security researcher demonstrated this week that the viral smash has a big ol' pile of vulnerabilities that could let a hacker kill in-game players at will, walk through walls, and more. In a more serious lack of security, encrypted chat app Telegram still hasn't done enough to quash an AI bot that generates nonconsensual deep fake porn on the platform.
Facebook, at least, managed to fix a bug that would have let hackers listen in to the other end of a Messenger call before the person picked up. And remember that there are simple steps you can take—and advice you can give—to keep your family safe online this holiday season.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
Covid-19 scams have been around for as long as the novel coronavirus itself. Even ISIS has gotten in on the grift. But the degree to which fraud has allegedly permeated the federal government's Paycheck Protection Program and the Unemployment Insurance Relief program is still staggering. The Secret Service is apparently investigating 700 cases related to that category of theft, and the Justice Department has already charged 80 people with attempting to scam $240 million from the PPP program.
Go SMS Pro has been installed more than 100 million times. Unfortunately, it also has a security lapse that exposes photos, videos, and more that its users send. The app creates a sequential web address for each file that bounces through its servers, which means anyone can view those files at random. Not ideal! As of Thursday, the developer still hadn't fixed the problem, despite being given a standard 90-day disclosure window by security firm Trustwave, which identified the issue.
Ransomware has gotten significantly more devious this year, but it's also gotten significantly bigger. Security firm Intel 471 took the time to lay out the 25 Ransomware-as-a-Service gangs that rent their product out to other criminals, allowing pretty much anyone to try their hand at sowing online destruction. Not only that, it broke them down into tiers based on how sophisticated the groups are and what range of features they offer their clients.
For years, shadowy companies have been buying and selling your location data based on what apps you use. This week, Motherboard showed just how far that practice extends, reporting that the US military and its contractors have relationships with companies like Babel Street and X-Mode that siphon location data from countless apps. That includes an app called Muslim Pro, whose 98 million users rely on it for prayer notifications and orientation toward Mecca.