The impact of CrowdStrike’s harmful software update was on full display this week as system administrators and IT staff scrambled to get digital systems back online and business operations back to normal. Elsewhere, the Olympics began this week, and Paris rolled out a controversial new surveillance system that hints at a future where CCTV cameras are everywhere. Researchers also published new findings this week about the innovative malware used by Russia to destroy heating plants in Lviv in January and shut off heat in 600 buildings in Ukraine during its coldest months.
The US Defense Department has a $141 billion plan to modernize America’s intercontinental ballistic missiles and missile silos around the country, while the European Commission has allocated €7.3 billion over the next seven years for defense research, from drones and tanks to warships and space intelligence. Hackers are also building “ghost” networks to covertly spread malware on the Microsoft-owned development platform GitHub.
In more encouraging news, ex-Google engineers have built a prototype search engine called “webXray” that will allow users to spot specific privacy violations online, determine which sites are tracking them, and see where all that data is being sent.
Plus, every week we round up security news we didn’t cover in depth. Click the headline to read the full story and stay safe.
According to leaked files obtained by The Guardian, the Israeli government took the unusual step of preventing information about the Pegasus spyware system from reaching the hands of a US court, seizing files directly from the company to prevent legal disclosure. The spyware is a product of Israel-based NSO Group, which allows users to infect smartphones, extract messages and photos, record calls and secretly activate microphones. NSO Group is being sued in the US by WhatsApp, which claims it designed Pegasus to target users of its messaging software. WhatsApp said more than 1,400 users were targeted. NSO, whose software has been implicated in the harassment and murder of journalist Jamal Khashoggi, denies any wrongdoing.
Following the disclosure of a powerful rootkit designed by Chinese researchers in 2007, Secure Boot has become widely adopted as part of efforts to thwart BIOS-based threats. Unfortunately, researchers from security firm Binarly have revealed that Secure Boot is now “fully compromised” on over 200 device models, affecting major hardware manufacturers such as Dell, Acer, and Intel. The incident was caused by a weak cryptographic key used to establish trust between the hardware and firmware systems. AMI, the owner of the key, said that the key was used for testing purposes and should never have been deployed in production.
Following Meta’s lead, Elon Musk’s X also quietly tweaked its settings this week to give its AI system (Grok) access to all of your posts. There is a way to prevent Grok from harvesting your posts, but this can’t be done from within the mobile app. X’s setting If you are using a desktop computer, Privacy and SafetySelect GrokClick to clear the checkbox, or go directly to the appropriate settings page here. (If you have any Grok conversation history, you can also click to delete it. Delete your conversation history.
