This week started with a bang and continued to do so. At midnight on Saturday night, TikTok cuts access to users in the US before Deadline Sunday forced Apple and Google to remove video sharing apps from their app stores. While TikTok was dark, American users rushed to find it circumvent TikTok ban while some other unexpected applications They also saw their ability to reach Americans cut off. However, by midday on Sunday, TikTok access is back in America. By Monday evening, newly inaugurated US president Donald Trump had signed an executive order delaying the TikTok ban up to 75 days.
On Tuesday, Trump do well ABOVE his promise to free Ross Ulbricht, the creator Silk Road dark web marketplacewhere users sell drugs, guns, etc. Ulbricht spent more than 11 years in prison after his arrest Arrested by the FBI in 2013 and later was sentenced to life imprisonment. Trump's decision to pardon Ulbricht is largely seen as linked to the support he received from the libertarian crypto community, which has long viewed the Silk Road creator as a martyr.
As the world enters the second Trump era, WIRED sat down with Jen Easterlywho recently left his top position as director of the Cybersecurity and Infrastructure Security Agency to discuss the cyber threats facing the United States and its uncertain future. CISA is the frontline watchdog against nation-state hackers and other digital security threats facing the United States.
Finally, we detail new research that reveals the magnitude of the impact of small errors Reveals Subaru's customer vehicle location tracking system. The researchers found that they could access a web portal for Subaru employees that allowed them to pinpoint the exact location of a car over the course of a year – down to the parking spots they used. The vulnerabilities have now been patched, but Subaru employees still had access to sensitive driver location data.
That's not all. Each week, we round up security and privacy news that we haven't covered in depth. Click on the title to read the full story. And stay safe out there.
A US judge in New York this week found that the FBI's search for data on Americans under Section 702 of the Foreign Intelligence Surveillance Act without permission was unconstitutional. FISA gives the US government the power to collect the communications of foreign entities through internet providers and companies like Apple and Google. Once this data was collected, the FBI could conduct “backdoor searches” to find information about U.S. citizens or residents communicating with foreign nationals, and it did so without first obtaining a warrant. . Judge DeArcy Hall found that these searches required a search warrant. “Otherwise it would allow law enforcement to amass an archive of Section 702 communications — including communications of Americans — that could later be searched,” the judge wrote. upon request without limitation.
According to findings from an independent security researcher, an “issue” with the basic functionality of Internet infrastructure company Cloudflare's content delivery network, or CDN, could reveal the rough location of people who use apps, including those intended to protect privacy. Cloudflare has servers in hundreds of cities and more than 100 countries around the world. Its CDN works by caching people's Internet traffic on its servers, then serving that data from the server closest to a person's location. The security researcher, named Daniel, figured out a way to send an image to a target, collect the URL, then use a custom-built tool to query Cloudflare to find out which data center delivered it. image — and thus the state or possibly the city the target is in. Luckily, Cloudflare told 404 Media that they fixed the issue after Daniel reported it.
In one of the first moves after Trump took office on Monday, the Department of Homeland Security fired everyone on the agency's advisory committee. This includes the Cyber Security Review Board, which is investigating Wide-scale attack on the US telecommunications system by the Chinese-backed hacker group Salt Typhoon. US authorities revealed in mid-November that Salt Typhoon had embedded itself in at least nine US telecommunications companies for espionage purposes, potentially causing anyone to use unauthorized calls and text messages. encrypted and monitored by Beijing. While the future of the CSRB remains uncertain, the source said reporter Eric Geller that their investigation into the Salt Typhoon attacks was effectively “dead.”