A Flash Zero Day, a DNA Site Breach, and More Security News This Week
As hard as it is to believe at this point, the week really did start with Apple’s WWDC keynote. It feels like a lifetime ago! You can get a full recap here, but the two main security takeaways are that Safari is the best mainstream privacy browser now, and that it looks like Apple’s going to slow down, take a breath, and try to release some major updates without quite so many bugs. But there’s so much more than Apple!
Microsoft bought GitHub for oodles of money, but might find it hard to moderate some of its problematic code. An impending encryption update should help make online payments much more secure, but won’t be fun for retailers or Android device owners who haven’t made the jump. And a Facebook bug messed with user status update settings, leaving some posts public that weren’t meant to be.
In other platform news, Encyclopædia Britannica wants to help solve Google’s misinformation problem by providing informational snippets you can trust. Former Cambridge Analytica CEO Alexander Nix, whose company used illicitly gained Facebook data to target voters in the 2016 election, testified before Parliament yet again.
Elsewhere, the Justice Department leveled new charges against hacker hero Marcus Hutchins, who slowed the WannaCry ransomware spread last year. We took a quick tour through some of the high-tech accoutrement being used by law enforcement around the country. And we sent a little time with Microsoft’s Windows red team, which has the high-stakes job of tracking down bugs through the eyes of an attacker.
But wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Adobe this week has patched yet another zero day vulnerability, this time one that had been seen exploited in the wild. Researchers at Qihoo 360 Core suggested that hackers had targeted the Doha, Qatar region with it. Flash is, of course, officially going to die off in 2020, but the notoriously insecure software managed to get in at least one more bad vulnerability before it goes.
You know those DNA services, where you send them some of your body and they tell you what you’re made of? MyHeritage, a popular genealogy company based in Israel, revealed this week that it had suffered a data breach that compromised 92 million user accounts. That sounds bad! And it’s admittedly not great. But feel better knowing that the actual DNA info wasn’t affected, just emails and hashed passwords. Which again, still not idea. But not as terrible as it sounded.
As the gun control debate continues, perhaps this is finally the one anecdote we can all agree is a Bad Thing. From February 2016 to March 2017, Florida’s Department of Agriculture and Consumer Services stopped running FBI background checks on gun purchasers. The reason? The employee responsible couldn’t log into the service. It appears that rather than tell anyone, the employee simple let applications go through without a check.