Security/Privacy

Links from The Ride Home Podcast

All links categorized under this topic, grouped by year and month.

Subscribe via Apple Podcasts, Overcast, Google Play, or RSS.

The Ride Home now has a proper web site and RSS feed.

2026

January

Grok was finally updated to stop undressing women and children, X Safety says (Ars Technica)

2025

December

Spotify Music Library Scraped by Pirate Activist Group (Billboard)
Amazon Caught North Korean IT Worker By Tracing Keystroke Data (Bloomberg)

November

You know those fake USPS texts? Google says it’s found who’s behind them (Fast Company)
Apple launches Digital ID, a way to carry your passport on your phone for use at TSA checkpoints (TechCrunch)
‘It’s organized crime’: TikTok Shop says it’s fighting a new wave of AI scammers (Business Insider)
Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks (Cyberscoop)

October

Using a Security Key on X? Re-Enroll Now or Your Account Will Be Locked (PC Mag)
‘Do not trust your eyes’: AI generates surge in expense fraud (FT)
F5 says hackers stole undisclosed BIG-IP flaws, source code (BleepingComputer)
Discord says 70,000 users may have had their government IDs leaked in breach (The Verge)

September

August

Tesla said it didn’t have key data in a fatal crash. Then a hacker found it. (Washington Post)
‘Vibe-hacking’ is now a top AI threat (The Verge)
New York sues Zelle, says security lapses led to $1 billion consumer fraud losses (Reuters)
Microsoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity (GeekWire)
TSMC says employees tried to steal trade secrets on iPhone 18 chip process (9to5Mac)
Cloudflare says Perplexity’s AI bots are ‘stealth crawling’ blocked sites (The Verge)

July

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating (404Media)
Hackers leak 13,000 user photos and IDs from the Tea app, designed as a women’s safe space (NBCNews)
Microsoft links Sharepoint ToolShell attacks to Chinese hackers (BleepingComputer)
Hackers Exploit Microsoft SharePoint as Firm Works to Patch (Bloomberg)
OpenAI clamps down on security after foreign spying threats (FT)

June

Israeli Officials Warn Iran Is Hijacking Security Cameras to Spy (Bloomberg)
OpenAI warns models with higher bioweapons risk are imminent (Axios)
The Meta AI app is a privacy disaster (TechCrunch)
OpenAI slams court order to save all ChatGPT logs, including deleted chats (Ars Technica)
‘Forest Blizzard’ vs ‘Fancy Bear’ - cyber companies hope to untangle weird hacker nicknames (Reuters)

May

Victoria’s Secret takes down website after security incident (BleepingComputer)
“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall (Ars Technica)
Coinbase warns of up to $400 million hit from cyberattack (Reuters)
Coinbase Hack Rocks Company That Led Crypto Into Mainstream (Bloomberg)
Meta wins $168 million in damages from Israeli cyberintel firm in Whatsapp spyware scandal (Courthouse News Service)
TeleMessage, a modified Signal clone used by US govt. officials, has been hacked (TechCrunch)
Leading deepfake porn site is shut down for good (Engadget)
Microsoft goes passwordless by default on new accounts (The Verge)
Meta tightens privacy policy around Ray-Ban glasses to boost AI training (The Verge)

April

Google Messages Sensitive Content Warnings for nudity rolling out (9to5Google)
Microsoft Is Dedicated To Building A Dodgy New Database Of Every Windows 11 User’s Online Behaviors (TechDirt)
Phishers abuse Google OAuth to spoof Google in DKIM replay attack (Bleeping Computer)
Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program (The Register)
North Korean IT worker army expands operations in Europe (BleepingComputer)
Gmail is making it easier for businesses to send encrypted emails to anyone (The Verge)

March

Critical RCE flaw in Apache Tomcat actively exploited in attacks (Bleeping Computer)
Accusations of Corporate Espionage Shake a Software Rivalry (NYTimes)
Apple will soon support encrypted RCS messaging with Android users (The Verge)
Undocumented commands found in Bluetooth chip used by a billion devices (BleepingComputer)

February

Google Confirms Gmail To Ditch SMS Code Authentication (Forbes)
U.K. orders Apple to let it spy on users’ encrypted accounts (Washington Post)
35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments (Chainalysis)

January

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars (Wired)
FBI Warned Agents It Believes Phone Logs Hacked Last Year (Bloomberg)
Chinese Hackers Accessed Yellen’s Computer in US Treasury Breach (Bloomberg)
How Barcelona became an unlikely hub for spyware startups (TechCrunch)
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location (Wired)
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks (TechCrunch)
Apple says Siri isn’t sending your conversations to advertisers (The Verge)
Apple to pay $95 million to settle Siri privacy lawsuit (Reuters)
AI-generated phishing scams target corporate executives (FT)

2024

December

November

October

Russian Hackers Are Targeting US Officials, Microsoft Says (Bloomberg)
UnitedHealth says data of 100 million stolen in Change Healthcare breach (BleepingComputer)
The War on Passwords Is One Step Closer to Being Over (Wired)
The Internet Archive is back as a read-only service after cyberattacks (The Verge)
Apple Potentially Facing Worst Leak Since iPhone 4 Was Left in a Bar (MacRumors)
Someone Put Facial Recognition Tech onto Meta’s Smart Glasses to Instantly Dox Strangers (404Media)

September

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record)
Some Kaspersky customers receive surprise forced-update to new antivirus software (TechCrunch)
Telegram CEO Durov Says App to Provide More Data to Governments (Bloomberg)
New Cloudflare Tools Let Sites Detect and Block AI Bots for Free (Wired)
Israel’s Pager Attacks Have Changed the World (NYTimes)
Apple’s new macOS Sequoia update is breaking some cybersecurity tools (TechCrunch)
RCS texts on the iPhone aren’t encrypted now, but that could change (The Verge)
Rogue WHOIS server gives researcher superpowers no one should ever have (Ars Technica)
Facebook admits to scraping every Australian adult user’s public photos and posts to train AI, with no opt-out option (ABC News)
How Telegram Became a Playground for Criminals, Extremists and Terrorists (NYTimes)
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica)

August

Chinese government hackers penetrate U.S. internet providers to spy (Washington Post)
Is Telegram really an encrypted messaging app? (Matthew Green)
Exclusive: Apple, Google wallets to carry California driver’s licenses (Axios)
The first post-quantum cryptography standards are here (TechCrunch)
Hackers leak 2.7 billion data records with Social Security numbers (BleepingComputer)
FBI probing alleged Iran hack attempts targeting Trump, Biden camps (Washington Post)
CrowdStrike Exec Shows Up to Accept ‘Most Epic Fail’ Award in Person (PCMag)
Iran Emerges as the Most Aggressive Foreign Threat to U.S. Election (WSJ)
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign (Politico)
A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers (Wired)

July

June

Amazon Is Investigating Perplexity Over Claims of Scraping Abuse (Wired)
US bans sale of Kaspersky software citing security risk from Russia (TechCrunch)
Privacy app maker Proton transitions to non-profit foundation structure (TechCrunch)
Apple to Debut Passwords App in Challenge to 1Password, LastPass (Bloomberg)
A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel’s back (WindowsCentral)
Google Maps is making a big privacy change to protect your location history (The Verge)

May

US dismantles 911 S5 botnet used for cyberattacks, arrests admin (BleepingComputer)
Two students find security bug that could let millions do laundry for free (The Verge)
Android will be able to detect if your phone has been snatched (The Verge)
China hacked Ministry of Defence, Sky News learns (SkyNews)
UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack (TechCrunch)
UnitedHealth CEO tells lawmakers the company paid hackers a $22 million ransom (CNBC)

April

Apple users are being locked out of their Apple IDs with no explanation (9to5Mac)
T-Mobile, Verizon workers get texts offering $300 for SIM swaps (BleepingComputer)
US government urges Sisense customers to reset credentials after hack (TechCrunch)
Google One VPN will be discontinued, Pixel VPN remains with upgrade coming (9to5Google)
Apple alerts users in 92 nations to mercenary spyware attacks (TechCrunch)
How Tech Giants Cut Corners to Harvest Data for A.I. (NYTimes)
AT&T resets account passcodes after millions of customer records leak online (TechCrunch)

March

Apple Sues Former Employee for Leaking iPhone’s Journal App and More (MacRumors)
Recent ‘MFA Bombing’ Attacks Targeting Apple Users (KrebsonSecurity)
US sanctions APT31 hackers behind critical infrastructure attacks (BleepingComputer)
Elon Musk’s Starlink Terminals Are Falling Into the Wrong Hands (Bloomberg)
Unpatchable vulnerability in Apple chip leaks secret encryption keys (Ars Technica)
Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns (Forbes)
Airbnb is banning indoor security cameras (The Verge)
‘Exit scam’ - hackers that hit UnitedHealth pull disappearing act (Reuters)

February

GitHub besieged by millions of malicious repositories in ongoing attack (Ars Technica)
These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway. (Consumer Reports)
US pharmacy outage triggered by ‘Blackcat’ ransomware at UnitedHealth unit, sources say (Reuters)
Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private (Wired)
Apple is hardening iMessage encryption now to protect it from a threat that doesn’t exist yet (Apple Insider)
Apple’s iMessage Is Getting Post-Quantum Encryption (Wired)
FBI Seizes LockBit Hacking Websites in Ransomware Disruption (Bloomberg)
Wyze outage led to the cameras of 13,000 customers being shown to other users (9to5Google)
China had “persistent” access to U.S. critical infrastructure (Axios)
Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs (404Media)
Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (CNN)
Cloudflare hacked using auth tokens stolen in Okta attack (BleepingComputer)

January

Fake Joe Biden robocall tells New Hampshire Democrats not to vote Tuesday (NBCNews)
iOS 17.3 is out, adding Stolen Device Protection for your iPhone (The Verge)
U.S. Criminally Charges EBay in Cyberstalking Case (NYTimes)
LastPass now requires 12-character master passwords for better security (BleepingComputer)
23andMe tells victims it’s their fault that their data was breached (TechCrunch)

2023

December

Ubisoft says it’s investigating reports of a new security breach (BleepingComputer)
Beeper is giving up on its iMessage dream (The Verge)
Lapsus$: GTA 6 hacker handed indefinite hospital order (BBC)
SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica)
Xfinity discloses data breach affecting over 35 million people (Bleeping Computer)
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads (404Media)
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (Wired)
Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them (404 Media)
Apple Makes Security Changes to Protect Users From iPhone Thefts (WSJ)
China’s cyber army is invading critical U.S. services (Washington Post)
Messenger is finally getting end-to-end encryption by default (The Verge)
Federal government is using data from push notifications to track contacts (Washington Post)
Governments spying on Apple, Google users through push notifications - US senator (Reuters)
23andMe confirms hackers stole ancestry data on 6.9 million users (TechCrunch)
Gmail’s AI-powered spam detection is its biggest security upgrade in years (Ars Technica)
Apple fixes two new iOS zero-days in emergency updates (Bleeping Computer)

November

NameDrop is safe. The fearmongering about it is not. (Washington Post)
FBI struggled to disrupt dangerous casino hacking gang, cyber responders say (Reuters)
No More Phone Number Swaps: Signal Messaging App Now Testing Usernames (PCMag)

October

Microsoft: Octo Tempest is one of the most dangerous financial hacking groups (BleepingComputer)
1Password detects “suspicious activity” in its internal Okta account (Ars Technica)
Life360 Sued for Selling Location Data (The Markup)
Okta shares fall 11% after company says client files were accessed by hackers via its support system (CNBC)
Teens Want Parents to Track Their Phones and Monitor Their Every Move (WSJ)
Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica)
A New Protocol Vulnerability Will Haunt the Web for Years (Wired)
Multi-modal prompt injection image attacks against GPT-4V (Simon Willison’s Blog)
New technique leads to largest DDoS attacks ever, Google and Amazon say (The Record)
23andMe says private user data is up for sale after being scraped (Ars Technica)
Apple Considered, Rejected Switch to DuckDuckGo From Google (Bloomberg)
Google is making big changes to prevent Gmail spam (CNBC)

September

Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer)
How the Lazarus Group is stepping up crypto hacks and changing its tactics (Elliptic) (Bloomberg)
TikTok fined $379M in EU for failing to keep kids’ data safe (TechCrunch)
MGM hack followed failed bid to rig slot machines, ‘Scattered Spider’ group claims (FT)
Inside The Ransomware Attack That Shut Down MGM Resorts (Forbes)
Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg)
Apple discloses zero-days linked to NSO Group spyware (The Record)
If You’ve Got a New Car, It’s a Data Privacy Nightmare (Gizmodo)

August

X Plans to Collect Biometric Data, Job and School History (Bloomberg)
Qakbot botnet dismantled after infecting over 700,000 computers (BleepingComputer)
Cyber security researchers become target of criminal hackers (FT)
Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (Wired)
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips (Wired)
Millions of UK voters’ data accessible in cyber-attack, says Electoral Commission (The Guardian)
New acoustic attack steals data from keystrokes with 95% accuracy (BleepingComputer)
Quantum Tech Will Transform National Security. It’s Testing U.S. Alliances Now. (NYTimes)

July

June

Police Are Requesting Self-Driving Car Footage For Video Evidence (Bloomberg)
ChatGPT maker OpenAI faces a lawsuit over how it used people’s data (Washington Post)
Randomly received a smartwatch? Don’t turn it on, investigators warn. (ArmyTimes)
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (BleepingComputer)
Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase (Bloomberg)
Russia accuses US of hacking thousands of Apple devices to spy on diplomats (The Record)

May

Captcha Is Asking Users to Identify Objects That Don’t Exist (Motherboard)
Microsoft warns that China hackers attacked U.S. infrastructure (CNBC)
Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? (NYTimes)
Apple Restricts Employee Use of ChatGPT, Joining Other Companies Wary of Leaks (WSJ)
New ZIP domains spark debate among cybersecurity experts (BleepingComputer)
Ransomware gang steals data of 5.8 million PharMerica patients (BleepingComputer)
Twitter’s encrypted DMs are here — but only for verified users (Engadget)
Gmail is adding a blue checkmark to better verify senders (9to5Google)
You no longer need a password to sign in to your Google account (The Verge)
Meta Is Trying to Push Attackers to the Brink (Wired)
Quantum computing could break the internet. This is how (FT)
Apple and Google team up to stop unwanted AirTag tracking (CNBC)
Apple uses iOS and macOS Rapid Security Response feature for the first time (Ars Technica)

April

Google on why Authenticator sync isn’t E2E encrypted, but option coming later (9to5Google)
Google Authenticator now syncs 2FA with your Google Account, gets new icon (9to5Google)
WhatsApp makes it harder for scammers to steal your account (Engadget)
Key transparency explainer (Matthew Green, Twitter)
Juice jacking rising, FBI says don’t use airport USB outlets (Android Authority)
Special Report: Tesla workers shared sensitive images recorded by customer cars (Reuters)
A third of organizations admit to covering up data breaches (VentureBeat)
‘I’ve never seen anything like this:’ One of China’s most popular apps has the ability to spy on its users, say experts (CNN Business)

March

Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity (The Verge)
Twitter Says Parts of Its Source Code Were Leaked Online (NYTimes)
Pinduoduo App Malware Detailed by Cybersecurity Researchers (Bloomberg)
Google flags apps made by popular Chinese e-commerce giant as malware (TechCrunch)
OpenAI Shut Down ChatGPT to Fix Bug Exposing User Chat Titles (Bloomberg)
Glaze protects art from prying AIs (TechCrunch)
The privacy loophole in your doorbell (Politico)
Twitter just let its privacy- and security-protecting Tor service expire (The Verge)
How a single engineer brought down Twitter on Monday (Platformer)
They thought loved ones were calling for help. It was an AI scam. (WashingtonPost)
The Satellite Hack Everyone Is Finally Talking About (Bloomberg)
The next big threat to AI might already be lurking on the web

February

LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (BleepingComputer)
How I Broke Into a Bank Account With an AI-Generated Voice (Motherboard)

January

Riot Games receives ‘ransom email’ for stolen source code following social engineering attack (The Record)
Ransomware Revenue Down As More Victims Refuse to Pay (Chainalysis)
Insurer Beazley launches first catastrophe bond for cyber threats (FT)
PyTorch discloses malicious dependency chain compromise over holidays (BleepingComputer)

2022

December

November

October

TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens (Forbes)
I Turned My Home Into a Fortress of Surveillance (The Atlantic)
WhatsApp is now a spammers’ paradise in India (Rest of World)
Signal will remove support for SMS text messages on Android (BleepingComputer)
Former Uber Security Chief Found Guilty of Hiding Hack From Authorities (NYTimes)
Former Uber security chief convicted of covering up 2016 data breach (Washington Post)

September

Turnstile is Cloudflare’s latest attempt to rid the web of CAPTCHAs (The Verge)
‘Smash and grab’: Meta uncovers Russia’s ‘largest and most complex’ info op since the war began (Protocol)
UK Police arrests teen believed to be behind Uber, Rockstar hacks (BleepingComputer)
Cloudflare launches an eSIM to secure mobile devices (TechCrunch)
Child Predators Use Twitch to Systematically Track Kids Livestreaming (Bloomberg)
Uber links breach to Lapsus$ group, blames contractor for hack (BleepingComputer)
Uber Investigating Breach of Its Computer Systems (NYTimes)
Uber suffers computer system breach, alerts authorities (Washington Post)
New Linux malware combines unusual stealth with a full suite of capabilities (Ars Technica)
Ring finally brings end-to-end encryption to its flagship video doorbells (The Verge)
Albania cuts diplomatic ties with Iran over July cyberattack (APNews)
Google Chrome emergency update fixes new zero-day used in attacks (BleepingComputer)

August

Apple says 95% of iCloud users already have 2FA enabled ahead of Passkeys launch (9to5Mac)
LastPass developer systems hacked to steal source code (BleepingComputer)
Twilio hackers breached over 130 organizations during months-long hacking spree (TechCrunch)
Twitter whistleblower won hacker acclaim for exposing software flaws (Washington Post)
Plex tells users to reset their passwords after potential data breach (Engadget)
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. (NYTimes)
TikTok’s in-app browser could be keylogging, privacy analysis warns (TechCrunch)
VPNs on iOS are a scam (Michael Horowitz)
Exclusive: Airbnb rolls out new anti-party tech to prevent unapproved gatherings (Fast Company)
Signal says 1,900 users’ phone numbers exposed by Twilio breach (TechCrunch)
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (BleepingComputer)
CISA warns of Windows and UnRAR flaws exploited in the wild (BleepingComputer)
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Felix Krause)
Twilio hacked by phishing campaign targeting internet companies (TechCrunch)
CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications
Solana Hack Blamed on Slope Mobile Wallet Exploit (Decrypt)
Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk (Chainalysis)
Nomad token bridge drained of $190M in funds in security exploit (CoinTelegraph)

July

IBM Security report finds data breaches are costlier than ever before (SiliconAngle)
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us (Ars Technica)
FTC to Crack Down on Sites That Claim Your Data Is ‘Anonymized’ When It’s Not (PCMag)
Here’s how North Korean operatives are trying to infiltrate US crypto firms (CNN)
Apple Announces New Lockdown Mode on iOS 16 With ‘Extreme’ Level of Security (MacRumors)
Heads of FBI, MI5 Issue Joint Warning on Chinese Spying (WSJ)
NIST unveils four algorithms that will underpin new ‘quantum-proof’ cryptography standards (SC Media)
Hackers Claim Theft of Police Info in China’s Largest Data Leak (Bloomberg)
Google patches new Chrome zero-day flaw exploited in attacks (Bleeping Computer)

June

Cyber Pirates Prowling Ship Controls Threaten Another Big Shock (Bloomberg)
Without Roe, data will become a company headache and a user nightmare (Axios)
Period tracker Stardust surges following Roe reversal, but its privacy claims aren’t airtight (TechCrunch)
Google is notifying Android users targeted by Hermit government-grade spyware (TechCrunch)
CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May (The Record)
How Russia’s vaunted cyber capabilities were frustrated in Ukraine (Washington Post)
Privacy-focused Brave Search grew by 5,000% in a year (Bleeping Computer)
Announcing StackHawk’s $20.7 Million in Series B Funding to Drive Developer-First Security (StackHawk)
iOS 16 Will Let iPhone Users Bypass CAPTCHAs in Supported Apps and Websites (MacRumors)
Microsoft launches Defender for Individuals for Microsoft 365 Personal and Family subscribers (ZDNet)
Proton Is Trying to Become Google—Without Your Data (Wired)
Firefox enables its anti-tracking feature by default (Engadget)
The Surreal Case of a C.I.A. Hacker’s Revenge (The New Yorker)
US: Chinese govt hackers breached telcos to snoop on network traffic (BleepingComputer)
Apple Just Killed the Password—for Real This Time (Wired)
Security Fixes Won’t Require Full iOS Update in iOS 16, Will Be Installed Automatically (MacRumors)
A Long-Awaited Defense Against Data Leaks May Have Just Arrived (Wired)

May

DuckDuckGo browser allows Microsoft trackers due to search agreement (Bleeping Computer)
DOJ Announces It Won’t Prosecute White Hat Security Researchers (Motherboard)
Cyber Insurers Raise Rates Amid a Surge in Costly Hacks (WSJ)
2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms (Ars Technica)
Cornami raises $68M to support quantum encryption (VentureBeat)
Report spotlights vast scale of adtech’s ‘biggest data breach’ (TechCrunch)
Google releases Android 13 beta 2 with finer privacy controls and improved Material You (Neowin)
Costa Rica declares national emergency after Conti ransomware attacks (BleepingComputer)
Apple, Google, Microsoft Back ‘FIDO’ Tech to Dump Passwords on Websites and Apps (CNET)
Russians plunder $5M farm vehicles from Ukraine – to find they’ve been remotely disabled
White House wants nation to prepare for cryptography-breaking quantum computers (The Record)
Apple accuses engineers of stealing chip secrets with AirDrop and Time Machine (9to5Mac)
Grindr User Data Has Been for Sale for Years (WSJ)

April

Google may now remove search results that dox you (The Verge)
Major cryptography blunder in Java enables “psychic paper” forgeries (Ars Technica)
Google: 2021 was a Banner Year for Exploited 0-Day Bugs (ThreatPost)
Brave is bypassing Google AMP pages because they’re ‘harmful to users’ (The Verge)
US Officials Tie North Korea’s ‘Lazarus’ Hackers to $625M Crypto Theft (CoinDesk)
US agencies warn of custom-made hacking tools targeting energy sector systems (The Record)
Researchers find new malware variant after stopping attack on Ukrainian energy provider (The Record)
DuckDuckGo’s Privacy Browser Finally Lands on Desktop (Wired)
Google Play will hide and block downloads for outdated apps starting later this year (TechCrunch)
Hackers breach MailChimp’s internal tools to target crypto customers (BleepingComputer)
A FACEBOOK BUG LED TO INCREASED VIEWS OF HARMFUL CONTENT OVER SIX MONTHS (The Verge)
Apple emergency update fixes zero-days used to hack iPhones, Macs (BleepingComputer)

March

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg)
Wyze Cam flaw lets hackers remotely access your saved videos (BleepingComputer)
Leaked Details of the Lapsus$ Hack Make Okta’s Slow Response Look More Bizarre (Wired)
Emergency Google Chrome update fixes zero-day used in attacks (BleepingComputer)
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC News)
LAPSUS$: How a Sloppy Extortion Gang Became One of the Most Prolific Hacking Groups (Vice)
Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind (Bloomberg)
A Closer Look at the LAPSUS$ Data Extortion Group (KrebsonSecurity)
The Third-Party Okta Hack Leaves Customers Scrambling (Wired)
Is Russia exploring cyberattacks against U.S. in response to hacktivists? (VentureBeat)
Okta hack puts thousands of businesses on high alert (The Verge)
Lapsus$ hackers leak 37GB of Microsoft’s alleged source code (BleepingComputer)
Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms (Decrypt)
A Big Bet to Kill the Password for Good (Wired)
Using a New Cyber Tool, Westerners Have Been Texting Russians About the War in Ukraine (WSJ)
Twitter Launches Tor Onion Service Making Site Easier to Access in Russia (Motherboard)
Google is buying the cybersecurity company that uncovered the SolarWinds hack (The Verge)
Cloudflare, CrowdStrike and Ping Identity to provide free cybersecurity to vulnerable industries (Silicon Angle)
Cybercriminals who breached Nvidia issue one of the most unusual demands ever (Ars Technica)
Malware now using NVIDIA’s stolen code signing certificates (Bleeping Computer)
Hackers leak 190GB of alleged Samsung data, source code (Bleeping Computer)
Chinese cyberspies target govts with their ‘most advanced’ backdoor (BleepingComputer)

February

Ukrainian gov’t sites disrupted by DDoS, wiper malware discovered (ZDNet)
$1.7 million in NFTs stolen in apparent phishing attack on OpenSea users (The Verge)
Google Plans Privacy Changes, but Promises to Not Be Disruptive (NYTimes)
iOS jailbreak dev wins $2M bounty for finding critical Optimism bug (CoinTelegraph)
Secret CIA Bulk Surveillance Program Includes Some Americans’ Records, Senators Say (WSJ)
Signal now allows you to keep messages and groups after changing phone numbers (ZDNet)
The Unnerving Rise of Video Games that Spy on You (Wired)
North Korea Hacked Him. So He Took Down Its Internet (Wired)
KP Snacks giant hit by Conti ransomware, deliveries disrupted (BleepingComputer)
European Ad Group Hit With Sanctions Over Privacy Lapses (Bloomberg)
Who owns your address in AR? Probably not you. (Protocol)

January

Nothing Sacred: These Apps Reserve The Right To Sell Your Prayers
Log4Shell: No Mass Abuse, But No Respite, What Happened? (Sophos News)
Google kills off FLoC, replaces it with Topics (TechCrunch)
Hactivists say they hacked Belarus rail system to stop Russian military buildup (Ars Technica)
DHS warns of Russian cyberattack on US if it responds to Ukraine invasion (ABCNews)
Google deceived consumers about how it profits from their location data, attorneys general allege in lawsuits (Washington Post)
How Did ID.me Get Between You and Your Identity? (Bloomberg)
IRS Will Require Facial Recognition Scans to Access Your Taxes Online (Gizmodo)
IRS Will Soon Require Selfies for Online Access (KrebsonSecurity)
Cross-country Exposure - Analysis of the MY2022 Olympics app (Citizenlab.ca)
Olympic burner phones? Athletes warned about bringing personal devices to China for 2022 Beijing Games (USAToday)
Russia takes down REvil hacking group at U.S. request - FSB (Reuters)
In bad news for US cloud services, Austrian website’s use of Google Analytics found to breach GDPR (TechCrunch)
Moxie Marlinspike has stepped down as CEO of Signal (The Verge)
Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps (BleepingComputer)

2021

December

LastPass users warned their master passwords are compromised (BleepingComputer)
CISA warns ‘most serious’ Log4j vulnerability likely to affect hundreds of millions of devices (CyberScoop)
The numbers behind a cyber pandemic – detailed dive (Check Point)
Apple launches AirTags and Find My detector app for Android, in effort to boost privacy (CNET)
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet (Ars Technica)
The Internet’s biggest players are all affected by critical Log4Shell 0-day (Ars Technica)
Apple Set to Release Nudity Detection in Texting, But Other Features Remain on Hold (Bloomberg)
The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users (The Markup)
Honeywell Unit Offers First-Ever Quantum-Created Encryption Key (Bloomberg)
The Verizon app might be collecting your browsing history and more (The Verge)
Twitter bans sharing ‘private’ images and videos without consent (Engadget)

November

Finland Battles ‘Exceptional’ Malware Attack Spread by Phones (Bloomberg)
Meta delays encrypted messages on Facebook and Instagram to 2023 (The Guardian)
FBI system hacked to email ‘urgent’ warning about fake cyberattacks (Bleeping Computer)
Hoax Email Blast Abused Poor Coding in FBI Website (KrebsOnSecurity)
Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice)
Robinhood says millions of customer names and email addresses taken in data breach (TechCrunch)
US seizes $6 million in ransom payments and charges Ukrainian over major cyberattack (CNN)
A Drone Tried to Disrupt the Power Grid. It Won’t Be the Last (Wired)
Hackers are stealing data today so quantum computers can crack it in a decade (TechnologyReview.com)
The Booming Underground Market for Bots That Steal Your 2FA Codes (Motherboard)
CISA creates catalog of known exploited vulnerabilities, orders agencies to patch (The Record)
‘Trojan Source’ Bug Threatens the Security of All Code (KrebsonSecurity)

October

Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May (BleepingComputer)
Privacy by Design (WorldCoin)
Governments turn tables on ransomware gang REvil by pushing it offline (Reuters)
Brave Removes Google as its Default Search Engine (Thurrott.com)
Apple’s privacy changes create windfall for its own advertising business (FT)
1Password’s new feature lets you safely share passwords using just a link (Engadget)
Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever (The Record)
The entirety of Twitch has reportedly been leaked (VideoGamesChronicle)

September

1Password can now randomly generate email addresses for logins (Engadget)
Cloudflare Is Taking a Shot at Email Security (Wired)
How to move Google Authenticator to your new iPhone (Apple Insider)
Microsoft uncovers giant Phishing-as-a-Service operation (The Record)
Microsoft accounts can now go fully passwordless (The Verge)
Apple patches an NSO zero-day flaw affecting all devices (TechCrunch)
Russia Influences Hackers but Stops Short of Directing Them, Report Says (NYTimes)
ProtonMail logged IP address of French activist after order by Swiss authorities (TechCrunch)
How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users (ProPublica)
Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities (The Record)
Apple secures first states to support digital driver’s licenses, but privacy questions linger (TechCrunch)

August

Biden tells top CEOs at White House summit to step up on cybersecurity (Washington Post)
Razer bug lets you become a Windows 10 admin by plugging in a mouse (BleepingComputer)
The FBI’s warning to Silicon Valley: China and Russia are trying to turn your employees into spies (Protocol)
T-Mobile Confirms It Was Hacked (Motherboard)
T-Mobile Investigating Claims of Massive Customer Data Breach (Motherboard)
Huawei Accused in Suit of Installing Data ‘Back Door’ in Pakistan Project (WSJ)
Researchers Create ‘Master Faces’ to Bypass Facial Recognition (Motherboard)
Google’s new Titan security key lineup won’t make you choose between USB-C and NFC (The Verge)
Apple CSAM FAQ addresses misconceptions and concerns about photo scanning (9to5Mac)
Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope (Daring Fireball)
Apple confirms it will begin scanning iCloud Photos for child abuse images (TechCrunch)
U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats (WSJ)

July

Apple Tells Leaker to Snitch on Sources or It Will Report Them to the Police (Motherboard)
Apple releases fix for iOS and macOS zero-day, 13th this year (The Record)
A case against security nihilism (Matthew Green)
DuckDuckGo launches new Email Protection service to remove trackers (The Verge)
Edward Snowden calls for spyware trade ban amid Pegasus revelations (The Guardian)
Private Israeli spyware used to hack cellphones journalists, activists worldwide (Washington Post)
U.S. and key allies accuse China of Microsoft Exchange cyberattacks (Axios)
Obscure Cyber Agency Becomes Nemesis of China’s Tech Giants (Bloomberg)
REvil ransomware gang’s web sites mysteriously shut dow
Twitter verified a number of bot accounts—raising questions about security (updated) (DailyDot)
Gmail deploys support BIMI security standard (The Record)
Ring’s end-to-end encryption is rolling out globally (The Verge)
Microsoft Agrees to Acquire Cybersecurity Company RiskIQ (Bloomberg)
Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack (NYTimes)
REvil gang asks for $70 million to decrypt systems locked in Kaseya attack (The Record)

June

Microsoft admits to signing rootkit malware in supply chain fiasco (Bleeping Computer)
Meet the activists perfecting the craft of anti-surveillance (FT)
WD My Book NAS devices are being remotely wiped clean worldwide (Bleeping Computer)
Google delays Chrome’s cookie-blocking privacy plan by nearly 2 years (Cnet)
Brave’s nontracking search engine is now in beta (TechCrunch)
What is the ‘brushing’ scam and how can you protect yourself? (Yahoo Life)
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened (Vice)
Ukraine arrests ransomware gang in global cyber criminal crackdown (FT)
Google may be working on an Android version of Apple’s “Find My” network (XDA Developers)
Ransomware claims are roiling an entire segment of the insurance industry (Washington Post)
How governments and spies text each other (Wired)
U.S. Supreme Court revives LinkedIn bid to shield personal data (Reuters)
McDonald’s Hit by Data Breach (WSJ)
Hackers Steal Wealth of Data from Game Giant EA (Vice)
Apple says its new logon tech is as easy as passwords but far more secure (Cnet)
The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact. (Double Pulsar)
JBS Paid $11 Million to Resolve Ransomware Attack (WSJ)
FBI and Australian police ran an encrypted chat platform to catch criminal gangs (The Record)
Encrypted messaging app used by criminals was actually an FBI honeypot (Input)
U.S. Retrieves Millions in Ransom Paid to Colonial Pipeline Hackers (WSJ)
Apple will let users stay on iOS 14 and receive security updates, even after iOS 15 is released (9to5 Mac)
Apple’s iCloud Plus bundles a VPN, private email, and HomeKit camera storage (The Verge)
Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says (Reuters)
How to Negotiate with Ransomware Hackers (The New Yorker)
U.S. says ransomware attack on meatpacker JBS likely from Russia; cattle slaughter resuming (CNBC)
Meat Buyers Scramble After Cyberattack Hobbles JBS (WSJ)
Amazon devices will soon automatically share your Internet with neighbors (Ars Technica)

May

April

March

Android sends 20x more data to Google than iOS sends to Apple, study says (Ars Technica)
PHP’s Git server hacked to add backdoors to PHP source code (BleepingComputer)
Buffer overruns, license violations, and bad code: FreeBSD 13’s close call (Ars Technica)
Zuckerberg: Facebook may actually be in a ‘stronger position’ after Apple’s iOS 14 privacy changes (CNBC)
Loans that hijack your phone are coming to India (Rest of World)
Tampa Twitter hacker agrees to three years in prison (Tampa Bay Times)
Dropbox will have a free password manager in April — if you’ve got 50 or fewer passwords (The Verge)
A Hacker Got All My Texts for $16 (Motherboard)
White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (NYTimes)
Apple sues former employee for stealing trade secrets, leaking information to the media (9to5Mac)
Verkada Workers Had Extensive Access to Private Customer Cameras (Bloomberg)
Google paves way to monetize Pay users’ data in India (TechCrunch)
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals (Bloomberg)
Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor (The Record)
Apple releases iOS 14.4.1 and macOS 11.2.3 to address a WebKit vulnerability (Engadget)
Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China (NYTimes)
Google promises it won’t just keep tracking you after replacing cookies (The Verge)
Google to Stop Selling Ads Based on Your Specific Web Browsing (WSJ)
Microsoft says China-backed hackers are exploiting Exchange zero-days (TechCrunch)
Recovering from the SolarWinds hack could take 18 months (MIT Technology Review)
Brave is launching its own search engine with the help of ex-Cliqz devs and tech (TechCrunch)

February

January

2020

December

November

Undersheriff, Apple security chief, businessman indicted in bribery schemes (PaloAltoOnline)
Apple doubles down on upcoming iOS 14 privacy features, slams Facebook for collecting ‘as much data as possible’ (9to5Mac)
Ok Google: please publish your DKIM secret keys (Matthew Green’s Blog)
‘Like Being Grilled Alive’: The Fear of Living With a Hackable Heart (OneZero)
Welcome Back to the Office. Please Wear This Tracking Device. (OneZero)
Students Have To Jump Through Absurd Hoops To Use Exam Monitoring Software (Motherboard)
What it’s like to get locked out of Google indefinitely (Business Insider)

October

Google One’s 2TB+ plans adding Android VPN, coming to iOS & Mac/Windows soon (9to5Google)
Building wave of ransomware attacks strike U.S. hospitals (Reuters)
Zoom’s end-to-end encryption has arrived (The Verge)
The Network: How a Secretive Phone Company Helped the Crime World Go Dark (Motherboard)
US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks (ZDNet)
Clear Conquered U.S. Airports. Now It Wants to Own Your Entire Digital Identity. (OneZero)
THE CONTEST TO PROTECT ALMOST EVERYTHING ON THE INTERNET (WSJ)
Microsoft and others orchestrate takedown of TrickBot botnet (ZDNet)
Microsoft takes down massive hacking operation that could have affected the election (CNN Business)
Google is adding cross-app account security alerts on iOS (The Verge)
Security flaw left ‘smart’ chastity sex toy users at risk of permanent lock-in (TechCrunch)
States are finally starting to use the Covid-tracking tech Apple and Google built — here’s why (CNBC)
Clinical Trials Hit by Ransomware Attack on Health Tech Firm (NYTimes)

September

Ring’s latest security camera is a drone that flies around inside your house (The Verge)
Amazon’s Bizarre Home Drone Flies Around Inside Your House (Wired)
Feds proudly announce seizure of ‘counterfeit Apple AirPods’ that are actually OnePlus Buds (The Verge)
Russia, China and Iran launched cyberattacks on presidential campaigns, Microsoft says (NBC News)
Yubico’s new USB-C security key with NFC could be the one key to unlock them all (The Verge)
Scene Bust Triggered Historic Drop in ‘Pirate’ Releases (Torrent Freak)
Court rules NSA phone snooping illegal — after 7-year delay (Politico)
Feds can’t ask Google for every phone in a 100-meter radius, court says (Ars Technica)

August

Former Uber Security Chief Charged With Concealing Hack (NYTimes)
Cobalt.io grabs $29M Series B to continue building out pentesting platform (TechCrunch)
The Secret SIMs Used By Criminals to Spoof Any Number (Motherboard)
The Return of Anonymous (The Atlantic)
I’m Open Sourcing the Have I Been Pwned Code Base (TroyHunt.com)
Files by Google adds PIN protection for your most sensitive files on Android (The Verge)
Garmin reportedly paid multimillion-dollar ransom after suffering cyberattack (The Verge)
Google to invest $450M in smart home security solutions provider ADT (TechCrunch)
From Minecraft Tricks to Twitter Hack: A Florida Teen’s Troubled Online Path (NYTimes)

July

Garmin outage caused by confirmed WastedLocker ransomware attack (Bleeping Computer)
Exclusive: More than 1,000 people at Twitter had ability to aid hack of accounts (Reuters)
U.S. hatches plan to build a quantum Internet that might be unhackable (Washington Post)
Twitter admits hackers accessed DMs of dozens of high-profile accounts (TechCrunch)
Hundreds Of Thousands Of Instacart Customers’ Personal Data Is Being Sold Online (BuzzFeed.News)
Who’s Behind Wednesday’s Epic Twitter Hack? (Krebs on Security)
130 high-profile Twitter accounts targeted in hacking attack (The Guardian)
Everything you need to know about Palantir, the secretive company coming for all your data (Recode)
Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam (TechCrunch)
A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam (TechCrunch)
Hackers Convinced Twitter Employee to Help Them Hijack Accounts (Motherboard)
The real reason Apple is warning users about MacBook camera covers (ZDNet)
Facebook, WhatsApp, Twitter Suspend Review of Hong Kong Requests for User Data (WSJ)
iOS 14: iCloud Keychain now alerts users about leaked passwords, more (9to5Mac)
How Police Secretly Took Over a Global Phone Network for Organized Crime (Motherboard)
Did a Chinese Hack Kill Canada’s Greatest Tech Company? (Bloomberg Businessweek)

June

TikTok says it will stop accessing clipboard content on iOS devices (The Verge)
Google will now auto-delete location and search history by default for new users (The Verge)
Exclusive: Massive spying on users of Google’s Chrome shows new security weakness (Reuters)
UK virus-tracing app switches to Apple-Google model (BBC News)
Zoom to Offer All Users Full Encryption, Bending to Pressure (Bloomberg)
Dropbox officially launches its own password manager and a secure vault for your files (The Verge)
Coronavirus contact tracing apps were tech’s chance to step up. They haven’t. (NBC News)
Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again (Ars Technica)
Privacy browser Brave under fire for violating users’ trust (Decrypt)
Google says Iranian, Chinese hackers targeted Trump, Biden campaigns (TechCrunch)
Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use (Reuters)
Suit Claims Google’s Tracking Violates Federal Wiretap Law (NYTimes)
Zoom won’t encrypt free calls because it wants to comply with law enforcement (TNW)
White nationalist group posing as antifa called for violence on Twitter (NBC News)
Apple releases iOS 13.5.1 and watchOS 6.2.6 with ‘important security updates’ (9to5Mac)

May

April

Zoom admits it doesn’t have 300 million users, corrects misleading claims (The Verge)
How a handful of Apple and Google employees came together to help health officials trace coronavirus (CNBC)
Two Million Australians Download Coronavirus Contact-Tracing App (Bloomberg)
Germany flips to Apple-Google approach on smartphone contact tracing (Reuters)
Apple Finds No Evidence Hackers Exploited iPhone, iPad Mail Flaw (Bloomberg)
Following the money in a massive “sextortion” spam scheme (Sophos)
267 million Facebook profiles sold for $600 on the dark web (BleepingComputer)
Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox (NYTimes)
Q&A: Apple and Google discuss their coronavirus tracing efforts (TechCrunch)
Over 500,000 Zoom accounts sold on hacker forums, the dark web (BleepingComputer)
How Apple and Google are tackling one of the toughest parts about tracking COVID-19 exposures (The Verge)
NHS phone app holds key to lifting UK’s coronavirus lockdown (The Times (UK)
Apple, Google debut major effort to help people track if they’ve come in contact with coronavirus (Washington Post)
Was Leisure Suit Larry Really an Accomplice in Early Banking Cyberattacks? (Vice)
Zoom removes meeting IDs from client title bar to boost security (Bleeping Computer)
Update on Zoom’s 90-Day Plan to Bolster Key Privacy and Security Initiatives (Zoom Blog)
Microsoft Buys Corp.com So Bad Guys Can’t (KrebsonSecurity)
Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others (ZDNet)
Google uses location data to show which places are complying with stay-at-home orders — and which aren’t (The Verge)
In coronavirus fight, oft-criticized Facebook data aids U.S. (Reuters)
PRIVACY EXPERTS SAY RESPONSIBLE CORONAVIRUS SURVEILLANCE IS POSSIBLE (The Intercept)
Marriott discloses new data breach impacting 5.2 million hotel guests (ZDNet)
Zoom Lets Attackers Steal Windows Credentials via UNC Links (Bleeping Computer)
@c1truz_ thread about Zoom (Twitter)

March

ZOOM MEETINGS AREN’T END-TO-END ENCRYPTED, DESPITE MISLEADING MARKETING (The Intercept)
Hack Attack Takes Down Dark Web Host: 7,595 Websites Confirmed Deleted (Forbes)
Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers (Bloomberg)
Apple updates Safari’s anti-tracking tech with full third-party cookie blocking (The Verge)
Coronavirus: S’pore Government to make its contact-tracing app freely available to developers worldwide (The Straight Times)
Microsoft says hackers are attacking Windows users with a new unpatched bug (TechCrunch)
Taiwan’s new ‘electronic fence’ for quarantines leads wave of virus monitoring (Reuters)
Phones Could Track the Spread of Covid-19. Is It a Good Idea? (Wired)
To Track Coronavirus, Israel Moves to Tap Secret Trove of Cellphone Data (NYTimes)
Comcast accidentally published 200,000 “unlisted” phone numbers (Ars Technica)
Intel CPUs vulnerable to new LVI attacks (ZDNet)
More good news: Medical equipment is still prone to hacker attacks (VentureBeat)
Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data (BuzzFeed News)
Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media (Motherboard)
DoNotPay Chrome browser extension (Chrome Web Store)
New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (AMD Responds) (Tom’s Hardware)
5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable (Ars Technica)
Can You Really Hire a Hit Man on the Dark Web? (NYTimes)
Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys (Wired)
Exclusive: For $3, a ‘robot lawyer’ will sue data brokers that don’t delete your personal and location info (Fortune)

February

How North Korean Hackers Rob Banks Around the World (Wired)
Firefox turns encrypted DNS on by default to thwart snooping ISPs (Ars Technica)
EU Commission to staff: Switch to Signal messaging app (Politico.eu)
Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months (The Register)
Enveil raises $10 million for enterprise-scale homomorphic encryption (VentureBeat)
Google is cracking down on Android apps that track your location in the background (The Verge)
Microsoft plans antivirus software for Android and iOS devices (CNBC)
Firefox releases Android app for its VPN service (Android Police)
Ring now requires two-factor sign-ins for its home security devices (Engadget)
Google removes 500+ malicious Chrome extensions from the Web Store (ZDNet)
Quantum entanglement over 30 miles of fiber has brought super secure internet closer (MIT Technology Review)
U.S. Officials Say Huawei Can Covertly Access Telecom Networks (WSJ)
Average tenure of a CISO is just 26 months due to high stress and burnout (ZDNet)
‘The intelligence coup of the century’ (Washington Post)
U.S. charges Chinese military hackers with massive Equifax breach (Politico)
Dangerous Domain Corp.com Goes Up for Sale (KrebsonSecurity)
Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November (9to5Google)

January

Facial Recognition- The controversial and nearly ever-present technology that could replace the fingerprint (California Sunday Magazine)
Facebook to Pay $550 Million to Settle Facial Recognition Suit (NYTimes)
Avast winds down Jumpshot, cites user data sale privacy concerns (ZDNet)
Ring Doorbell App Packed with Third-Party Trackers (EFF)
Leaked Documents Expose the Secretive Market for Your Web Browsing Data (Motherboard)
Apple and Google’s tough new location privacy controls are working (Fast Company)
Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia (ThreatPost)
Inside the World’s Highest-Stakes Industrial Hacking Contest (Wired)
We’re Banning Facial Recognition. We’re Missing the Point. (NYTimes)
The Secret History of Facial Recognition (Wired)
Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone (Motherboard)
Jeff Bezos hack: Amazon boss’s phone ‘hacked by Saudi crown prince’ (The Guardian)
UN calls for investigation into alleged Saudi crown prince involvement in Bezos phone hack (CNBC)
Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources (Reuters)
Snyk raises $150 million at $1 billion valuation for AI that protects open source code (VentureBeat)
You can now use iPhones as Google security keys for 2FA (9to5Google)
Apple Takes a (Cautious) Stand Against Opening a Killer’s iPhones (NYTimes)
Apple Said It Is Helping In The Pensacola Shooting Investigation, But It Won’t Unlock The Shooter’s iPhones (Buzzfeed News)
Cryptic Rumblings Ahead of First 2020 Patch Tuesday (KrebsOnSecurity)
A billion medical images are exposed online, as doctors ignore warnings (TechCrunch)
Firefox gets patch for critical 0-day that’s being actively exploited (Ars Technica)
Ring adds privacy dashboard to app in response to security concerns (The Verge)
Ghosts in the Clouds: Inside China’s Major Corporate Hack (WSJ)
‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age (Yahoo News)

2019

December

IoT vendor Wyze confirms server leak (ZDNet)
Pentagon tells military personnel not to use at-home DNA kits (NBC News)
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. (NYTimes)
U.S. Navy bans TikTok from government-issued mobile devices (Reuters)
Meet the Mad Scientist Who Wrote the Book on How to Hunt Hackers (Wired)
Twelve Million Phones, One Dataset, Zero Privacy (NYTimes)
We Tested Ring’s Security. It’s Awful (Motherboard)
Inside the Podcast that Hacks Ring Camera Owners Live on Air (Motherboard)
Chrome 79 released with tab freezing, back-forward caching, and loads of security features (ZDNet)
How Ring Went From ‘Shark Tank’ Reject to America’s Scariest Surveillance Company (Motherboard)
A decade of hacking: The most notable cyber-security events of the 2010s (ZDNet)
DHS wants to expand airport face recognition scans to include US citizens (TechCrunch)
Now even the FBI is warning about your smart TV’s security (TechCrunch)

November

Twitter will finally let users disable SMS as default 2FA method (ZDNet)
Android Camera App Bug Lets Apps Record Video Without Permission (BleepingComputer)
Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator (Washington Post)
Amazon says it’s considered face scanning in Ring doorbells (Associated Press)
Hacked Disney+ accounts are reportedly being sold for as little as $3 (CNBC)
Ransomware Bites 400 Veterinary Hospitals (Krebs on Security)
In Its First Funding In 14 Years, Toronto’s 1Password Raises $200M Series A Led By Accel (Crunchbase)
Brave 1.0 launches, bringing the privacy-first browser out of beta (The Verge)
Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans (WSJ)
Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics (Washington Post)
Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked (ZDNet)
Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica)
IOS 13.2 IS OVERZEALOUSLY KILLING APPS IN THE BACKGROUND (Daring Fireball)
I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too. (NYTimes)
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home (Wired)
Maps Incognito is launching for Google Maps Android Users (Google Maps Help)
Talking with former Facebook security chief Alex Stamos (CJR)
The Ransomware Superhero of Normal, Illinois (ProPublica)

October

Researchers unearth malware that siphoned SMS texts out of telco’s network (Ars Technica)
Why WhatsApp is pushing back on NSO Group hacking (Washington Post)
WhatsApp Says Israeli Firm Used Its App in Spy Program (NYTimes)
Microsoft: Russian hackers are targeting sporting organizations ahead of Tokyo Olympics (ZDNet)
BBC News launches ‘dark web’ Tor mirror (BBC News)
Microsoft announces Secured-core PCs to counter firmware attacks (VentureBeat)
Samsung says fingerprint security fix is coming as early as next week (The Verge)
The Creators Of Pokémon Go Mapped The World. Now They’re Mapping You (Kotaku)
Samsung to patch the Galaxy S10’s fingerprint sensor over screen protector concerns (The Verge)
Privacy-focused Brave browser boasts 8M monthly active users (The Block)
Google Pixel 4 Face Unlock works if eyes are shut (BBC News)
How safe is Apple’s Safe Browsing? (Matthew Green)
Chinese app on Xi’s ideology allows data access to users’ phones, report says (The Washington Post)
Twitter says it unintentionally misused user data for advertising (Axios)
Twitter says phone numbers users provided for security were ‘inadvertently’ used for ad purposes (The Washington Post)
Attackers exploit 0-day vulnerability that gives full control of Android phones (Ars Technica)
Here’s that hippie, pro-privacy, pro-freedom Apple y’all so love: Hong Kong protest safety app banned from iOS store (The Register)

September

New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips (ZDNet)
Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer (Ars Technica)
The ‘Checkm8’ exploit isn’t a big deal to iPhone or iPad users, and here’s why (Apple Insider)
DoorDarsh confirms data breach affected 4.9 million customers, workers and merchants (TechCrunch)
At Least 70 Countries Have Had Disinformation Campaigns, Study Finds (NYTimes)
Microsoft’s new ‘Data Dignity’ team could help users control their personal data (ZDNet)
Disclosing new data to our archive of information operations (Twitter)
Smart TVs sending private data to Netflix and Facebook (FT)
As sex toys continue to get hacked, the definition of sexual assault is under question (Screen Shot)
China hacked Asian telcos to spy on Uighur travelers (Reuters)
Why ‘SIM Swapping’ Is a Growing Security Nightmare (NYTimes)
YouTube will pay $170 million to settle claims it violated child privacy laws (CNBC)
An Update About Face Recognition on Facebook (Facebook Newsroom)
Amazon tests Whole Foods payment system that uses hands as ID (New York Post)
Firefox 69 arrives with third-party tracking cookies and cryptomining blocked by default (VentureBeat)
Ring Neighbors Is the Best and Worst Neighborhood Watch App (WireCutter)

August

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking (Wired)
Project Zero (Google Project Zero)
Indictment says accused Capital One hacker also used exploited cloud servers for cryptojacking (GeekWire)
Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns (TechCrunch)
Exclusive: U.S. officials fear ransomware attack against 2020 election (Reuters)
Deconstructing Google’s excuses on tracking protection (Freedom to Tinker)
Google proposes new privacy and anti-fingerprinting controls for the web (TechCrunch)
Apple aims to protect kids’ privacy. App makers say it could devastate their businesses. (The Washington Post)
Over 20 Texas local governments hit in ‘coordinated ransomware attack’ (ZDNet)
The first Lightning security key for iPhones is here, and it works with USB-C, too (The Verge)
Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years (Motherboard)
HOW A ‘NULL’ LICENSE PLATE LANDED ONE HACKER IN TICKET HELL (Wired)
Major breach found in biometrics system used by banks, UK police and defence firm (The Guardian)
Facebook Paid Contractors to Transcribe Users’ Audio Chats (Bloomberg)
Security researchers find that DSLR cameras are vulnerable to ransomware attack (The Verge)
The New York Times is still detecting Chrome Incognito Mode after Google’s fix (9to5Google)
I Tried Hiding From Silicon Valley in a Pile of Privacy Gadgets (Bloomberg Businessweek)
With warshipping, hackers ship their exploits directly to their target’s mail room (TechCrunch)
Instagram’s lax privacy practices let a trusted partner track millions of users’ physical locations, secretly save their stories, and flout its rule
Revealed: Microsoft Contractors Are Listening to Some Skype Calls (Vice)
Cyberattacks against industrial targets have doubled over the last 6 months (ZDNet)
Microsoft: Russian state hackers are using IoT devices to breach enterprise networks (ZDNet)
Microsoft launches Azure Security Lab, expands bug bounty rewards (ZDNet)
Apple suspends Siri response grading in response to privacy concerns (TechCrunch)

July

Capital One says data breach affected 100 million credit card applications (Washington Post)
Facebook warns of costly privacy changes, discloses another U.S. probe (Reuters)
NETFLIX’S THE GREAT HACK BRINGS OUR DATA NIGHTMARE TO LIFE (Wired)

June

When Grown-Ups Get Caught in Teens’ AirDrop Crossfire (The Atlantic)
The Day When Computers Can Break All Encryption Is Coming (WSJ)

May

This ID Scanner Company is Collecting Sensitive Data on Millions of Bargoers (OneZero)
The dangers of in-game data collection (Polygon)

April

These home security startups aren’t afraid of Amazon and Google (Fast Company)
Amazon Workers Are Listening to What You Tell Alexa (Bloomberg)
Google launches new security tools for G Suite users (TechCrunch)
Mysterious safety-tampering malware infects a second critical infrastructure site (Ars Technica)
Researchers find 540 million Facebook user records on exposed servers (TechCrunch)
‘Beyond Sketchy’: Facebook Demanding Some New Users’ Email Passwords (Daily Beast)
Facebook Is Just Casually Asking Some New Users for Their Email Passwords (Gizmodo)
WhatsApp finally lets you prevent people from adding you to their shitty groups (TNW)
WhatsApp now lets you control who can add you to groups (The Verge)

March

Huawei Security ‘Defects’ Are Found by British Authorities (NYTimes)
Microsoft sues to take control of domains involved in Iran hacking campaign (TechCrunch)
The Business of Your Face (Fortune)
FTC announces inquiry into the privacy practices of broadband providers (The Verge)
750,000 Medtronic defibrillators vulnerable to hacking (StarTribune)
Facebook acknowledges concerns over Cambridge Analytica emerged earlier than reported (The Guardian)
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years (Krebs on Security)
Facebook’s Data Deals Are Under Criminal Investigation (NYTimes)
Facial recognition’s ‘dirty little secret’: Millions of online photos scraped without consent (NBC News)
Triton is the world’s most murderous malware, and it’s spreading (MIT Technology Review)
Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets (WSJ)
Why ‘ji32k7au4a83’ Is a Remarkably Common Password (Gizmodo)
Scammers abused Facebook phone number search (BBC News)
Here are the data brokers quietly buying and selling your personal information (Fast Company)
W3C approves WebAuthn as the web standard for password-free logins (VentureBeat)
Do You Trust Your VPN? Are You Sure? (Slate)
Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask (Fast Company)

February

The latest Android devices now let you log into apps without requiring a password (The Verge)
Facebook will shut down its spyware VPN app Onavo (TechCrunch)
Google says the built-in microphone it never told Nest users about was ‘never supposed to be a secret’ (Business Insider)
How Huawei Targets Apple Trade Secrets (The Information)
Australia’s major political parties hacked in ‘sophisticated’ attack ahead of election (The Sydney Morning Herald)
Why data, not privacy, is the real danger (NBCNews)
Software pirates use Apple tech to put hacked apps on iPhones (Reuters)
Your Smart Light Can Tell Amazon and Google When You Go to Bed (Bloomberg)
Google warns about two iOS zero-days ‘exploited in the wild’ (ZDNet)
Programmer finds ridiculous ATM loophole that let him withdraw $1 million in cash (The Verge)
WHY CAPTCHAS HAVE GOTTEN SO DIFFICULT (The Verge)
Apple restores Google’s internal iOS apps after certificate misuse punishment (TechCrunch)

January

2018

December

How a government shutdown affects America’s cybersecurity workforce (FifthDomain)
At Blind, a security lapse revealed private complaints from Silicon Valley employees (TechCrunch)
Justice Department charges Chinese nationals in ‘extensive’ global hacking campaign (CNBC)
We Broke Into A Bunch Of Android Phones With A 3D-Printed Head (Forbes)
Facebook bug exposed up to 6.8M users’ unposted photos to apps (TechCrunch)
Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing (NYTimes)
U.S. investigators point to China in Marriott hack affecting 500 million guests (The Washington Post)
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret (NYTimes)
Quora Security Update (The Quora Blog)

November

Marriott says 500 million Starwood guest records stolen in massive data breach (TechCrunch)
8 People Are Facing Charges As A Result Of The FBI’s Biggest-Ever Ad Fraud Investigation (BuzzFeed)
Half of all Phishing Sites Now Have the Padlock (Krebs on Security)
Tim Cook defends multibillion-dollar Google search deal despite Apple’s privacy focus (The Verge)
Major SMS security lapse is a reminder to use authenticator apps instead (The Verge)
THE HAIL MARY PLAN TO RESTART A HACKED US ELECTRIC GRID (Wired)
Nigerian firm takes blame for routing Google traffic through China (Reuters)
Apple confirms its T2 security chip blocks some third-party repairs of new Macs (The Verge)
Scoop: AT&T to cut off some customers’ service in piracy crackdown (Axios)
Why robocalls have taken over your phone (The Verge)
Chrome will soon ad-block an entire website if it shows abusive ads (The Verge)
Private messages from 81,000 hacked Facebook accounts for sale (BBC News)
Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone (TechCrunch)

October

Google Launches reCAPTCHA v3 (Security Week)
Apple’s Tim Cook Makes Blistering Attack On the “Data Industrial Complex” (TechCrunch)
Why political text messages are flooding your phone (Axios)
Amazon cloud chief Jassy follows Apple in calling for retraction of Chinese spy chip story (CNBC)
Apple CEO Tim Cook Is Calling For Bloomberg To Retract Its Chinese Spy Chip Story (Buzzfeed)
Supermicro CEO Joins Cook in Calling for Bloomberg to Retract Supply Chain Hack Story (MacRumors)
Now Apps Can Track You Even After You Uninstall Them (Bloomberg)
Facebook on Hunt for Big Cybersecurity Acquisition (The Information)
Thieves steal a Tesla Model S by hacking the entry fob (Engadget)
A tech executive’s video of his Tesla Model S being hacked and stolen is going viral (Business Insider)
Video of the Tesla theft (YouTube)
Facebook Finds Hack Was Done by Spammers, Not Foreign State (WSJ)
It turns out that Facebook could in fact use data collected from its Portal in-home video device to target you with ads (Recode)
Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out (Motherboard)
GENOME HACKERS SHOW NO ONE’S DNA IS ANONYMOUS ANYMORE (Wired)
An Update on the Security Issue (Facebook)
Google, Exposures, and Breaches; Was Google Wrong?; The Political Considerations (Stratechery)
Google Exposed User Data, Feared Repercussions of Disclosing to Public (WSJ)
Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It? (Krebs on Security)
Instagram prototypes handling your location history to Facebook (TechCrunch)
Instagram is testing the ability to share your precise location history with Facebook (The Verge)
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (Bloomberg Businessweek)
Russia cyber-plots: US, UK and Netherlands allege hacking (BBC News)
Facebook Hack Puts Thousands of Other Sites at Risk (NYTimes)

September

Hacker says he’ll livestream deletion of Zuckerberg’s Facebook page (Engadget)
Teen Apple Hacker Avoids Jail in Australia After Serious Attacks (Bloomberg)
Amazon Investigates Employees Leaking Data for Bribes (WSJ)
Additional Mac App Store apps caught stealing and uploading browser history (9to5Mac)
No. 1 paid utility in Mac App Store steals browser history, sends it to Chinese server (9to5Mac)
U.S. charges North Korean operative in conspiracy to hack Sony Pictures, banks (The Washington Post)
HOW GOOGLE CHROME SPENT A DECADE MAKING THE WEB MORE SECURE (Wired)

August

Mozilla announces Firefox will block trackers by default (Venture Beat)
Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales (Bloomberg)
Yahoo, Bucking Industry, Scans Emails for Data to Sell Advertisers (WSJ)
Epic’s first Fortnite Installer allowed hackers to download and install anything on your Android phone silently (Android Central)
Google finds evidence of attack linked to Iran state media (Axios)
23andMe will no longer let app developers read your DNA data (CNBC)
THE UNTOLD STORY OF NOTPETYA, THE MOST DEVASTATING CYBERATTACK IN HISTORY (Wired)
Welcome to the Age of Privacy Nihilism (The Atlantic)
Sprawling Iranian influence operation globalizes tech’s war on disinformation (The Washington Post)
New Russian Hacking Targeted Republican Groups, Microsoft Says (NYTimes)
APNewsBreak: Google clarifies location-tracking policy (The Associated Press)
SPECTRE-LIKE FLAW UNDERMINES INTEL PROCESSORS’ MOST SECURE ELEMENT (Wired)
Banks and Retailers Are Tracking How You Type, Swipe and Tap (NYTimes)
EVEN ANONYMOUS CODERS LEAVE FINGERPRINTS (Wired)
An 11-Year-Old Changed The Results Of Florida’s Presidential Vote At A Hacker Convention. Discuss. (Buzzfeed News)
Dozens of Vegas slots went offline simultaneously during a hacker convention (Mashable)
Cisco to acquire Ann Arbor-based Duo Security in $2.35 billion deal (Crain’s Detroit Business)

July

Miles is an app that tracks your every move in exchange for deals and discounts (The Verge)
St. Louis Uber driver has put video of hundreds of passengers online. Most have no idea. (St. Louis Dispatch)
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (Motherboard)
N.S.A. Purges Hundreds of Millions of Call and Text Records (NYTimes)

June

The Biggest Digital Heist in History Isn’t Over Yet (Bloomberg)
Wi-Fi security is starting to get its biggest upgrade in over a decade (The Verge)
For BlackBerry Key2, privacy is (again) a key pitch for comeback (CNET)
Facebook Gave Data Access to Chinese Firm Flagged by U.S. Intelligence (NYTimes)
Facebook Gave Device Makers Deep Access to Data on Users and Friends (NYTimes)
he Search for Women Who Want Cybersecurity Careers (WSJ)

May

April