This week noticed a tragic begin, when late Sunday evening a person named Stephen Paddock killed 58 individuals and wounded lots of extra in Las Vegas. Hoaxes and conspiracy theories flooded the web within the fast aftermath, as did questions—since answered—round how Paddock was able to fire at automatic speeds. We additionally took a look at gun-control tech—however did not discover a lot that is promising.
There’s at the least somewhat levity—though extra tragicomic, actually—in Yahoo saying that its one-billion account leak in 2013 was truly a three-billion account leak. You additionally would possibly take pleasure in this useful information to when Donald Trump is tweeting, and when one in every of his staffers has commandeered his account. Additionally, the Division of Power’s e mail about not leaking leaked, in order that’s enjoyable.
OK, again to horrible issues. There’s been an alarming rise in cyberattacks against abortion clinics lately. One other NSA contractor let critical data slip. The Equifax leak took on a terrible new dimensions within the type of a Congressional listening to. And Chief of Staff John Kelly’s personal phone got compromised final December, which invitations all kinds of potential horrible outcomes.
And but, someway, there’s extra! As all the time, we’ve rounded up all of the information we didn’t break or cowl in depth this week. Click on on the headlines to learn the complete tales.
On Thursday, Apple launched the primary replace to Excessive Sierra, the brand new macOS working system that debuted on the finish of September. And it’s an essential one. Excessive Sierra 10.13 had two disappointing credential safety bugs at launch, however Apple says that each have been patched on this replace. One is a bug that would have let attackers use a third-party app to pilfer usernames and passwords from macOS’s Keychain device that shops credentials. The opposite is a flaw that exposed plain textual content passwords within the password trace for encrypted Apple File Programs volumes. In the event you added disk encryption with a touch, the plain textual content of your password would present up within the trace discipline within the Disk Utility. No bueno. In the event you already created an encrypted quantity earlier than you put in the replace, you’ll have to again it up, wipe the drive, reformat the File Programs quantity, after which restore from the backup. Both manner, use Apple’s “Software program Replace” device to obtain the patch. Like…proper now.
Google’s elite Project Zero team of cybersecurity specialists has referred to as out Microsoft for issuing patches inconsistently, and in a way that would tip off attackers to vulnerabilities in older variations of the working system. The repair, Google says, is simply to use the identical updates throughout all iterations, in order that hackers cannot infer what vulnerabilities is likely to be hiding the place based mostly on a given patch.
Technically this occurred final week, however for hopefully comprehensible causes we’re nonetheless mentioning right here. Authorities not too long ago apprehended Gal Vallerius in reference to promoting medicine on the darkish internet bazaar Dream Market, allegedly below the deal with OxyMonster. Whereas Vallerius lives in France, the feds picked him up in Atlanta, as he was touring to a “world beard-growing championship” in Austin, Texas. The darkish internet markets have been in a little bit of chaos ever since this summer season’s Alphabay and Hansa takedowns, however have hardly ever seen such a bushy scenario.