The fallout from CrowdStrike’s deleterious software update came into full view this week as system administrators and IT staffers scrambled to get digital systems back online and return operations to normal. Elsewhere, the Olympics began this week, and Paris is ready with a controversial new surveillance system that hints at a future of ubiquitous CCTV camera coverage. And researchers revealed new findings this week about the innovative malware Russia used in January to sabotage a heating utility in Lviv and cut heat to 600 Ukrainian buildings at the coldest point in the year.
The US Department of Defense has a $141 billion idea to modernize US intercontinental ballistic missiles and their silos around the country. Meanwhile, the European Commission is allocating €7.3 billion for defense research—from drones and tanks to battleships and space intelligence—over the next seven years. And hackers have established a “ghost” network to quietly spread malware on the Microsoft-owned developer platform GitHub.
In more encouraging news, a former Google engineer has built a prototype search engine, dubbed webXray, meant to allow users to find specific privacy violations online, determine which sites are tracking you, and see where all that data goes.
And there’s more. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
Leaked files obtained by The Guardian reveal that the Israeli government took extraordinary measures to prevent information about the Pegasus spyware system from falling into the hands of US courts, including seizing files directly from the company to prevent legal disclosure. The spyware is the product of the Israel-based NSO Group. It allows users to infect smartphones, extract messages and photos, record calls, and secretly activate microphones. NSO Group faces legal action in the US brought by WhatsApp, which claims the company engineered Pegasus to target users of its messaging software. According to WhatsApp, more than 1,400 of its users were targeted. NSO, whose software has been allegedly tied to the harassment and murder of journalist Jamal Khashoggi, has denied any wrongdoing.
In an effort to thwart BIOS-based threats, prompted in part by the rollout of a powerful rootkit designed by a Chinese researcher in 2007, Secure Boot became a widely adopted tool. Unfortunately, researchers at the security firm Binarly have revealed that Secure Boot is now “completely compromised” on more than 200 device models, affecting major hardware manufacturers like Dell, Acer, and Intel. The incident was the result of a weak cryptographic key used to establish trust between hardware and firmware systems. AMI, the key’s owner, says it was meant to be used for testing and should never have made its way into production.
Following in Meta’s footsteps, Elon Musk’s X quietly adjusted its settings this week to give the company’s AI system—known as Grok—access to all of its users’ posts. There is a way to prevent Grok from ingesting your posts; however, you cannot perform this action from the mobile app. You’ll need to access X’s Settings using a desktop computer; select Privacy and Safety, then select Grok, and then uncheck the box. Or just head straight here to go directly to the right settings page. (You can also delete your conversation history with Grok, if you have one, by clicking Delete conversation history.)