The US Used the Patriot Act to Justify Logging Website Visitors

The two stories that have dominated headlines in the US in 2020, the Covid-19 pandemic and the presidential election, were still in the news this week as virus cases and death tolls rise and the promise of a vaccine looms. New research, though, indicates that phishers have been targeting vaccine development groups and particularly organizations that work on the global cold chain, which will be crucial for storing and shipping vaccine doses worldwide. Meanwhile, President Donald Trump has continued to spread falsehoods and conspiracy theories about the validity of his loss to president-elect Joe Biden. On Tuesday, though, US attorney general William Barr went on record saying that the Justice Department “has not seen fraud on a scale that could have effected a different outcome in the election,” a crucial pronouncement that leaves the Trump reelection campaign with even fewer options to contest the result.

A “magical bug” in iOS, now patched, could have let an attacker take full control of any iPhones in the hacker’s Wi-Fi range and then automatically worm the infection to other nearby devices. Startups are rushing to develop tools that can vet artificial intelligence systems to find vulnerabilities and loopholes before they can be exploited. And the hackers behind the notorious botnet TrickBot have added malware capabilities to check if a target device’s firmware is vulnerable to attack and, if so, burrow deeper for long-term persistence.

In good news, a coalition of internet infrastructure groups is making progress securing the foundational internet data-routing system known as Border Gateway Protocol. And as Google looks to offer end-to-end encryption in the RCS messaging protocol, it plans to use the open source Signal Protocol, which already underpins secure messaging app Signal as well as giants like WhatsApp. Now that it may roll out to Android’s 2 billion users, we took a look at how the protocol works and what you need to know about it.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The US government has…