Apologies to anyone who was hoping for a quiet December on the cybersecurity front. Late in the week, a vulnerability in Apache’s Log4j logging framework exposed large swaths of the internet to relatively simple hacking. There’s not much you can do to protect yourself here, since the issue is largely server-focused, but the full fallout will likely affect many services you use on a daily basis. Worse still, malicious hackers have already developed ways to exploit it, and are actively hunting for potential victims. Cheers!
This week also marked the one-year anniversary of the SolarWinds hack, or at least the first public hints of it. We took a look at the progress that has been made to prevent this sort of supply chain attack in the future, and all that’s still left to do. The good news is that the campaign served as a wake-up call that spurred real commitments from the public and private sector alike. The bad news? There’s no one fix, and the available options will take a long time to implement in a meaningful way.
In the good news department, Microsoft this week said it seized domains used by a Chinese hacking group, the latest in a series of actions by the company that have cumulatively resulted in over 10,000 sites being taken down. It’s part of Microsoft’s strategy to disrupt these groups through the legal system, gaining court orders that allow it to shut down domains used for command-and-control servers.
Russia took steps toward blocking the anonymous browser Tor this week, telling the country’s internet service providers to prevent access Tor’s website and disrupting some access points. It’s the latest in a series of moves the Kremlin has taken lately to isolate its internet from the rest of the world.
And if you’re a Verizon customer, you may have been opted into some gnarly data tracking even if you’d previously opted out. Surprise! Here’s how to turn it off for real this time.
But wait, there’s more. Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.
Since his April 2019 arrest, Wikileaks founder Julian Assange has fought US attempts to extradite him to face hacking and Espionage Act charges. While he…