Norton Put a Cryptominer in Its Antivirus Software | #computerhacking | #hacking | #education | #technology | #infosec


This week, we reported that Signal has gone forward with its controversial cryptocurrency integration. All of the encrypted messaging app’s users now have access to MobileCoin, a privacy-focused cryptocurrency that US exchanges still don’t offer. The intent is to give monetary transactions the same protection from surveillance that Signal brought to messaging. But skeptics worry that introducing a financial element will bring unwanted complexity and regulatory scrutiny to Signal, an app that millions of people have come to rely on.

In hacking news, criminal campaign has struck thousands of victims in over a hundred countries, which in itself isn’t necessarily all that unusual. Microsoft fixed the vulnerability the attackers are exploiting, though, nearly a decade ago. The problem: The patch is optional, and most users wouldn’t know where to get it even if they wanted to. If anything, it’s surprising that it took this long for someone to take advantage.

It’s a new year, which means it’s a great time for a couple of refreshers on how to stay safe online. We looked at how to send messages that automatically vanish on various chat apps. And we walked you through a few ways to delete yourself from the internet altogether, should the occasion call for it.

As part of this year’s virtual WIRED HQ at CES, we had a wide-ranging conversation with former congressman Will Hurd about the future of cybersecurity, cryptocurrency, the metaverse, and much more.

And that’s not all! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

Norton, what are you doing! Several months ago the antivirus giant snuck a cryptominer into its consumer software, as noted by author and digital rights activist Cory Doctorow earlier this week. The pitch is that you can opt in to letting Norton mine cryptocurrency on your computer while you’re not using it; the software will even set up a secure wallet for you, all for a mere 15 percent cut of the proceeds. To be clear, you should absolutely not do this. Not only is cryptomining a drain on the environment, it introduces complexity and potential security issues to users who likely don’t know what they’re getting into. Some Norton customers have also reported issues with turning the feature off after they opted in.

For years, the publishing world has been roiled by a sophisticated spearphishing spree that has resulted in the theft of hundreds of unpublished book manuscripts. This week, the FBI made an arrest in the case, charging 29-year-old Filippo Bernardini with wire fraud and aggravated identity theft. Bernardini himself worked as a rights coordinator for publishing giant Simon & Schuster UK, a role that gave him insider knowledge which allegedly helped him craft more convincing phishing emails.

Nearly a thousand schools were hit by ransomware attacks in 2021 alone. But 2022 kicked off 5,000 school websites going down, after ransomware operators hit third-party website provider FinalSite. The company took many of those sites offline preemptively to prevent the spread of the malware, and losing access to an online portal for a few days isn’t nearly as bad as having to cough up ransomware money directly. Still, it’s yet another reminder of how much damage ransomware gangs can inflict when they hit widely used software-as-a-service companies rather than individual targets.

A wave of NFT thefts has underscored a tension in decentralized marketplaces. Platforms like OpenSea can help victims in some cases, but only through mechanisms that show how centralized things really are. In other words, the promises of web3 aren’t really panning out as advertised, which Signal founder Moxie Marlinspike articulates better than anyone has yet right here. Long story short: Meet the new web, same as the old web.

More Great WIRED Stories


Source link