Wired Security Spoken Edition

The Google Pixel 3 has all the betterments you would expect from a flashy flagship smartphone: great camera, zippy processor, smarter AI. It also, though, comes with an unexpected bonus, one that works so deeply in the background you’ll likely never even know it’s there. The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy. Learn about your ad choices: dovetail.prx.org/ad-choices

When Facebook announced at the end of September that it had suffered a data breach that ultimately affected 30 million accounts, it seemed, perhaps, like the work of sophisticated nation state hackers. But a new report from The Wall Street Journal suggests spammers as the culprit instead. That shouldn't make you feel that much better, though, given just how much damage criminals can do with the kind of information stolen from Facebook. It was, after all, a lot. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2013, cybersecurity firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

One nice thing about using web-based services is that you rarely need to take charge. You just sign up for an account, and instantly access your data from anywhere on any device without having to know how the internet works, much less how to configure a server. But that lack of control over the process is also, increasingly, the problem. Companies hold your data on their servers, which means it could get used in ways you—and sometimes even they—don't realize. Learn about your ad choices: dovetail.prx.org/ad-choices

After two weeks of investigation, Facebook announced additional details on Friday of how attackers carried out a massive breach of the social network that compromised accounts for tens of millions of users. The company downgraded its estimate of how many users had their access tokens stolen from an original estimate of at least 50 million to 30 million—and shed new light on exactly how an attack of this magnitude happened in the first place. Learn about your ad choices: dovetail.prx.org/ad-choices

When you give an organization your data, and then that data gets exposed or stolen, you probably want to know about it. Seems simple enough. If a friend lost your sweater, you'd expect him to tell you. But a seemingly endless parade of massive data exposures—including, most recently, at Facebook and Google—reveal just how complicated that practice of disclosure can be. Learn about your ad choices: dovetail.prx.org/ad-choices

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Graff, a historian and journalist, wrote the book on Robert Mueller (literally), has interviewed him probably more than any other journalist, and covers the investigation for WIRED. Learn about your ad choices: dovetail.prx.org/ad-choices

The good news: A recent scourge of fake Adobe installers really does update you to the latest version of Flash. The bad news: It places cryptomining malware on your machine in the meantime. The Hack Researchers at Palo Alto Networks this week warned of the latest evolution in both cryptojacking and fake Flash updates, two popular forms of cyber malfeasance united in one unpleasant parcel. Learn about your ad choices: dovetail.prx.org/ad-choices

At the end of last month, Facebook made a bombshell disclosure: As many as 90 million of its users may have had their so-called access tokens—which keep you logged into your account, so you don't have to sign in every time—stolen by hackers. Friday, the company put the actual number at 30 million. Here's how to see if you were one of them, and if so, what the hackers got from your account. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, the Kremlin's increasingly aggressive hackers have reached across the globe to hit targets with everything from simple phishing schemes to worms built from leaked NSA zero day vulnerabilities. Now, law enforcement agencies in the US and Europe have detailed another, far more hands-on tactic: Snooping on Wi-Fi from a vehicle parked a few feet away from a target office—or even from a laptop inside their hotel. Learn about your ad choices: dovetail.prx.org/ad-choices

The first step in solving any problem is admitting there is one. But a new report from the US Government Accountability Office finds that the Department of Defense remains in denial about cybersecurity threats to its weapons systems. Specifically, the report concludes that almost all weapons that the DoD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. Learn about your ad choices: dovetail.prx.org/ad-choices

Cybersecurity researchers regularly disclose the bugs they find in different applications and websites across the internet. Sometimes, these vulnerabilities are incredibly complicated to exploit, evidence more of a researcher's expertise than something the average consumer should worry about. In other scenarios, analysts find simple holes that a novice could use to steal information. This is a case of the latter. Learn about your ad choices: dovetail.prx.org/ad-choices

A major report from Bloomberg on Thursday describes an infiltration of the hardware supply chain, allegedly orchestrated by the Chinese military, that reaches an unprecedented geopolitical scope and scale—and may be a manifestation of the tech industry's worst fears. If the details are correct, it could be a nearly impossible mess to clean up. "This is a scary-big deal," says Nicholas Weaver, a security researcher at the University of California at Berkeley. Learn about your ad choices: dovetail.prx.org/ad-choices

Google announced on Monday that it is shuttering its Google+ social network, following revelations in a Wall Street Journal report that the company did not disclose a recently discovered bug that had exposed data from up to 500,000 Google+ users users since 2015. In the same breath, the company introduced new tools to give users more control over the data they share with apps and services that connect to Google products. Learn about your ad choices: dovetail.prx.org/ad-choices

Donald Trump plans to text you Wednesday, whether you want him to or not. The first nationwide test of the government’s Presidential Alert system will unfold at 2:18 pm ET, when every cell phone user in the United States will receive a text message from FEMA saying, “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed. Learn about your ad choices: dovetail.prx.org/ad-choices

Near the end of September, before the United Nations, President Donald Trump leveled an extraordinary charge: China was attempting to “meddle” and “interfere” in the upcoming US election. A senior intelligence official repeated the claim on a subsequent call with reporters. Learn about your ad choices: dovetail.prx.org/ad-choices

The sales intelligence firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. "On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access," cofounder and CEO Tim Zheng wrote. "We can appreciate that this situation may cause you concern and frustration." In fact, the scale and scope of the breach has a lot of people concerned. Learn about your ad choices: dovetail.prx.org/ad-choices

You lock your phone so other people can't access it. But how you lock your phone is an important factor in whether law enforcement can compel you to unlock it. Apple's year-old Face ID system is no exception. On Sunday, Forbes reported the first known example of law enforcement anywhere using a suspect's face to unlock a phone during an investigation. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook has received ample blame for the historic data breach that allowed hackers to not only take over the accounts of at least 50 million users, but also access third-party websites those users logged into with Facebook. But what makes it so much worse is that fixing the issue is, in many ways, out of Facebook's hands. Learn about your ad choices: dovetail.prx.org/ad-choices

Malware on Apple's MacBook and iMac lines is more prevalent than some users realize; it can even hide in Apple's curated Mac App Store. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. That's why more subtle approaches are significant. Learn about your ad choices: dovetail.prx.org/ad-choices