Security, Spoken

You'd think that mammography machines, radiology systems, and ultrasounds would maintain the strictest possible security hygiene. But new research shows that a whopping 83 percent of medical imaging devices run on operating systems that are so old they no longer receive any software updates at all. That issue is endemic to Internet of Things devices generally, many of which aren't designed to receive software improvements or offer only a complicated path to doing so. Learn about your ad choices: dovetail.prx.org/ad-choices

Since Russia’s stunning influence operations during the 2016 United States presidential race, state and federal officials, researchers, and tech companies have been on high alert for a repeat performance. With the 2020 election now just seven months away, though, newly surfaced social media posts indicate that Russia’s Internet Research Agency is adapting its methods to circumvent those defenses. Learn about your ad choices: dovetail.prx.org/ad-choices

Hackers can clone millions of Toyota, Hyundai, and Kia keys due to encryption flaws in car key immobilizers. Vulnerability in key fob encryption of certain car models raises concerns about high-tech theft. Researchers stress the importance of enhancing security measures to protect against hacking incidents.

Opening email attachments from untrusted senders has long been one of the easiest ways to get hacked. But unlike other common security screw-ups—using "password" for your password, downloading pirated software from shady websites—there's no practical way for a modern human to avoid opening the occasional mystery-meat attachment. Now one technologist has produced a solution. Learn about your ad choices: dovetail.prx.org/ad-choices

This is a story about something that could have gone wrong on the internet this week but instead turned out mostly OK. How often can you say that? Around nine o’clock on the East Coast on Friday, February 28, bad news arrived on the doorstep of Let’s Encrypt. An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost. Learn about your ad choices: dovetail.prx.org/ad-choices

As the novel coronavirus continues to propagate, phishing scams that pose as Covid-19 advice do as well. The trend started over a month ago, but it's only going to get worse. Abide by these tips to avoid them, and also please keep washing those hands. In non-pandemic news, researchers figured out how to clone the mechanical keys of tens of millions of cars from Toyota, Hyundai, and Kia, making theft a much simpler matter. Learn about your ad choices: dovetail.prx.org/ad-choices

A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2003, security researchers Katie Moussouris and a colleague at enterprise security firm @stake—which would later be acquired by Symantec—found a bad flaw in an encrypted flash drive from Lexar. It was trivial to uncover the password that decrypted the drive's data. But when they tried to let Lexar know? "Things went wrong," says Chris Wyspol, who was also working at @stake at the time. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, North Korea's Lazarus Group hackers have plundered and pillaged the global internet, scamming and infecting digital devices around the world for espionage, profit, and sabotage. One of their weapons of choice: a so-called loader that allows them to clandestinely run a diverse array of malware on targeted Macs with hardly a trace. But Lazarus didn't create the loader on its own. The group seems to have found it laying around online, and repurposed it to elevate their attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

It was the RSA security conference in San Francisco this week, and the security industry descended on Moscone Center for days of handing out free stickers, demoing products, and presenting research. And the week was punctuated by fewer handshakes and more elbow bumps thanks to Covid-19. WIRED looked at research that North Korea is recycling Mac malware, and how it's indicative of booming malware reuse. Learn about your ad choices: dovetail.prx.org/ad-choices