![](\"https:\/\/media.wired.com\/photos\/5b8086a63dca62083fbf4860\/master\/pass\/FacebookCreepyApp-831882106.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Emily Dreyfuss| Date: Sat, 25 Aug 2018 14:40:21 +0000<\/strong><\/p>\n The biggest news <\/span>in America this week struck like two timed missiles minutes apart on Tuesday afternoon. Though they appear at first blush unrelated to Russia\u2019s hacking of the 2016 US election, they are likely to explode right in the heart of Robert Mueller\u2019s investigation. First. Trump\u2019s former lawyer Michael Cohen pleaded guilty to two felonies\u2013implicating the president in both crimes in court\u2013and then Trump\u2019s former campaign chairman Paul Manafort<\/a> was found guilty of eight criminal charges. Robert Mueller expert Garrett Graff<\/a> explains what this means for the Russia investigation, and spells out the six biggest questions<\/a> now facing the administration, Congress, and the American people.<\/p>\n WIRED\u2019s latest cover story<\/a> details the most devastating cyberattack in history. Andy Greenberg spent the better part of a year getting the full story of the NotPetya code, which took down the world\u2019s cyber infrastructure in 2017. Greenberg reveals previously untold details about the devastation NotPetya caused, particularly at shipping giant Maersk, in breathtaking detail.<\/p>\n Of course there was more news in the security world. The Democratic National Committee thought a phishing test<\/a> was a real attack. Researchers discovered the ultrasonic sound<\/a> monitors make can reveal what\u2019s on your screen. We explained how to protect yourself<\/a> from a SIM swap attack. Facebook and Twitter thwarted suspicious activity<\/a> coming from Iran, and Microsoft seized six domains<\/a> owned by Russian hacking group Fancy Bear\u2014both of which were attempting to influence the midterm elections. With tech companies seemingly on the front lines of defending democracy from foreign aggressors, we wonder<\/a>, why isn\u2019t the government doing more? Should it really be up to Silicon Valley to defend US democracy?<\/p>\n Plus, there's more. As always, we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.<\/p>\n Apple\u2019s been a quest this summer to force all apps in its App Store to conform to stricter privacy rules. Unsurprisingly, Facebook\u2019s so-called security app Onavo failed and was subsequently booted. Onavo is a virtual private network app that lets you access the internet on your phone through a private Facebook server. While that makes it harder for third parties or hackers to spy on your phone activity, it gives Facebook full access to it. Not ideal. And while Facebook removed Onavo from the App Store, if you downloaded it already\u2014or if you have it on Android\u2014it's still there, logging all your data. You need to delete the app manually. And if you\u2019re still not convinced it\u2019s a bad idea to let Facebook spy on all your phone activity even when it has nothing to do with the social media site, we wrote you this explainer about all Onavo\u2019s problems a few months<\/a>. Read it, then get deleting.<\/p>\n This story is bananas. In possibly the biggest security fraud case in US history, according to law enforcement, stock traders on Wall Street were paying hackers to break into business newswire websites to steal embargoed press releases that would allow the traders to make preemptive stock buys. The Verge this week traced the whole scheme back to three Russian hackers, who were embroiled in a turf war over access to the press release sites. The story is a classic saga of greed, but with a modern twist: with the internet, insider trading becomes a whole new thing. As reporter Isobel Koshiw writes, \u201cTraders no longer need someone inside a company to obtain inside information. Instead, they can turn to hackers, who can take their pick of security weaknesses.\u201d<\/p>\n Australia has a lot going for it: weird animals, lots of sun, and great accents. But apparently internet security isn\u2019t a strong suit. At least, not in Western Australia, where a recent security audit of government agencies found that more than a quarter of government officials had seriously weak passwords. Five thousand of them has the word \u201cpassword\u201d in their password. Luckily, this was revealed by a government-ordered audit, so there\u2019s time for these officials to process the shame of their poor passwords and come up with something stronger. If they need some tips, they can start here<\/a>.<\/p>\n Only three days after Washington\u2019s Dulles Airport switched on its new biometric facial recognition tech, the system caught an imposter trying to enter the US from Brazil on a fake passport. This is the first time this implementation has caught an identity scammer, according to authorities. They said it was likely human passport agents would have allowed the man to enter because he looked much like the picture on the passport. The facial recognition system, however, flagged him. Authorities later found the man\u2019s real ID hidden in his shoe, arrested him, and sent back to Brazil.<\/p>\n On Thursday, a US District Court Judge in Georgia sentenced former NSA contractor Reality Winner to 63 months in prison for violating the Federal Espionage Act. Winner had pled guilty earlier this summer to leaking a confidential NSA report on Russian election hacking to the website The Intercept. The Intercept faced criticism after it published an article<\/a> based on Winner\u2019s leak, because in the process of reporting it inadvertently clued officials into Winner's identity based on printer marks on the leaked document.<\/p>\n If you have no idea what Struts 2 is, you should stop reading, go outside, and enjoy your weekend, hopeful that the people who do know keep reading and update theirs immediately. Threat Post reports that the Apache Software Foundation found a vulnerability in open-source developer framework Struts 2, used for coding in Java, that could be more dangerous than a similar vulnerability that led to the massive Equifax breach last year. \u201cThe vulnerability is caused by insufficient validation of untrusted user data in the core of the Struts framework,\u201d Threat Post reports. Apache is urging all developers to update. If you use Struts 2.3, update to 2.3.35. If you use 2.5, update to 2.5.17. Got that? Great. Thanks for updating and keeping us all safe!<\/p>\n