![](\"https:\/\/media.wired.com\/photos\/5cdf487738916b72fda0c4a8\/master\/pass\/Orders-499278430.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Sat, 18 May 2019 13:00:00 +0000<\/strong><\/p>\n The week started <\/span>out with a bang, or several of them really. Remember Meltdown and Spectre, the vulnerabilities that affected basically every Intel processor from the last decade? There\u2019s a related attack called ZombieLoad<\/a>\u2014yes, ZombieLoad\u2014with similarly broad and bad impact. Serious stuff! But honestly not even the worst disclosure of the week.<\/p>\n That distinction probably goes to Cisco<\/a>. Researchers at security firm Red Balloon found that they could hack the company\u2019s ubiquitous enterprise router, meaning they could listen in on whatever traffic goes to and from those networks. Cisco then acknowledged that dozens of its products were susceptible to the attack, likely comprising millions of devices, and that a fix would require an on-site visit.<\/p>\n And that\u2019s before you even get to the week\u2019s big actual hack: Israeli hacking company NSO Group apparently found a way to break into phones simply by placing a phone call through WhatsApp<\/a>. The recipient didn\u2019t even have to pick up. There\u2019s also Microsoft, which released its first Windows XP patch<\/a> since the months before the WannaCry ransomware strain swept to globe\u2014and we all know how that turned out<\/a>.<\/p>\n I can\u2019t stress enough that all of these things had happened by Tuesday.<\/p>\n Things calmed down a bit from there. The FCC rolled out a new robocall-stopping plan<\/a>, which is pretty much the same as the old robocall-stopping plan. Google recalled its multi-factor authentication Titan Security Key<\/a> over a Bluetooth flaw. The feds and Europol took down a sophisticated international cybercrime ring<\/a>. And we took a look at how technology aided the National Security Council\u2019s ascendency in wartime matters.<\/p>\n And there\u2019s more! Each week we round up the news that we didn\u2019t break or cover in depth but that you should know about. As always, click on the headlines to read the full stories. And stay safe out there.<\/p>\n Google has been on a big ol\u2019 privacy PR push lately, including a fancy New York Times<\/em> op-ed from CEO Sundar Pichai<\/a> extolling the importance of protecting your data. Which is a great sentiment that doesn\u2019t quite jibe with the revelation this week that Google also raids your Gmail account for signs of transactions, and collects them all on a separate webpage for your account. You can find yours here<\/a>. It includes Amazon purchases, subscriptions, tickets, really anything for which you got an emailed receipt. Google says it doesn\u2019t use the information to serve ads, and that the page exists \u201cto help you easily view and keep track of your purchases, bookings and subscriptions in one place.\u201d Honestly, it\u2019s no surprise that Google\u2019s machines can read your email. But it\u2019s hard to understand on what planet the company thought maintaining a hidden away page that catalogs your retail activity there would read as anything but creepy and invasive. There\u2019s no easy way to delete that history, other than deleting receipts from your email or ticking through them one at a time on your Purchase page. To get at least a little control back over how Google tracks you, head to this preferences page<\/a> and click \u201cDo not use private results.\u201d Because naturally, Google chose to make the use of private results the default, instead of opt-in.<\/p>\n As trade tensions between the US and China remain unresolved, president Donald Trump this week struck a blow to a favorite target: Huawei, the Chinese tech company that the US has accused of posing a national security threat. In an executive order Wednesday, Trump banned transactions that pose \u201can unacceptable risk;\u201d the Commerce Department followed by placing Huawei on its so-called Entity List, which severely limits the extent to which US companies can do business with it.<\/p>\n In a lengthy investigative report this week, ProPublica reports that multiple data recovery companies that promised to beat ransomware with the \u201clatest technology\u201d called Proven Data Recovery simply paid off the hackers behind the SamSam ransomware<\/a> instead. Paying isn\u2019t the worst idea when you\u2019re in that situation, but to lying to customers and charging them fees on top of it kind of is.<\/p>\n