Arguably the biggest news in security this week was also the strangest; a company barely a year old announced a series of AMD vulnerabilities, giving the chip company only a day or so advance notice before making the results public. And despite the hype, the bugs themselves were of questionable severity. It was almost as hard to make sense of as YouTube’s decision to add Wikipedia links to controversial videos. Almost.
On the international scene, the White House finally imposed sanctions against Russia—specifically, against the IRA troll factory for election meddling and the GRU intelligence agency for unleashing NotPetya malware on the world.
In other political news, the Florida Legislature voted for a bill that would bring unprecedented transparency to the criminal justice system. And a series of laws that want to curb porn online are picking the same fights that the government did decades ago. Meanwhile, voice chat app Zello has let ISIS accounts live on its platform for years without taking much action at all to stop them.
And in sadder news, hacker Adrian Lamo died this week at the age of 37. Best known now for tipping US authorities to Chelsea Manning’s leaks, he had previously been a renowned hacker, as featured in this 2002 WIRED profile.
But, wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Oh, dear. Five million Android smartphones are infected with a strain of Chinese malware called RottenSys, which is bad enough news if not that uncommon. It does normal smartphone malware things, like showing junk ads. But security firm Check Point now says that RottenSys has evolved to also conscript its victims into a botnet. It’s unclear what that botnet might be used for—other than the safe assumption of a some big ol’ DDoS attacks at some point—but because China has no Google Play Store running malware interference, it’s likely that its numbers are only going to grow from here.
Somehow, even months later, the Equifax data breach scandal continues to snowball. On Wednesday, federal prosecutors charged Jun Ying, a former chief information officer at an Equifax business, with insider trading. The indictment alleges that Ying unloaded his Equifax stock between discovering that the company had suffered the breach and its eventual disclosure. The complaint says Ying sold the shares for just under $1 million. At this point, it seems like the only thing that will stay with us longer than Equifax breach news are the compromised accounts of its 145 million victims.
Last week, the Department of Justice arrested Vincent Ramos, founder and CEO of secure smartphone company Phantom Secure, on charges including racketeering conspiracy to conduct enterprise affairs and conspiracy to distribute narcotics. Now, the feds have followed up with an indictment against four Phantom Secure associates, none of whom are currently in custody. The case seems to focus on whether Phantom Secure knowingly assisted drug traffickers and other criminals in the course of its business.