It’s been almost two years since Russia’s invasion of Ukraine, and because the grim milestone looms and winter drags on, the 2 nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to resolve the battle within the technique of advancing fashionable warfare.

If you made some New Year’s resolutions associated to digital safety (it’s not too late!), try our rundown of the most significant software updates to install right now, together with fixes from Google for almost 100 Android bugs. It’s near unattainable to be fully nameless on-line, however there are steps you can take to dramatically enhance your digital privacy. And if you happen to’ve been contemplating turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.

If you’re simply not fairly able to say goodbye to 2023, have a look again at WIRED’s highlights (or lowlights) of the most dangerous people on the internet final 12 months and the worst hacks that upended digital security.

But wait, there’s extra! Each week, we spherical up the safety and privateness information we didn’t break or cowl in depth ourselves. Click the headlines to learn the complete tales, and keep secure on the market.

23andMe mentioned firstly of October that attackers had infiltrated a few of its customers’ accounts and abused this entry to scrape private knowledge from a bigger subset of customers by way of the corporate’s opt-in social sharing service generally known as DNA Relatives. By December, the corporate disclosed that the variety of compromised accounts was roughly 14,000 and admitted that private knowledge from 6.9 million DNA Relatives customers had been impacted. Now, going through greater than 30 lawsuits over the breach—even after tweaking its terms of service to make authorized claims towards the corporate tougher—the corporate mentioned in a letter to some people that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing evaluation that attackers compromised the 14,000 consumer accounts by way of “credential stuffing,” the method of accessing accounts utilizing usernames and passwords compromised in different knowledge breaches from different providers that individuals have reused on a number of digital accounts. “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the corporate wrote within the letter.

“Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events,” Hassan Zavareei, one of many legal professionals representing victims who obtained the letter, advised TechCrunch. “23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing—especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform.”

Russia’s warfare—and cyberwar—in Ukraine has for years produced novel hybrids of hacking and bodily assaults. Here’s one other: Ukrainian officers this week mentioned that they’d blocked a number of Ukrainian civilians’ safety cameras that had been hacked by the Russian navy and used to focus on current missile strikes on the capital of Kyiv. Ukraine’s SBU safety service says the Russian hackers went as far as to redirect the cameras and stream their footage to YouTube. According to the SBU, that footage then probably aided Russia’s concentrating on in its bombardment on Tuesday of Kyiv, in addition to the Eastern Ukrainian metropolis of Kharkiv, with greater than 100 drones and missiles that killed 5 Ukrainians and injured properly over 100. In whole, because the begin of Russia’s full-scale invasion of Ukraine in February 2022, the SBU says it’s blocked about 10,000 safety cameras to stop them from being hijacked by Russian forces.

Last month, a Russian cyberattack hit the telecom agency Kyivstar, crippling cellphone service for tens of millions of individuals throughout Ukraine and silencing air raid warnings amid missile strikes in one of the vital impactful hacking incidents since Russia’s full-scale invasion started. Now, Illia Vitiuk, the cyber chief of Ukraine’s SBU safety service, tells Reuters that the hackers accessed Kyivstar’s community as early as March 2023 and laid in wait earlier than they “completely destroyed the core” of the corporate in December, wiping hundreds of its machines. Vitiuk added that the SBU believes the assault was carried out by Russia’s notorious Sandworm hacking group, accountable for a lot of the high-impact cyberattacks towards Ukraine during the last decade, together with the NotPetya worm that unfold from Ukraine to the remainder of the world to trigger $10 billion in whole injury. In reality, Vitiuk claims that Sandworm tried to penetrate a Ukrainian telecom a 12 months earlier however the assault was detected and foiled.

This week in creepy headlines: 404 Media’s Joseph Cox found {that a} Google contractor, Telus, has provided mother and father $50 to add movies of their kids’s faces, apparently to be used as machine studying coaching knowledge. According to an outline of the undertaking Telus posted on-line, the info collected from the movies would come with eyelid form and pores and skin tone. In a press release to 404, Google mentioned that the movies could be used within the firm’s experiments in utilizing video clips as age verification and that the movies wouldn’t be collected or saved by Telus however fairly by Google—which doesn’t fairly cut back the creep issue. “As part of our commitment to delivering age-appropriate experiences and to comply with laws and regulations around the world, we’re exploring ways to help our users verify their age,” Google advised 404 in a press release. The experiment represents a barely unnerving instance of how firms like Google could not merely harvest knowledge on-line to hone AI however could, in some instances, even instantly pay customers—or their mother and father—for it.

A decade in the past, Wickr was on the brief checklist of trusted software program for safe communications. The app’s end-to-end encryption, easy interface, and self-destructive messages made it a go-to for hackers, journalists, drug sellers—and, sadly, traders in child sexual abuse materials—looking for surveillance-resistant conversations. But after Amazon acquired Wickr in 2021, it introduced in early 2023 that it might be shutting down the service on the finish of the 12 months, and it seems to have held to that deadline. Luckily for privateness advocates, end-to-end encryption choices have grown over the previous decade, from iMessage and WhatsApp to Signal.