News

News

• February 08, 2018 08 Feb'18

  DoJ breaks up Infraud Organization with some help

  The U.S. Department of Justice announced the shutdown of the Infraud Organization, which authorities claim is responsible for global cyberfraud losses in excess of $530 million.

• February 07, 2018 07 Feb'18

  Grammarly vulnerability exposed user documents

  A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched.

• February 07, 2018 07 Feb'18

  Risk & Repeat: Cryptomining malware on the rise

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the threat of cryptomining malware is evolving and what it means for enterprises and infosec vendors.

• February 07, 2018 07 Feb'18

  Cybersecurity insurance breaks coming for Apple, Cisco customers

  Apple and Cisco customers could get lucrative terms for cybersecurity insurance under a new partnership with insurance giant Allianz and global services firm Aon.

• February 05, 2018 05 Feb'18

  Cryptojacking malware using EternalBlue to build botnets

  Proofpoint researchers discovered a large Monero mining botnet that uses EternalBlue to spread, and it isn't the first time the Windows flaw has been used for cryptojacking.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• February 02, 2018 02 Feb'18

  Hackers use ATM jackpotting technique to steal $1M in US

  News roundup: Hackers used ATM jackpotting attacks to steal over $1M in the U.S. Plus, a fitness tracking app accidentally exposed the locations of military bases, and more.

• February 01, 2018 01 Feb'18

  Meltdown and Spectre malware discovered in the wild

  Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST, but most samples are based on existing proof-of-concept code.

• January 31, 2018 31 Jan'18

  Google got faster pulling bad Android apps from Play Store

  Google claims it is faster than ever at removing or rejecting bad Android apps from the Play Store before anyone has a chance to install the troublesome app.

• January 30, 2018 30 Jan'18

  Critical Cisco ASA vulnerability patched against remote attacks

  Experts urge users to patch a new Cisco ASA vulnerability that earned the most critical CVSS score of 10.0 and could lead to remote code execution and denial-of-service attacks.

• January 30, 2018 30 Jan'18

  New Comodo CA leadership talks competition, IoT devices

  Comodo CA's new chairman Bill Conner and CEO Bill Holtz talk with SearchSecurity about competition in the certificate market and how the internet of things will fuel growth.

• January 30, 2018 30 Jan'18

  Microsoft rushes Spectre patch to disable Intel's broken update

  Microsoft was forced to release an out-of-band Spectre patch designed not to mitigate the vulnerability but to protect users from Intel's broken fix.

• January 26, 2018 26 Jan'18

  Intel Spectre vulnerability memo raises questions of OEM disclosures

  Intel first learned of the Spectre vulnerabilities on June 1, but a confidential document shows the chipmaker didn't inform OEM partners until almost six months later.

• January 26, 2018 26 Jan'18

  FBI encryption argument draws fire from senator

  Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely.

• January 26, 2018 26 Jan'18

  A series of new IoT botnets plague connected devices

  News roundup: New IoT botnets compromise tens of thousands of devices worldwide. Plus, Kaspersky Lab filed an injunction against DHS, mobile POS gets a PCI standard, and more.

• January 26, 2018 26 Jan'18

  Blizzard security flaw should put game developers on notice

  A newly-discovered Blizzard security bug, which affected all of the company's popular PC games including Overwatch, should serve as a warning for the video game industry.

• January 25, 2018 25 Jan'18

  Electron framework flaw puts popular desktop apps at risk

  The Electron framework -- used to develop desktop apps using web code -- included a remote code execution flaw that was passed on to popular apps like Slack.

• January 25, 2018 25 Jan'18

  Comodo calls out Symantec certificate issues, applauds Google

  Bill Conner and Bill Holtz, who recently joined Comodo CA as chairman and CEO, respectively, discuss Symantec's certificate issues and their effect on the certificate market.

• January 24, 2018 24 Jan'18

  Risk & Repeat: Backdoor access, strong encryption debate rolls on

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.

• January 23, 2018 23 Jan'18

  Gemalto Sentinel flaws could lead to ICS attacks

  Security researchers found 14 vulnerabilities in Gemalto Sentinel hardware tokens, which could allow dangerous ICS attacks, including full-system takeover.

• January 23, 2018 23 Jan'18

  Intel Meltdown patches pulled with little explanation

  Intel claims it has determined why the Spectre and Meltdown patches caused issues on some chips. The vendor is working on a fix and suggests users don't patch for now.

• January 19, 2018 19 Jan'18

  Okiru malware puts billions of connected devices at risk

  News roundup: Okiru, a new Mirai variant, could put over 1.5 billion devices at risk of a botnet. Plus, G Suite Enterprise now comes with a security center, and more.

• January 19, 2018 19 Jan'18

  Trisis ICS malware was publicly available after attack

  The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors.

• January 18, 2018 18 Jan'18

  The strange case of the 'HP backdoor' in Lenovo switches

  Lenovo's discovery of an authentication bypass, literally titled "HP backdoor," within its networking switches brings unsettling implications for the IT industry.

• January 17, 2018 17 Jan'18

  Skygofree Android spyware is a powerful surveillance tool

  A new Android spyware tool called Skygofree was described as one of the most powerful surveillance tools and can even capture encrypted messages from WhatsApp.

• January 17, 2018 17 Jan'18

  Risk & Repeat: Let's Encrypt certificates offer pros, cons

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides.

• January 16, 2018 16 Jan'18

  CIA attributes NotPetya attacks to Russian spy agency

  The CIA reportedly concluded that Russia's foreign intelligence agency created and was responsible for the NotPetya attacks against Ukraine in June.

• January 12, 2018 12 Jan'18

  Intel Meltdown patch causes issues with Broadwell and Haswell

  Customers reported the firmware Intel Meltdown patch caused reboot issues on Broadwell and Haswell chipsets, leading to a patch review by Intel.

• January 12, 2018 12 Jan'18

  AMD backtracks on Spectre vulnerabilities, plans microcode updates

  AMD initially believed the Spectre vulnerabilities posed "near zero risk" to its chip, but the company this week reversed course and is planning microcode updates for its products.

• January 12, 2018 12 Jan'18

  Fancy Bears hackers target International Olympic Committee

  News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more.

• January 11, 2018 11 Jan'18

  WPA3 Wi-Fi protocol aims to improve security in 2018

  The new WPA3 Wi-Fi protocol aims to improve security for IoT devices and strengthen password security with protections against brute force attacks.

• January 11, 2018 11 Jan'18

  Risk & Repeat: Meltdown and Spectre vulnerabilities shake industry

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the discovery of the Meltdown and Spectre vulnerabilities and their effect on information security.

• January 10, 2018 10 Jan'18

  Spectre patches highlight January 2018 Patch Tuesday

  Microsoft's January 2018 Patch Tuesday brings Meltdown and Spectre patches to users, except those on AMD chipsets or those with incompatible antivirus.

• January 09, 2018 09 Jan'18

  NIST botnet security report recommendations open for comments

  Federal agencies opened public comments on a draft botnet security report born from the 2017 White House cybersecurity executive order, and experts are generally favorable.

• January 09, 2018 09 Jan'18

  Intel keynote misses the mark on Meltdown and Spectre vulnerabilities

  With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities.

• January 05, 2018 05 Jan'18

  Huge coordinated vulnerability disclosure needed for Meltdown

  Unprecedented Spectre and Meltdown CPU flaws required a vast coordinated vulnerability disclosure effort over six months and across dozens of organizations.

• January 05, 2018 05 Jan'18

  A DHS data breach exposed PII of over 250,000 people

  News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more.

• January 04, 2018 04 Jan'18

  Meltdown and Spectre patches and mitigations released

  Vendors released the vulnerability disclosures and patches for the new Meltdown and Spectre CPU attacks as the infosec industry begins mitigating risks.

• January 03, 2018 03 Jan'18

  Intel CPU flaw gets third-party patch but no details

  Release of a third-party patch for a mysterious Intel CPU flaw led to many questions but few answers, and details on the issue may not be imminent.

• January 03, 2018 03 Jan'18

  Risk & Repeat: The TLS 1.3 clock continues to click

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.

• January 02, 2018 02 Jan'18

  IOHIDeous is a macOS zero-day for the new year

  A newly discovered macOS zero-day flaw, called IOHIDeous, affects all versions of Apple's desktop operating system and can allow for full-system compromise.

• December 29, 2017 29 Dec'17

  Browser login managers allow tracking scripts to steal credentials

  News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.

• December 29, 2017 29 Dec'17

  Official TLS 1.3 release date: Still waiting, and that's OK

  Protocol scrutiny is good for the upcoming TLS 1.3 update as the process continues to expose, and fix, problems.

• December 29, 2017 29 Dec'17

  Risk & Repeat: Cybersecurity predictions for 2018

  In this week's Risk & Repeat podcast, SearchSecurity editors offer their cybersecurity predictions for 2018, including forecasts for cryptojacking, DDoS attacks and other threats.

• December 28, 2017 28 Dec'17

  After 2017, data breach fatigue should be a thing of the past

  Data breach fatigue should be put on hold after the Equifax data breach and Uber hack taught us painful lessons about enterprise security shortcomings.

• December 27, 2017 27 Dec'17

  North Korea's Lazarus Group sets sights on cryptocurrency

  Researchers believe North Korean nation-state hackers from the Lazarus Group are targeting cryptocurrency exchanges and owners in a wave of financially motivated attacks.

• December 22, 2017 22 Dec'17

  Cryptocurrency exchanges increasingly targeted by cyberattacks

  News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more.

• December 22, 2017 22 Dec'17

  Risk & Repeat: Cryptojacking looms amid the bitcoin boom

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users.

• December 20, 2017 20 Dec'17

  White House WannaCry attribution leaves unanswered questions

  The White House's WannaCry attribution included the broad strokes, experts say, but the case avoided some key pieces of information, such as the role of the NSA in the attacks.

• December 19, 2017 19 Dec'17

  North Korea behind WannaCry attacks, White House says

  The White House officially said North Korea was behind the WannaCry attacks, and it credited Facebook and Microsoft for work in attribution. But it left questions unanswered.

• December 19, 2017 19 Dec'17

  Flawed Keeper password manager preinstalled on Windows 10

  Google Project Zero's Tavis Ormandy discovered a flaw in the Keeper password manager browser extension that could allow attackers to steal credentials.

• December 15, 2017 15 Dec'17

  Triton framework used in industrial control attacks

  Security researchers discovered new ICS attacks using the Triton framework that may have been nation-state-sponsored and intended to cause real-world damage.

• December 15, 2017 15 Dec'17

  Half of business leaders admit to hiding data breach information

  News roundup: Data breach information is kept from customers 50% of the time, according to a report. Plus, the FBI director continues to preach against encryption, and more.

• December 14, 2017 14 Dec'17

  Mirai creators and operators plead guilty to federal charges

  The Department of Justice announced guilty pleas from the three Mirai creators and operators behind the massive worldwide botnet DDoS attacks in 2016.

• December 14, 2017 14 Dec'17

  Risk & Repeat: The Bitcoin boom and its infosec effects

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent bitcoin boom and how the cryptocurrency's rising value could affect the cybersecurity landscape.

• December 13, 2017 13 Dec'17

  Breach awareness low among executives, CA Veracode survey says

  According to a new survey from CA Veracode, breach awareness regarding recent major cyber incidents was low among executives, managers and directors, surprising some experts.

• December 13, 2017 13 Dec'17

  Return of Bleichenbacher: ROBOT attack means trouble for TLS

  A team of security researchers discovered many vendors' TLS implementations are vulnerable to the Bleichenbacher oracle attack, which was first discovered 19 years ago.

• December 12, 2017 12 Dec'17

  1.4 billion stolen credentials found on dark web

  A massive repository containing more than 1.4 billion stolen credentials was found on the dark web with special features for malicious actors.

• December 08, 2017 08 Dec'17

  Emergency Microsoft patch out for Malware Protection Engine

  A critical vulnerability found in the Windows Malware Protection Engine required an emergency Microsoft patch, but one expert said Microsoft hasn't handled the announcement well.

• December 08, 2017 08 Dec'17

  Hacker behind Uber data breach was paid off through bug bounty

  News roundup: The man responsible for the 2016 Uber data breach is a 20-year-old from Florida. Plus, Ethiopia reportedly targeted dissidents with Israeli spyware, and more.

• December 07, 2017 07 Dec'17

  Risk & Repeat: Analyzing the accidental data breach

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online.

• December 07, 2017 07 Dec'17

  Army cyber officer hiring to build the future of warfare

  A new initiative plans Army cyber officer hiring over the course of five years, but experts are skeptical it can attract the best candidates away from the private sector.

• December 07, 2017 07 Dec'17

  OWASP Top Ten: Surviving in the cyber wilderness

  The latest version of the OWASP Top Ten web application risks is much like previous versions, and that's not a bad thing at all.

• December 05, 2017 05 Dec'17

  Keyboard data leak exposes millions of personal records

  A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings.

• December 05, 2017 05 Dec'17

  Apple High Sierra patch undone by macOS update

  Apple released a High Sierra patch to fix a serious macOS authentication vulnerability discovered last week, but users could accidentally undo the patch with a routine OS update.

• December 04, 2017 04 Dec'17

  Ex-NSA employee pleads guilty to removing classified data

  The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison.

• December 01, 2017 01 Dec'17

  Proposed data breach legislation could put executives in jail

  Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers.

• December 01, 2017 01 Dec'17

  Leaked NSA Ragtime files hint at spying on U.S. citizens

  Exposed data included new information on the NSA Ragtime intelligence-gathering program, but it is unclear if the evidence proves Americans were targeted.

• December 01, 2017 01 Dec'17

  Yahoo data breach hacker pleads guilty to cybercrime charges

  One of the Yahoo data breach hackers pleaded guilty to his involvement in the attack. Plus, the FBI failed to notify U.S. officials that they were targets of Fancy Bear, and more.

• November 30, 2017 30 Nov'17

  The CASB market is (nearly) gone but not forgotten

  A series of acquisitions have drastically reduced the number of stand-alone cloud access security brokers and reshaped the CASB market for years to come.

• November 30, 2017 30 Nov'17

  Risk & Repeat: Uber data breach has implications for infosec

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.

• November 30, 2017 30 Nov'17

  NSA data leak exposed Army INSCOM project information

  Yet another publicly accessible cloud storage bucket exposed government data; this time it was an NSA data leak which included information on an Army intelligence project.

• November 29, 2017 29 Nov'17

  Serious macOS flaw in High Sierra allows attackers to log in as root

  An Apple macOS flaw in High Sierra could allow an attacker to bypass any authentication dialog, including signing in to a system as a full root user.

• November 28, 2017 28 Nov'17

  Scarab ransomware joins with Necurs botnet for faster spread

  The Scarab ransomware received an upgrade, and researchers have seen it being spread via the Necurs botnet, meaning the malware can spread to millions in a handful of hours.

• November 22, 2017 22 Nov'17

  Uber breach affected 57 million users, covered up for a year

  A 2016 Uber breach affecting data for 57 million users was covered up by the company, including a $100,000 payment to the attackers to keep the incident quiet.

• November 22, 2017 22 Nov'17

  Uber data breach raises unsettling questions for infosec

  The Uber data breach episode is another black eye for the ride sharing company, but the cover up raises troubling implications for the infosec community.

• November 21, 2017 21 Nov'17

  Multiple Intel firmware vulnerabilities in Management Engine

  Security researchers tested the controversial Intel Management Engine and other products, finding multiple Intel firmware vulnerabilities.

• November 21, 2017 21 Nov'17

  Risk & Repeat: Vulnerabilities Equities Process gets an update

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the new charter for the Vulnerabilities Equities Process and what it means for the infosec community.

• November 20, 2017 20 Nov'17

  DOD exposed data stored in massive AWS buckets

  A security researcher at UpGuard found exposed data in Amazon Web Services' cloud storage buckets. And once again, the data belongs to the Department of Defense.

• November 17, 2017 17 Nov'17

  Google bug bounty pays $100,000 for Chrome OS exploit

  An anonymous security researcher has once again earned the top Google bug bounty prize in the Chrome Reward Program for a Chrome OS exploit chain.

• November 17, 2017 17 Nov'17

  Researchers bypass iPhone X security feature Face ID

  News roundup: In under a week after its release, researchers were able to bypass the main iPhone X security feature, Face ID. Plus, Microsoft patched a 17-year-old flaw, and more.

• November 16, 2017 16 Nov'17

  Kaspersky sheds more light on Equation Group malware detection

  A lengthy Kaspersky report offers more insight into how the antivirus company discovered Equation Group malware and came to possess classified U.S. government data.

• November 16, 2017 16 Nov'17

  Federal vulnerability review under new VEP still has questions

  Experts are still unsure about the Vulnerabilities Equities Process, but admit the new VEP Charter could be a good step toward improving federal vulnerability review.

• November 15, 2017 15 Nov'17

  New VEP Charter promises vulnerability transparency

  The White House wants a more open Vulnerabilities Equities Process and has unveiled a new VEP Charter in order to promote transparency in bug reviews.

• November 15, 2017 15 Nov'17

  Risk & Repeat: App store security measures falling short

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent discovery of a fake WhatsApp app in the Google Play Store and what that means for app store security.

• November 14, 2017 14 Nov'17

  AVGater abuses antivirus software for local system takeover

  A new proof-of-concept exploit, called AVGater, has found a way to abuse antivirus quarantines to attack systems and gain full control.

• November 10, 2017 10 Nov'17

  Following Equifax breach, CEO doesn't know if data is encrypted

  News roundup: Following the massive Equifax breach, the CEO said he doesn't know if customer data is encrypted or not. Plus, flaws were found in IEEE's P1735 standard, and more.

• November 09, 2017 09 Nov'17

  FBI hacking may have crossed international borders

  New court documents indicate an FBI hacking operation may have crossed international borders and infected systems in Russia, China and Iran.

• November 08, 2017 08 Nov'17

  Android KRACK flaw patched in latest security update

  The latest security release from Google patched the Android KRACK vulnerability affecting Wi-Fi's WPA2 protocol, but update confusion leaves users unsure if they are safe.

• November 08, 2017 08 Nov'17

  Risk & Repeat: Sale of Symantec Website Security completed

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the sale of Symantec Website Security to DigiCert and what it means for Symantec's troubled certificate business.

• November 07, 2017 07 Nov'17

  Fake WhatsApp app downloaded 1 million times

  A fake WhatsApp app bypassed Google's Play Store checks and was downloaded 1 million times, but one expert said Google's store is still the safest place to get apps.

• November 03, 2017 03 Nov'17

  Researchers hack iOS 11 at Mobile Pwn2Own 2017

  Security researchers competing at Mobile Pwn2Own 2017 used multiple vulnerabilities to hack iOS 11 in order to execute code and win prizes.

• November 03, 2017 03 Nov'17

  Certificate authority business undergoes major changes

  News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more.

• November 02, 2017 02 Nov'17

  SAVE Act attempts to bolster election security

  Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack.

• November 01, 2017 01 Nov'17

  Risk & Repeat: Responsible encryption ramps up

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent push from law enforcement officials for responsible encryption and what that may mean.

• October 31, 2017 31 Oct'17

  The Equation Group malware mystery: Kaspersky offers an explanation

  Kaspersky Lab finally explained how it came to possess Equation Group malware, but does the company's latest statement answer enough questions about the ongoing drama?

• October 31, 2017 31 Oct'17

  Is "responsible encryption" the new answer to "going dark"?

  "Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...

• October 31, 2017 31 Oct'17

  Google Buganizer flaw reveals unpatched vulnerability details

  A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.

• October 30, 2017 30 Oct'17

  Bad Rabbit ransomware data recovery may be possible

  Security researchers found a way to recover data locked by the Bad Rabbit ransomware without paying, and others said money might not have been the driver of the attacks.

• October 30, 2017 30 Oct'17

  Grossman: Cyberinsurance market is like the 'Wild West'

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature.

• October 27, 2017 27 Oct'17

  DUHK attack puts random number generators at risk

  News roundup: Researchers find DUHK attacks can get around encrypted communications. Plus, FBI Director Wray criticizes mobile device encryption, and more.