iPhone 'Zero Click' Attacks On Al Jazeera | SolarWinds Hack Hits Corporate Giants | Zoom Exec Accused Of Chinese Censorship

Plus: iOS 14.3: How To Use Apple’s Game-Changing New iPhone Privacy Feature

The huge espionage campaign on American corporations and government departments is the biggest story in security, not just this week, but this year, possibly even the last ten years. At the minute, as many as 18,000 may have downloaded tainted software from SolarWinds, which was breached as a platform to attack its customers.

But the number of organizations who actually had Russian spies on their networks, hoovering up data and private communications, will be significantly lower, most likely in the hundreds rather than thousands. Even so, it's a huge win for whoever the attackers are. Secretary of State Mike Pompeo was quick to blame Russia, though President Trump has suggested it's all been overhyped by the fake news media.

What's clear is that this is a huge breach, affecting a massive number of companies and government agencies. Not to mention another nail in the coffin of private personal data.

If you have any tips on government surveillance or cybercrime, drop me an email on tbrewster@forbes.com.

The Big Story

Top 5 Stories You Have To Read Today

The hackers behind the SolarWinds breach conducted a "dry run" in 2019, according to Kim Zetter at Yahoo. It shows the attackers were prepared and patient.

Rayzone, an Israeli company Forbes recently revealed to be hoovering up smartphone location data, has also been using the Channel Islands, just off the coast of France, to carry out its surveillance by exploiting vulnerabilities in global telecoms networks.

Facebook has tracked down a group of hackers who were long believed to be working for the Vietnamese government down to an IT company in Ho Chi Minh City. The company denied any involvement, according to Reuters.

Fraudsters used emulators to mimic more than 16,000 phones belonging to people whose bank account logins had been compromised, according a report in Wired. It was a sneaky way around protections used by banks to allow logins only from authorized devices.

Cisco and Equifax discovered they had malware from the SolarWinds hack on their system. But like Microsoft they haven't found any signs of Russian spy activity. Other companies won't have been so lucky.

Winner Of The Week

BellingCat and CNN went hunting for the those responsible for poisoning Alexey Navalny, the famous Putin opponent and Kremlin critic. It's a remarkable case of journalists tracking spy activity, as they used travel and phone records to pinpoint how Navalny had been tracked by Russian agents, though the Kremlin has always denied any clandestine operation.

Loser Of The Week

A Zoom executive has been accused of working with the Chinese government to shut down group calls commemorating the Tiananmen Square protests. Xinjiang Jin, who was described by the Justice Department as working as a liaison between the Chinese government and his employer, was fired by Zoom. The harm, of course, was already done.