December Patch Tuesday blunts WizardOpium attack chain
2019-12-12 10:42:32December 2019’s Patch Tuesday updates are, including a fix for the Windows flaw used in recently discovered WizardOpium attacks.Apple iOS 13.3 is here, bringing support for keyfobby authentication
2019-12-12 10:27:30Bullet-proof authentication is just a tap away!Windows 10 Mobile receives its last security patches
2019-12-11 11:24:08If you’re one of the tiny hardcore still using Windows 10 Mobile, 10 December 2019 is probably a day you’ve been dreading for nearly a year.DoItForState domain name thief gets 14 years for pistol-whipping plot
2019-12-11 11:18:02He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.FTC warns Christmas buyers that smart toys are a security risk
2019-12-11 11:11:22Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.Ad industry groups ask that the CCPA keep its mitts off their cookies
2019-12-11 10:56:06Ad-blocking technologies can block the cookies that record consumers' privacy choices, they claim.Snatch ransomware pwns security using sneaky ‘safe mode’ reboot
2019-12-10 12:17:58The Sophos Managed Threat Response (MTR) team has warned the industry of a dangerous new ransomware trick.EU releases its 5G conclusions
2019-12-10 12:00:53The Chinese company is at the heart of a security spat with the US that has also been causing some consternation in the UK.Facebook users were duped by Cambridge Analytica, FTC rules
2019-12-10 10:55:38Delete the data, and don't do any of that again, the FTC told the data analytics company, which already filed for bankruptcy in 2018.TikTok settles class action over child privacy one day after it’s filed
2019-12-10 10:36:08The $1.1m settlement is an “excellent result,” TikTok said, unsurprisingly: compared with its $5.7m FTC fine, it's dirt cheap.Serious Security: Understanding how computers count
2019-12-09 21:07:45The hard disks that fail abruptly at 32,768 hours of use - why simply 'adding 1' can send you into oblivion.Will the new iPhone 11 track you even if you tell it not to?
2019-12-09 16:27:40Does turning location access off for all your apps mean that location access is off altogether?Networking attack gives hijackers VPN access
2019-12-09 12:31:50Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.HackerOne pays $20,000 bounty after breach of own systems
2019-12-09 12:08:39In an embarrassing twist,Facebook suing ILikeAd for hijacking users’ ad accounts
2019-12-09 11:46:38Facebook says the company used celeb bait links to infect victims with malware and hijacked their ad accounts to sell diet pills.$5m bounty set on the alleged head of Evil Corp banking Trojan group
2019-12-09 10:53:32Know where Maksim “Aqua” Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!Monday review – the hot 22 stories of the week
2019-12-09 10:03:52Get up to date with the hot security stories from the past week - from fake Android apps to malware targeting Mac users.Mac users targetted by Lazarus ‘fileless’ Trojan
2019-12-06 13:18:09The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.US parents file class action against TikTok over children’s privacy
2019-12-06 12:10:31Collecting children's data without their guardians' consent is illegal under COPPA and already earned TikTok a huge fine.Instagram trying to protect kids by getting dates of birth from new users
2019-12-06 11:48:17It's about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn't hurt, either.OpenBSD devs patch authentication bypass bug
2019-12-06 11:31:27One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.S2 Ep19: One of us just prevented a ransomware attack – Naked Security Podcast
2019-12-05 17:57:11Listen now!Cookie-stealing malware wants to know your Facebook ad budget
2019-12-05 17:37:08The AdKoob malware that sneakily peeks at how much you're spending on ads is back.iCloud-hacking politician to be sentenced on Christmas eve
2019-12-05 17:09:42Former Dutch city council member Mitchel van der K invaded hundreds of iCloud accounts “frequently and repeatedly”.Machine-raiding Python libraries squashed by community
2019-12-05 16:55:04Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.Critical DoS messaging flaw fixed in December Android update
2019-12-05 16:25:24Android’s December 2019 updates arrived this week,Yodel parcel tracking app blabs about other people’s parcels
2019-12-05 15:31:29Yodel's mobile parcel delivery app was leaking people's delivery data to others using the app, a security researcher discovered.IM RAT spy tool seller raided, busted, kicked offline
2019-12-05 15:24:47The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.Steam players – beware of fake skins as phishers try to hijack accounts
2019-12-04 12:02:03Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.Facebook made to ‘correct’ user’s post as Singapore flexes fake-news muscle
2019-12-04 11:59:03"Facebook did a great job," said Alex Tan, who admitted that his story about a whistleblower's arrest was based on hearsay.Microsoft looks to Rust language to beat memory vulnerabilities
2019-12-04 11:41:36Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code with the help of Rust.FBI: Russia-based FaceApp is a ‘potential counterintelligence threat’
2019-12-04 10:18:02It's a grabby little app, data-wise, but how is it different from, say, Google or Facebook?SMS company exposes millions of text messages, credentials online
2019-12-03 11:55:22Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.Mixcloud user accounts up for sale on dark web
2019-12-03 11:47:34A hacker is ransoming account data stolen from music streaming service Mixcloud, according to reports.Ad fraud: Fake local news sites are rolling in the dough
2019-12-03 11:11:41"forbesbusinessinsider.com?" Names like that sound close enough to real news domains to pass, but bots are the only ones visiting.Fake Android apps uploaded to Play store by notorious Sandworm hackers
2019-12-02 11:23:14The Russian ‘Sandworm’ hacking group has been caught repeatedly uploading fake and modified Android apps to Google’s Play Store.Uncle Sam opens arms to friendly hackers
2019-12-02 11:05:46All you bug hunters out there are about to get a nice Christmas gift - the US federal government finally wants to hear from you.Convicted murderer wins ‘right to be forgotten’ case
2019-12-02 10:42:42Google must remove details of a convicted murderer from its search results in Europe following a German court ruling, it emerged last week.TikTok owner to separate company over US national security worries
2019-12-02 10:30:01Chinese-owned video-sharing app TikTok might be under fire from US politicians but it’s not going to go down without a fight.Monday review – the hot 25 stories of the week
2019-12-02 09:47:30From a warning from Hewlett Packard Enterprise to Russia's foreign tech anxieties. Get up to date with the top infosec stories of last week.AVAR 2019
2019-11-30 15:26:37The 22nd international AVAR Cybersecurity Conference was held in Osaka, Japan on 6 - 9 November 2019. AVAR (Association of anti Virus Asia Researchers) was formed in June,Netflix account freeze – don’t click, it’s a scam!
2019-11-29 15:06:42The telltale signs are all there... but if you're in a hurry, this Netflix scam passes the "visual appeal" test.US tightens rules on drone use in policy update
2019-11-29 11:22:20When it comes to managing drones (Unmanned Aircraft Systems, or UAS) the US Department of Justice wants Americans to know it’s on the case.Adobe’s Magento Marketplace suffers data breach
2019-11-29 11:05:15Adobe’s Magento Marketplace has suffered a data breach, the company has said in an email sent to customers.Pressure mounts for federal privacy law with second bill
2019-11-29 11:03:37Pressure is gathering for a federal privacy law in the US with the introduction of a second bill that would protect consumer data.Master Go player retires citing AI supremacy
2019-11-29 10:41:32Master Go player Lee Se-dol has handed in his stones after deciding that there's just no way to beat a machine when playing the ancient Chinese board game.Stay safe on Black Friday – and the rest of the year, too!
2019-11-28 16:48:45Watch our latest Naked Security Live video for some handy and practical cybersecurity tips - for Black Friday and beyond.S2 Ep18: Missing cryptoqueen, festive phishing and can the web be saved? – Naked Security Podcast
2019-11-28 11:34:16New episode available now!Kids’ smartwatch security tracker can be hacked by anyone
2019-11-28 11:32:46For researchers at testing outfit AV-Test, the SMA M2 kids’ smartwatch is just the tip of an iceberg of terrible security.Ransomware attack freezes health records access at 110 nursing homes
2019-11-28 11:25:38In some cases, nurses can’t update and order drugs. For one assisted-living facility, lack of timely Medicaid billing could force closure.HPE warns of impending SSD disk doom
2019-11-28 11:16:58The company has revealed that many of its SSDs are set to permanently fail by default after 32,768 hours of operation.Twitter says it won’t delete tweets from those who have died
2019-11-28 11:11:35It "was a miss on our part", Twitter said.Facebook, Twitter profiles slurped by mobile apps using malicious SDKs
2019-11-27 12:49:19Hundreds of users gave permission to these third-party apps to access their social media accounts, but the apps got more handsy than that.Splunk customers should update now to dodge Y2K-style bug
2019-11-27 12:37:29Splunk has issued a critical warning regarding a showstopping Y2K-style date bug in one of the platform’s configuration files.EU raises eyebrows at possible US encryption ban
2019-11-27 12:26:33EU officials have warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology.Police arrest alleged Chuckling Squad member who hijacked @Jack Dorsey
2019-11-27 11:58:43Debug, another Chuckling Squadder, told Motherboard that the kid was weird, "Swatting celebrities for a follow back."Firefox gets tough on tracking tricks that sneakily sap your privacy
2019-11-27 11:25:03Firefox is getting ready to turn on its automatic anti-snooping tools to stop web 'fingerprinting" tricks.Naked Security needs an intern! Here’s how to apply
2019-11-26 13:46:22Naked Security is looking for a content marketing intern to join the team for 12 months in 2020.Parents say creep hacked their baby monitor to tell toddler they ‘love’ her
2019-11-26 12:02:39The Taococo FREDI baby monitor has repeatedly been criticized for being easy to hack.Court says suspect can’t be forced to reveal 64-character password
2019-11-26 11:30:16We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.National Veterinary Associates catches dose of ransomware
2019-11-26 11:16:10Ransomware attacks don't discriminate - and are just as happy targeting those with four legs as those with two.Sir Tim Berners-Lee publishes plan to save the web from ‘digital dystopia’
2019-11-26 10:27:10Web inventor Sir Tim Berners-Lee has proposed a 'Contract for the Web' to rescue it from a headlong plunge into a moral abyss.OneCoin crypto-scam lawyer found guilty of worldwide $400m fraud
2019-11-25 12:46:09A lawyer who boasted of making "50 by 50" - as in, $50m by the age of 50 - is now facing a potential 50+ years behind bars.Ad-blocking companies block ‘unblockable’ tracker
2019-11-25 12:45:02Ad-blockers have figured out a way to block the unblockable - a pernicious tracker technique that hides advertising networks in plain sight.Russia to ban sale of devices that don’t come with “Russian software”
2019-11-25 12:31:17The Russian Government’s campaign to control how its citizens use the internet seems to be gathering steam.Hacker gets 4 years in jail for NeverQuest banking malware
2019-11-25 12:26:05The NeverQuest Trojan has been used by cybermuggers to try to weasel millions of dollars out of victims’ bank accounts.Monday review – the hot 20 stories of the week
2019-11-25 12:21:28From a WhatsApp-attacking video file to the latest adopter of DNS-over-HTTPS, and everything in between. It's the weekly security roundup.Google plans to take Android back to ‘mainline’ Linux kernel
2019-11-22 13:59:36Android could be returning to its roots.Iran’s APT33 sharpens focus on industrial control systems
2019-11-22 13:32:15Iran's elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week.Why do cryptocurrency scams work and how do you avoid them?
2019-11-22 11:12:30What are ICOs, why are they so popular and why do crooks love them so much?Convicted Nigerian fraudster keeps a-fraudin’ from behind bars
2019-11-22 11:11:11He was supposed to be serving a 24-year sentence in the "maximum security" prison, not continuing the fraud... and going to parties.DNS-over-HTTPS is coming to Windows 10
2019-11-21 15:22:43Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.Android camera bug could have turned phones against their users
2019-11-21 14:56:03Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.Official Monero site delivers malicious cash-grabbing wallet
2019-11-21 12:18:01If you downloaded the Monero command line wallet recently, check it before using it.Tories change Twitter name to ‘factcheckUK’ during live TV debate
2019-11-20 22:12:36Twitter wagged its finger at the UK's Conservative party for renaming its press account "factcheckUK" during a live TV debate.Update WhatsApp now: MP4 video bug exposes your messages
2019-11-20 12:33:18A now-patched-hole could have allowed remote code execution that could have exposed files and messages. Update your WhatsApp now.Instagram stalker app Ghosty yanked from Play store
2019-11-20 12:23:15It was sucking up private profiles by requiring users to hand over their logins, giving it access to whatever accounts they follow.XSS security hole in Gmail’s dynamic email
2019-11-20 12:08:45The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.Adobe Acrobat and Reader 2015 reach end of support
2019-11-20 11:35:04If you've been happily using Adobe Reader 2015 software for the last few years, you're in for a rude awakening.Brand new Android smartphones shipped with 146 security flaws
2019-11-19 13:16:58If you think brand new, just-out-of-the-box Android smartphones are immune from security vulnerabilities - think again.Ho Ho OUCH! There are 4x more fake retailer sites than real ones
2019-11-19 12:17:53Beware, holiday shoppers! The phishers hiding under typosquatting domains are waiting for your keyboard fumbles.Sophos 2020 Threat Report: AI is the new battleground
2019-11-19 11:41:21The SophosLabs 2020 Threat Report highlights a growing battle as smart automation technologies continue to evolve.Booter boss behind millions of DDoS-for-hire attacks jailed
2019-11-19 10:52:31The US is also juicing him for over half a million in profits from multiple DDoS-for-hire services.NSA won’t collect phone location data, promises US government
2019-11-18 11:38:54US intelligence agencies won’t harvest US residents’ geolocation data in future investigations, revealed the US government this month.GitHub launches Security Lab to boost open source security
2019-11-18 11:24:32The idea is simple – create a global platform for reporting and fixing vulnerabilities in open source projects before they do damage.Two men busted for hijacking victims’ phones and email accounts
2019-11-18 11:17:51Prosecutors allege that Meiggs and Harrington took over their targets' mobile phone and email accounts via SIM-swapping.Wikipedia co-founder offers a Facebook/Twitter wannabe
2019-11-18 10:52:08Tired of being a tracked, ad-bedeviled product sold by social media companies? The cost to immediately join a network with no tracking/ads:Monday review – the hot 23 stories of the week
2019-11-18 09:45:45From a fake news generator to critical flaws in Medtronic equipment - it's weekly roundup time.How ransomware attacks
2019-11-15 14:23:41A new report reveals what defenders should know about the most prevalent and persistent malware families.How the Linux kernel balances the risks of public bug disclosure
2019-11-15 13:27:40A serious Wi-Fi flaw shows how Linux handles security in plain sight.Data thieves blew cover after maxing out victim’s hard drive
2019-11-15 12:02:36The FTC has reached a settlement with InfoTrax after thieves stole a million sensitive customer records from its servers in 2016.Brave 1.0 launches, extends ad-watching payouts to iOS
2019-11-15 11:36:08It's showtime: Finally out of beta comes the browser that promises privacy, anonymity and cryptocurrency in exchange for your eyeballs.Apple fires employee after he texts customer’s pic to his own phone
2019-11-15 10:29:42An “EXTREMELY PERSONAL”, year-old pic, the woman said, that he had to scroll through 5,000 photos to get to. Police are investigating.S2 Ep17: Fake AirBnBs, lying ISPs and a glance at the cyberfuture – Naked Security Podcast
2019-11-14 14:18:58Listen now!Facebook fixes iPhone camera bug
2019-11-14 11:06:27Facebook was quick to reassure iPhone users this week that it wasn’t secretly spying on them via its app,Warrantless searches of devices at US borders ruled unconstitutional
2019-11-14 10:57:02The border is NOT a constitution-free zone, according to the ruling: No more suspicionless fishing expeditions into travelers' devices.Alleged mastermind behind $20m stolen-card site extradited to US
2019-11-14 10:44:20Aleksei Burkov allegedly ran Cardplanet, advertised as the only shop with a guarantee: your stolen card will work, or you get a new one!November 2019 Patch Tuesday fixes 13 critical flaws and one zero day
2019-11-13 17:12:34November’s Patch Tuesday arrived to plug 73 CVE-level vulnerabilities across Microsoft’s software products, including 13 'criticals'.Apple pulls Instagram-watching app from store
2019-11-13 12:25:45Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friends’ activities on the social network.US-CERT warns of critical flaws in Medtronic equipment
2019-11-13 12:06:05Medtronic's latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.Microsoft says it will honor California’s new privacy law across US
2019-11-13 11:31:59Microsoft said CCPA is good news, given the failure of Congress to pass a comprehensive privacy protection law at the federal level.No, YouTube isn’t planning to jettison your unprofitable channel
2019-11-13 11:23:41Or your small/new channel, or to shut you down if you use an ad blocker, though a clause in its new ToS is leading people to fear the worst.Apple to fix Siri bug that exposed parts of encrypted emails
2019-11-12 12:02:06Apple may care about your privacy but that doesn't mean it gets it right all the time,Nvidia patches graphics products and GeForce Experience update tool
2019-11-12 11:58:11The update fixes 11 mainly high-severity security flaws in Windows and GeForce graphics card drivers,Sextortionist whisks away sex tapes using just a phone number
2019-11-12 11:15:39The SIM-swap victim knew he was in trouble when he got a 3:30 a.m. message about his phone service being cut off.ASP.NET hosting provider recovering from ransomware attack
2019-11-12 10:40:35With more than 440,000 customers, SmarterASP.NET is said to be one of the most popular ASP.NET hosting providers.
