Popular website plugin harboured a serious 0-day for years
2018-10-22 12:22:41The flaw in the popular file uploader allows an attacker to upload files and run their own command line shell on any affected server.Alleged robber busted after Facebook-friending victim to apologize
2018-10-22 11:30:58He told her to put down the pizza delivery and all her money on top of it. 26 days later, he found her on Facebook and reached out.Up to 9.5 million net neutrality comments were fake
2018-10-22 10:39:55New York has expanded its probe to subpoena 14 industry groups and lobbyists, saying that fake comments "distort[ed] public opinion."Maker of LuminosityLink RAT gets 30 months in the clink
2018-10-22 09:30:46Prosecutors said that the 21-year-old LuminosityLink author had no respect for the law and showed contempt for moral rules and social norms.Monday review – the hot 20 stories of the week
2018-10-22 09:13:05From a serious libssh bug to the sextortionists that spoof your email address, and all the stories in between.“We know you watch porn” (and here’s fake proof…) [PODCAST]
2018-10-19 12:47:04Here's Episode 6 of the Naked Security podcast... enjoy!Serious D-Link router security flaws may never be patched
2018-10-19 11:30:28Six routers with serious security flaws are considered end of life (EOL) and may never be updated.Apple privacy portal lets you see everything it knows about you
2018-10-19 10:17:46The Apple website's privacy and data area lets you download and correct your data.The libssh “login with no password” bug – what you need to know [VIDEO]
2018-10-18 14:44:20Here's a video that explains the libssh "no password needed" bug - jargon-free and in plain English. Enjoy...Is Google’s Android app unbundling good for security?
2018-10-18 11:33:03If you live in the EU, turning on a new Android device after 29 October 2018 could look quite different...You don’t have to sequence your DNA to be identifiable by your DNA
2018-10-18 10:24:23If you have European ancestry, there's a 60% chance that somebody vaguely related to you can be used to find out who you are.Twitter publishes data on Iranian and Russian troll farms
2018-10-18 09:03:46Over 1m tweets show that we're suckers for funny/sarcastic/edgy, not so much for blah-blah-blah “news” spreaders.Weirdo Twitter messages were a glitch, not a hack
2018-10-17 16:27:37Were you one of the dozens of people who got a bizarre Twitter message yesterday? It's OK. It wasn't a disturbance in the Matrix.Serious SSH bug lets crooks log in just by asking nicely…
2018-10-17 15:33:15A serious bug in libssh could allow crooks to connect to your server - with no password requested or required. Here's what you need to know.New iPhone lock screen bypass exposes your photos
2018-10-17 13:46:18José Rodríguez has demonstrated how an attacker with physical access to a device running iOS 12.0.1 can gain access to photos stored on it.Is this the simple solution to password re-use?
2018-10-17 13:42:43Researchers concluded that passphrase requirements such as a 15-character minimum length deter the majority users from reusing them on other sites.35 million US voter records up for sale on the dark web
2018-10-17 13:33:08He or she is selling off the databases by state. Kansas's voter database has already been sold and published,Donald Daters app for pro-Trump singles exposes users’ data at launch
2018-10-17 10:56:27A security researcher found a publicly exposed Firebase data repository that was hardcoded in the dating app.US embassy accidentally emails invitation to ‘cat pyjama-jam’ meeting
2018-10-16 13:48:35Canberra’s US embassy accidentally exposed details of one of its more enticing get-togethers last week,How Chrome and Firefox could ruin your online business this month
2018-10-16 13:27:09Last year, Symantec sold off its web certificate business. The new owners are reissuing certs for free - but there's a deadline looming!Google using lock screen passwords to encrypt Android Cloud backups
2018-10-16 11:30:55If, that is, your phone has updated to the Android 9 operating system, otherwise known as Pie. If so, say hi to the Titan chip!How to buy (and set up) a safe and secure baby monitor
2018-10-16 09:35:03Wi-Fi enabled or not? Digital or analog? Here are the features to look for, and how to secure your baby monitor out of the box.Facebook opens up about data breach details
2018-10-15 13:43:03Two weeks after Facebook's first serious data breach, and the social network has shared what it has figured out so far.Beware sextortionists spoofing your own email address
2018-10-15 12:25:20In the past, they've pretended to have your passwords - now they're pretending to send email from your "hacked" account, too.Literary-minded phishers are trying to pilfer publishers’ manuscripts
2018-10-15 11:57:57In a twist on Business Email Compromise,Monday review – the hot 23 stories of the week
2018-10-15 11:17:39From the WhatsApp hack to the world's most expensive USB stick, and everything in between.What Kanye West can teach us about passcodes
2018-10-12 14:00:00Pulling out an iPhone XS to show the assembled throng a picture of the hydrogen-powered aircraft that “our president should be flying in,” West casually unlocked it using the passcode ‘000000’.35 state attorney generals tell FCC to pull the plug on robocalls
2018-10-12 13:10:11The AGs want the FCC to adopt SHAKEN and STIR.Experian credit-freeze PINs could be revealed by a simple trick
2018-10-12 12:28:09The credit bureaus' struggles with PINs continue...Payment skimmers sneaking on to websites via third party code
2018-10-12 11:40:31Whatever Magecart is, it’s been blamed for several high-profile payment card breaches this summer.Instagram tests sharing your location history with Facebook
2018-10-11 13:47:31Instagram is testing Facebook Location History - which allows the tracking of precise locations from your device - in its app.Millions at risk from default webcam passwords
2018-10-11 13:45:06Hangzhou Xiongmai Technology Co.,Ltd (Xiongmai), the Chinese manufacturer that made many of the devices left vulnerable to Mirai,Jailbroken PS4 seller sued by Sony
2018-10-11 13:36:06The consoles allegedly sold on eBay by the California man were packed with over 60 pirated games.Update now! Microsoft fixes 49 bugs, 12 are critical
2018-10-11 11:05:05Microsoft’s October Patch Tuesday update made its scheduled appearance on Tuesday with fixes for 49 security flaws across its family of products,How a WhatsApp call could have taken over your phone
2018-10-10 14:36:17A WhatsApp buffer overflow that crashed your phone due to audio data sent by a caller meant that just answering a call could spell trouble.Google+ wakes up to what the rest of us already knew
2018-10-10 11:17:51Google's closing down the platform nobody uses and might face a class-action lawsuit over a G+ spawned breach it took 7 months to report.291 records breached per second in first half of 2018
2018-10-10 11:11:13Over 4.5 billion data records were breached in the first half of this year, according to Gemalto's Breach Level Index released this week.Cyber tormentor leaves a trail that lands him 17.5 years
2018-10-10 11:04:36Ryan S. Lin pleaded guilty to cyberstalking, distribution of child abuse imagery, hoax bomb threats, computer fraud and abuse, and ID theft.Airport mislays world’s most expensive USB stick
2018-10-10 09:54:32In October 2017,Apple and Amazon hacked by China? Here’s what to do (even if it’s not true)
2018-10-09 14:07:42Are major US companies really under attack from Chinese "zombie microchips" - and what should we do, whether it's true or not?Microsoft hits the brakes on latest Windows 10 update – what to do
2018-10-09 13:18:49Microsoft has paused the Windows 10 October 2018 update while it investigates reports of deleted profiles and missing files.Don’t fall for the Facebook ‘2nd friend request’ hoax
2018-10-09 12:18:30Cloned accounts are a real thing, but this viral message isn't. Don't forward it!Hey Portal, what’s that Facebook device in my kitchen?
2018-10-09 11:40:37The company that wants to move fast and break things is moving in!Google ramps up G Suite protections against government-backed attacks
2018-10-09 11:19:38Security alerts become opt-out by default from 10 October because so few admins opted in.Unpatched routers bad, doubly unpatched routers worse – much, much worse!
2018-10-08 14:58:14Two bugs can be four times the trouble! If you missed the last Microtik router patch, you're at risk, but if you're *two* patches behind ...Attackers use voicemail hack to steal WhatsApp accounts
2018-10-08 10:48:47The Israeli National Cybersecurity Authority issued an alert warning that WhatsApp users could lose control of their accounts.Phantom Secure CEO sold encrypted phones to drug cartels
2018-10-08 10:30:30The CEO of “uncrackable” phone seller, Phantom Secure,Seven Russian cyberspies indicted for hacking, wire fraud, ID theft
2018-10-08 10:26:56"Bungling" Russian GRU operatives picked up by Dutch police, linked to OPCW and World Anti-Doping Agency hacks.Fitbit data leads to arrest of 90-year-old in stepdaughter’s murder
2018-10-08 10:02:47Her device recorded her heart rate slowing rapidly, then stopping about five minutes before her stepfather left the house.Monday review – the hot 19 stories of the week
2018-10-08 09:18:58From the iOS lockscreen bypass to Facebook using your 2FA phone number to target market you, and everything we wrote in between.Prison smuggler busted by his own drone camera
2018-10-05 12:10:58It turns out that drones advertised off the back of beautiful aerial shots also take great videos of murky drug dens.Wi-Fi versions to get names people can actually understand
2018-10-05 11:38:16The high priests of Wi-Fi just made your life - and the lives of wireless network equipment vendors everywhere - a little easier.Facebook doubles cooling off period to cash in on your FOMO
2018-10-05 10:53:08Facebook has doubled its grace period because so many leavers are getting cold feet.Google’s Intra app secures older Androids with encrypted DNS
2018-10-05 10:19:17DNS encryption is the Next Big Thing in web encryption and Google doesn't want Android users to miss out.Setting up a Mac for young children
2018-10-04 10:26:41A step-by-step guide to preparing a Mac for young children.Cop charged with selling phone tracking service on dark web
2018-10-04 10:07:30A French police officer has been charged with using police intelligence data to power a mobile phone tracking service sold via the dark web.Facebook finds “no evidence” attackers accessed third-party apps
2018-10-04 09:56:05To play it safe, it's building a tool to let developers manually identify any of their users who may have been affected by the big breach.NSA staffer takes top-secret hacking tools home ‘to study’, gets 66 months
2018-10-03 12:34:50Nghia Hoang Pho may not have had malicious intent, but removal of the materials forced the NSA to abandon years of signals collection work.Update now: Adobe fixes 85 serious flaws in Acrobat and Reader
2018-10-03 12:10:52Adobe has released updates fixing a long list of security vulnerabilities discovered in the Mac and Windows versions of Acrobat and Reader.Hacked Fortnite accounts and rent-a-botnet being pushed on Instagram
2018-10-03 11:58:16The gaming and hacking communities overlap: Some of the hacker accounts are offering botnet access as well as Fortnite accounts.Google’s new rules for developers make Chrome extensions safer for all
2018-10-03 10:45:23Google has announced a range of security changes to its Chrome browser that will make the use of extensions more secure.The Facebook dilemma – stick it out or pack it in? [PODCAST]
2018-10-02 22:42:51It's been a while but we're back at the microphone - here's Episode 5 of the Naked Security podcast.Hackers demand ransom from hijacked Instagram influencers
2018-10-02 13:12:14Hackers are taking over high-profile Instagram users’ accounts and holding them to ransom, revealed reports this week.Lock screen bypass already discovered for Apple’s iOS 12
2018-10-02 11:37:29Apple’s iOS 12 is barely out of the gates and already someone has found a way to beat its lock screen security to access a device’s contents.Suspect forced to unlock iPhone with his face
2018-10-02 11:13:59The order so far hasn't raised Fifth Amendment objections either, your face being something you are, rather than something you know.Students swap data for coffee at cashless cafe
2018-10-02 10:14:49In this US-based cashless cafe, university students hand over personal data in exchange for a dose of caffeine and sponsorship propaganda.How to have that difficult “stay safe online” conversation with your kids
2018-10-01 14:45:31As your children start using the internet with greater independence, help keep them - and their data - safe with these simple tips.You gave your number to Facebook for security and it used it for ads
2018-10-01 11:24:51Facebook has been adding phone numbers registered for 2FA to the other data it uses to target people with advertising.Monero fixes major ‘burning bug’ flaw, preventing mass devaluation
2018-10-01 11:13:57The flaw arises from the use of stealth wallet addresses,Monday review – the hot 23 stories of the week
2018-10-01 09:31:03From the big Facebook breach to vulnerable Android password managers - catch up with everything we've written in the last seven days.Big Facebook breach: 50 million accounts affected
2018-09-28 18:43:31Facebook has suffered a data breach affecting almost 50 million accounts. Another 40 million have been reset as a "precautionary" measure.WhatsApp cofounder: “I sold my users’ privacy”
2018-09-28 13:27:15Regretful WhatsApp cofounder Brian Acton has joined the ranks of the Silicon Valley mea-culpa-rati.Mobile password managers vulnerable to phishing apps
2018-09-28 12:30:06Several leading Android-based password managers can be fooled into auto-filling login credentials on behalf of fake phishing apps.Power to the people! Google backtracks (a bit) on forced Chrome logins
2018-09-28 11:53:58Google thought it was a such a great idea to start logging you into everything when you logged into something... that it forgot to ask.Robocallers slapped with huge fines for using spoofed phone numbers
2018-09-28 11:30:43One poor woman whose phone number was hijacked by robocallers got several calls a day from irate consumers who thought she was trying to market to them.Cryptojacking – coming to a server-laptop-phone near you (and how to stop it)
2018-09-27 14:58:44Cryptomining apps were banned from the Play Store some time ago - but that hasn't stopped the crooks getting cryptojackers past Google...Firefox Monitor starts tracking breached email addresses
2018-09-27 11:09:07Mozilla has formally launched Firefox Monitor, a privacy-engineered website that hooks up to Troy Hunt’s Have I Been Pwned?Spotify offers playlists tailored to your DNA
2018-09-27 11:00:29Spotify and Ancestry have teamed up to let you use your real DNA to tell your “musical” DNA.Malware hits fashion giant SHEIN; 6.42 million online shoppers affected
2018-09-27 10:56:35The online fashion store is now contacting affected users and asking them to change passwords for their online store accounts.Finally, a fix for the encrypted web’s Achilles’ heel
2018-09-26 13:58:02Everyone knew that SNI needed to be fixed sooner or later, but nobody was quite sure how.Microsoft is killing passwords one announcement at a time
2018-09-26 11:43:01Windows 10 and Office 365 users can now log in to Azure AD applications using only the Authenticator App.Domain flub leaves 30 million customers high and dry
2018-09-26 11:33:41Zoho's CEO begged for help on Twitter after his domain registrar effectively took the company offline, stranding millions of users.Facebook scolds police for using fake accounts to snoop on citizens
2018-09-26 10:52:43Put down that “Bob Smith” fake account and back off, Facebook told the Memphis Police Department, waving its real-names policy in the air.Millions of Twitter DMs may have been exposed by year-long bug
2018-09-26 10:20:28Though the bug was present for over a year, Twitter hasn't found any DMs or protected tweets that were delivered to the wrong developer.Users fret over Chrome auto-login change
2018-09-25 11:37:37Users were complaining this week after discovering they'd been logged in to Google’s Chrome browser automatically,AdGuard adblocker resets passwords after credential-stuffing attack
2018-09-25 11:15:31AdGuard has taken the decision to reset all user accounts after suffering a credential-stuffing and brute-force password attack.Woman hijacked CCTV cameras days before Trump inauguration
2018-09-25 10:13:03The ransomware attack on DC's outdoor surveillance cameras came just a few days before the 2017 inauguration of President Trump.Wendy’s faces class action over collecting staff fingerprints
2018-09-25 10:00:29Two former Wendy’s employees want to know what the company does with employee fingerprints collected by biometric clocks.Winning the War on Spam
2018-09-24 12:38:37Have spammers run out of dodgy promotions to peddle and malware to distribute? A recently-received email shows a spammer with a radical new tactic: asking the recipient for money to stop spamming. Apparently,Bankrupt NCIX customer data resold on Craigslist
2018-09-24 11:20:48What happens to sensitive customer data when a large company that has collected it over many years suddenly goes bust?Facebook faces sanctions if it drags its feet on data transparency
2018-09-24 11:08:38The EU justice commissioner said she's out of patience. Also, she quit Facebook because it's a "channel of dirt."App developers are STILL allowed to read your Gmails
2018-09-24 10:55:38Google is still allowing third-party developers access to access its users’ Gmail data, it said in a letter to Senators last week.Police accidentally tweet bookmarks that reveal surveilled groups
2018-09-24 10:16:03The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week,iTunes is assigning you a ‘trust score’ based on emails and phone calls
2018-09-24 09:49:02It's just a number to detect fraud,Monday review – the hot 19 stories of the week
2018-09-24 09:26:21From iOS security updates to Netflix phishing attacks,
