Facebook flaw could have allowed an attacker to hijack accounts
2019-02-19 16:59:57The CSRF bypass flaw has now been fixed, and the researcher who discovered it has netted $25,000.Millions of “private” medical helpline calls exposed on internet
2019-02-19 13:45:40Ever wondered what happens to helpline calls recorded "to ensure you get the service you deserve"? It can all go terribly wrong...Thousands of Android apps bypass Advertising ID to track users
2019-02-19 13:23:39Six years after it was introduced,If you think your deleted Twitter DMs are sliding into the trash, you’re wrong
2019-02-19 11:53:39They're never deleted, just erased from the UI. You can still see archived messages if you download your data.Facebook acts like a law-breaking ‘digital gangster’, says official report
2019-02-19 11:47:44Facebook considers itself to be “ahead of and beyond the law,” UK lawmakers said in a report about "disinformation and 'fake news.'"Fake text generator is so good its creators don’t want to release full version
2019-02-19 11:39:01OpenAI has created what amounts to a text version of a deepfake - and it’s too scared for humanity to release the full version.Mega-crackers back with nearly 100 million new stolen data records
2019-02-18 14:33:33Sounds like the crooks who tried to sell more than 600 million records last week are back with nearly 100 million more...Opera integrates a cryptocurrency wallet – is this Web 3.0?
2019-02-18 11:55:23When it appears in the next few weeks, the next version of Opera (“Reborn 3” or “R3”) for Windows,Will the EU’s new copyright directive ruin the web?
2019-02-18 11:50:09Articles 11 and 13 live on, with the dreaded 'link tax', 'meme killer', 'censorship machine' and all.Monday review – the hot 28 stories of the week
2019-02-18 11:40:24From McDonald's hamburglars to 1000-character phishing urls, and everything between. It's weekly roundup time.Apple fighting pirate app developers, will insist on 2FA for coders
2019-02-15 13:28:10Are you an Apple developer? Care about security? Using 2FA? You will be soon...Judge won’t unseal legal docs in fight to break Messenger encryption
2019-02-15 12:51:18The Feds tried—and failed—to force Facebook to break its encryption so investigators could listen in on suspected MS-13 gang conversations.Should we profit from the sale of our personal data?
2019-02-15 12:42:47Don't spend that 30 cents all in one place!Chinese facial recognition database exposes 2.5m people
2019-02-15 10:41:54A company operating a facial recognition system in China has exposed millions of residents’ personal information online.Photography site 500px resets 14.8 million passwords after data breach
2019-02-15 10:24:11Photography website 500px has become the latest site to admit suffering a serious data breach.Inside a GandCrab targeted ransomware attack on a hospital
2019-02-14 17:03:00A recent attack on a US hospital gives us a colourful picture of both how a targeted ransomware attack happens, and how it can be stopped.What’s behind this 1,000-character phishing URL?
2019-02-14 13:09:52Bleeping Computer learned of a strange phishing campaign which uses an unusually long URL - but why?Apple App Store stuffed with hardcore porn and gambling apps
2019-02-14 12:59:21The apps, which violate content policies, got in there via the same Enterprise Certificate program that Facebook and Google exploited.Google paid out $3.4m in bug bounties last year
2019-02-14 12:47:17317 researchers from 78 countries turned 2018 into a worldwide bug-crunching spree.Update now! Microsoft and Adobe’s February 2019 Patch Tuesday is here
2019-02-14 12:39:33Internet Explorer (IE) may have launched way back in 1995 but nearly a quarter of a century later it’s still creating work for Microsoft and Windows users.Top tips for Valentine’s Day – and the rest of the year! [VIDEO]
2019-02-13 22:58:05Our top tips for Valentine's Day and beyond - all in just 5 minutes. Enjoy!Another flaw found in macOS Mojave’s privacy protection
2019-02-13 15:16:18Ever since Apple announced enhanced privacy protection for macOS Mojave 10.14 last September, a dedicated band of researchers has been poking away at it looking for security flaws.Evil USB O.MG Cable opens up Wi-Fi to remote attacks
2019-02-13 15:15:42... and enables de-authenticaton attacks that could knock targeted systems off the Wi-Fi and onto one of these nefarious cables.Ep. 019 – Android holes, iOS screengrabbing and USB poo [PODCAST]
2019-02-13 14:18:03Here's the latest Naked Security podcast - enjoy!620 million records from 16 websites listed for sale on the Dark Web
2019-02-13 13:26:46Some of the breaches are new, while some were reported last year. The sites include MyFitnessPal, MyHeritage, Whitepages and more.Security firm beats Adobe by patching reader flaw first
2019-02-13 13:11:57Adobe has patched a flaw that enabled attackers to slurp a user’s network authentication details - but not before someone else patched it first.Linux container bug could eat your server from the inside – patch now!
2019-02-12 14:22:53Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit... here's what you need to know.Russian ISPs plan internet disconnection test for entire country
2019-02-12 11:58:29Russia’s major ISPs plan to temporarily disconnect servers from the internet, effectively cutting the country off from the outside world.Apple sued for ‘forcing’ 2FA on accounts
2019-02-12 11:57:13Time is money, baby: Jay Brodsky claims that Apple's 2FA "intermeddling" takes minutes out of his day, causing "economic loss."Kids as young as eight falling victim to online predators
2019-02-12 11:42:13A UK children's charity has found that children as young as eight are being sexually exploited online via social media.Brave browser explains Facebook whitelist to concerned users
2019-02-12 11:16:24Brave is playing down fears after the revelation of what looked like a whitelist in its code allowing it to communicate with Facebook.Facebook defends gun-law loophole firm as “political advertisers”
2019-02-12 11:06:45Concealed Online, the third biggest "political advertiser" on Facebook, touts the Virginia loophole, granting concealed weapons permits.Crypto mirror on the wall, who’s the smartest of them all?
2019-02-11 15:38:13Can scientists out-perform sports stars, musicians and politicians in recognition and influence? You bet they can!McDonalds app users hatin’ it after being hacked by hungry hamburglars
2019-02-11 12:01:58At least two users of the McDonalds mobile app aren’t lovin’ it after thieves hijacked their accounts and ordered hundreds of dollars of food for themselves.Secret Service busts online car sales crime ring
2019-02-11 11:49:45They posed as military needing to offload cars before deployment, allegedly posting bogus ads on Craigslist, eBay, and AutoTrader.What comes after air gaps? DARPA asks world for ideas
2019-02-11 11:42:23According to DARPA, air gapping computers and data is a security idea that has run its course and urgently needs to be replaced.Get-rich-quick social media scams are turning teens into money mules
2019-02-11 10:39:32Young people are being talked into handing over their bank details with the promise of some easy cash.You can now unsend messages in Facebook Messenger
2019-02-11 10:35:14Facebook Messenger has made available the ability to unsend, or in their words "remove for everyone" your mis-sent messages.Monday review – the hot 24 stories of the week
2019-02-11 10:29:27From the FBI-supporting DNA kit company, to the privacy bug in gay dating app Jack'd, and everything in between. It's weekly roundup time.Android vulnerabilities open Pie to booby-trapped image attacks
2019-02-08 15:58:40A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here's what you need to know...iPhone apps record your screen sessions without asking
2019-02-08 13:51:13Absent from privacy policies, the tracking came to light after a breach with Air Canada's mobile app, then password slurping from Mixpanel.Child abuse imagery found in cryptocurrency blockchain
2019-02-08 12:57:21For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button,Student gets creative with data accidentally blasted out by university
2019-02-08 11:27:42A university employee accidentally emailed a spreadsheet containing personal information on every one of the college's 4,557 students.Police demands Waze stop pinpointing their checkpoints
2019-02-08 10:44:00Waze users are helping intoxicated drivers to evade checkpoints and could thus be "engaging in criminal conduct," say police.Facebook ordered to keep apps data separate without user consent
2019-02-08 10:27:12So much for creating a three-headed Cerberus marketing-happy chat dog! Also, we'll soon see the who-what-huh? behind the ads we're shown.Serious Security: Post-Quantum Cryptography (and why we’re getting it)
2019-02-07 15:57:36Here's why NIST is running a competition to find algorithms for a Post-Quantum Cryptographic world...KeySteal could allow someone to steal your Apple Keychain passwords
2019-02-07 12:44:30The researcher says it works without root or administrator privileges and without password prompts.Anyone want to lay claim to the USB drive found in seal poo?
2019-02-07 12:08:02It still works, you know. And there are photos and videos on it.Chrome extension warns users their login credentials have been breached
2019-02-07 11:57:07Google's released a Chrome extension, Password Checkup,Unlimited crypotocurrency? Zcash fixes counterfeiting flaw
2019-02-07 11:40:10Privacy-focused cryptocurrency Zcash has fixed a flaw that would have allowed anyone with knowledge of it to produce counterfeit currency.Jack’d dating app is showing users’ intimate pics to strangers
2019-02-06 13:33:13A clear and present danger: Anyone with a web browser who knows where to look can access Jack'd users' photos, be they private or public.Firefox 66 will silence autoplaying web audio
2019-02-06 12:15:24From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.Just two hacker groups are behind 60% of stolen cryptocurrency
2019-02-06 11:43:17Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.Digital signs left wide open with default password
2019-02-06 11:37:22One thing the world doesn't need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.Ep. 018 – Home invasions, snoopy apps and Android versus iOS [PODCAST]
2019-02-05 18:42:52Here's the latest Naked Security podcast - give it a listen!Home DNA kit company says it’s working with the FBI
2019-02-05 12:07:11FamilyTreeDNA has disclosed that it's opened up more than 1m DNA profiles to the FBI to help find suspects of violent crime.Half of IoT devices let down by vulnerable apps
2019-02-05 11:47:55Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.Crypto exchange in limbo after founder dies with password
2019-02-05 11:24:10The only person who knew the password is dead, leaving customers unable to access around $190million in fiat and virtual currency.Kids’ GPS watches are still a security ‘train wreck’
2019-02-05 10:39:48Anyone could have accessed the entire database, including a child's location, on Gator watches and other models that share its back end.Security weaknesses in 5G, 4G and 3G could expose users’ locations
2019-02-04 13:02:26Researchers have discovered security holes in 5G, 4G and 3G telephony protocols, which can expose a user's location.Chrome’s hidden lookalike detection feature battles URL imposters
2019-02-04 12:41:04Chrome now checks for misspellings of popular URLs and will display a link to the site that it thinks the user might have wanted to visit.FBI burrowing into North Korea’s big bad botnet
2019-02-04 12:06:09The FBI revealed that it joined the Joanap botnet and started chewing it up from the inside.Selling fake likes and follows is illegal, rules New York
2019-02-04 11:02:02A groundbreaking settlement in New York finds that selling fake likes and followers is illegal.Monday review – the hot 28 stories of the week
2019-02-04 09:45:47From the DNS outage that deleted users' Azure data to the Nest security cam hijacker, and everything in between. It's weekly roundup time.FaceTime bug, eavesdropping and digital snooping – what to do? [VIDEO]
2019-02-01 15:43:57In this week's Naked Security Live video: what to do about microphone-equipped devices in your home?Linux user? Check those patches! Public exploit published for systemd security holes…
2019-02-01 14:09:20A pair of bugs in a very widely used Linux system tool called systemd have just been "weaponised" - check you're patched!Credential dump contains another 2.2 billion pwned accounts
2019-02-01 13:32:08How many user credentials have fallen into the hands of criminals during a decade of data breaches? Billions,Hacker talks to baby through Nest security cam, jacks up thermostat
2019-02-01 12:41:34Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.Microsoft Azure data deleted because of DNS outage
2019-02-01 11:57:34Users of Microsoft’s Azure system lost database records as part of a mass outage on Tuesday. A combination of DNS problems and automated scripts were to blame,Google says sorry for pulling a Facebook with monitoring program
2019-02-01 10:32:11It was using the same Apple enterprise back door as Facebook to get its market research done, but it owned up and backed off.Update now! Chrome and Firefox patch security flaws
2019-01-31 13:54:02Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux.14k HIV+ records leaked, Singapore says sorry
2019-01-31 13:50:44Singapore's Ministry of Health said the HIV status of 14,200 people, plus confidential data of 2,400 of their contacts,Phone cloner gets 65 months in jail
2019-01-31 13:04:02A US court has sentenced a man to over five years for his part in a massive telecommunications fraud involving stolen cellphone accounts and reprogrammed phones.Apple kicks Facebook’s snoopy Research app out of the App Store
2019-01-31 12:51:30It was paying people, including teens, up to $20 to install an app that got root access for “nearly limitless access,” encryption or no.Ep. 017 – DNS hijacking, a weird breach and a cybersecurity confession [PODCAST]
2019-01-30 16:21:48Here's the latest Naked Security podcast - enjoy!Matrix under the microscope: what a niche ransomware can teach us
2019-01-30 14:07:03The malware middle ground is full of journeymen, wallflowers and also-rans that'll bite you hard, if you let them.Sophos Home’s been updated, and it’s got some cool new features
2019-01-30 14:04:36There’s a new version of Sophos Home out today, and it comes with a whole host of new features.Hong Kong Cybercrime Continues to Rise
2019-01-30 13:14:13Speaking at a press conference on 29th January, Commissioner of Police Stephen Lo said, "The traditional crimes are all enjoying a healthy downward trend,Privilege escalation vulnerability uncovered in Microsoft Exchange
2019-01-30 12:25:38A researcher has discovered an alarming way that an attacker controlling a Microsoft Exchange mailbox account could potentially elevate their privileges to become a Domain Administrator.Firefox makes it easier for users to dodge ad-trackers
2019-01-30 12:07:04Firefox has introduced a new set of controls to make it easier for privacy-conscious users to protect themselves from online ad trackers.It’s mop-up time for WebStresser DDoS-for-hire users
2019-01-30 11:56:17Cops from 14 countries are seeking to inflict a bit of distributed denial-of-freedom to whoever's behind 6 million around-the-globe attacks.Scammers steal social media videos to wring hearts and wallets
2019-01-30 11:43:49They're putting up fake accounts to bilk the tender-hearted for donations, using the images of a real 5-year-old with real cerebral palsey.Apple scrambles to fix FaceTime eavesdropping bug
2019-01-29 13:29:21Apple is scrambling to fix an embarrassingly dangerous "snooping" bug in its popular FaceTime app.Hongkong Post Certification Authority to use new Root Certificate from 1st February
2019-01-29 12:40:21A key event in the Hongkong Post Certification Authority Root CA Rollover Plan will take place on 1st February 2019; e-Certs for most categories will then be issued under Root CA2.Japanese government will try to hack its citizens’ IOT devices
2019-01-29 12:24:28Japan will hack citizens' IoT devices to mop up cyber security before the Olympics. Don't like the notion? Here's how to lock 'em down!Facebook to tie together WhatsApp, Instagram and Facebook Messenger
2019-01-29 11:55:47Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?Thieves’ names and descriptions made public on B&Q database
2019-01-29 11:05:50DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.Credential-stuffing attack prompts Dailymotion password reset
2019-01-29 10:16:46Dailymotion is resetting the account passwords of an unknown number of users after being hit by a “large-scale” credential stuffing attack.How my Instagram account got hacked
2019-01-28 13:39:03After years of embarrassment, I'm finally ready to admit how and why my Instagram account got hacked.How to protect yourself this Data Privacy Day
2019-01-28 12:49:26Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.BGP secure routing experiment ends in online row
2019-01-28 12:41:30An experiment to make the internet safer ended up breaking parts of it last week.Twitter scammers jump in on real-time complaints to companies
2019-01-28 12:40:14”Hi there,” said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.Even Microsoft can’t escape ‘reply all’ email storms
2019-01-28 12:10:18Of all the calamities that befall email users, few are more dreaded than the ‘reply all’ storm.YouTube subscribers getting spammed by celebrity imposters
2019-01-28 11:39:05YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.Monday review – the hot 24 stories of the week
2019-01-28 11:00:09From the US gov's emergency directive to the 10 Year Challenge, and everything in between. It's weekly roundup time.Fighting Emotet: lessons from the front line
2019-01-25 12:01:26Emotet is moving, shape-shifting target for admins and their security software. Here's what we've learned from dealing with outbreaks.US gov issues emergency directive after wave of domain hijacking attacks
2019-01-25 10:54:33The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites.#DeleteFacebook? #DeleteTwitter? #FatLotOfGood that will do you
2019-01-25 10:47:16Your likes, interest and personality can be gleaned from as few as 8-9 friends on social media, whether you're on the platform or not.Cops catch $15m crypto-crook
2019-01-25 10:27:39A man has been arrested a year after stealing €10m ($15m) of the IoT-focused cryptocurrency IOTA using bogus software that tricked users.Facebook debuts scam ads reporting tool
2019-01-25 10:07:06Adverts on Facebook featuring fake celebrity endorsements scam people out of their savings, and Facebook is now doing something about it.Bomb threat spam may stem from GoDaddy DNS weakness
2019-01-24 13:15:38A bomb threat spam campaign that hit North America last month may have been engineered using a flaw in GoDaddy’s domain management process,Supreme Court won’t consider case against defamatory reviews on Yelp
2019-01-24 12:40:38The decision means Yelp, and other platforms, are still protected from liability for user-submitted content under the CDA's Section 230.How to stop a hacker home invasion! [VIDEO]
2019-01-24 12:14:36Did you see the story about the US family whose Nest camera "warned" them of an impending nuclear attack? Here's how to keep hackers out...Update now! Apple releases first 2019 iOS and macOS patches
2019-01-24 12:02:34Apple has issued its January security updates fixing a list of mostly shared CVE flaws affecting iOS and macOS with a smattering for Safari, watchOS, tvOS,“Proceed with caution”: Microsoft browser says Mail Online is untrustworthy
2019-01-24 11:33:10Hanging up on the fact-checkers probably isn't the best way for a news outlet to assure them that it's trustworthy.Ep. 016 – Email fraud, Android apps, Collection #1 and the 10 year challenge [PODCAST]
2019-01-23 13:11:46Here's the latest Naked Security podcast. Enjoy!100 million online bets exposed by leaky database
2019-01-23 13:04:59Online gamblers lose their private data as yet another unsecured Elasticsearch database is discovered.PewDiePie-spammers and whale-flingers exploit hole in Atlas game
2019-01-23 12:18:46Last week hackers allegedly compromised an admin’s Steam account and used it to spawn planes, tanks, and whales in Atlas.Google fined $57m for data protection violations
2019-01-23 11:28:24In a landmark ruling,Hijacked Nest cam broadcasts bogus warning about incoming missiles
2019-01-23 10:45:39A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into “five minutes of sheer terror.”Rogue websites can turn vulnerable browser extensions into back doors
2019-01-22 12:46:26A researcher has found that websites can use some extensions to bypass security policies, execute code, and even install other extensions.Bicycle-riding hitman convicted with Garmin GPS watch location data
2019-01-22 11:28:58Location data extracted from the athletic hitman's Garmin GPS watch and TomTom sat nav led to his conviction in two gangland murders.WhatsApp fights the spread of deadly fake news with recipient limit
2019-01-22 10:28:18WhatsApp has capped the number of people you can forward messages to, after India was seized by rumour-inspired mob lynchings.DNC targeted by Russian hackers beyond 2018 midterms, it claims
2019-01-22 07:02:14The Democratic National Committee has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018.Is the Ten Year Challenge a Facebook scam???
2019-01-21 13:35:28Get a grip.Twitter bug exposed some Android private tweets to public view
2019-01-21 13:17:10The latest privacy glitch, which went unnoticed for over four years, may trigger yet another EU privacy probe.Attackers used a LinkedIn job ad and Skype call to breach bank’s defences
2019-01-21 13:05:56A Chilean Senator has taken to Twitter with alarming news – the company running the country’s ATM network suffered a serious cyberattack.State agency exposes 3TB of data, including FBI info and remote logins
2019-01-21 12:39:35Oklahoma’s Department of Securities (ODS) exposed 3TB of files in plain text containing sensitive data on the public internet this month.Tim Cook demands a way for users to delete their personal data
2019-01-21 11:33:19The Apple CEO wants the FTC to set up a data-broker clearinghouse so people can see the data that companies have collected on them.Monday review – the hot 23 stories of the week
2019-01-21 10:07:25From WhatsApps that aren't meant for you to the highly promising USB-C authentication, and everything in between. It's weekly roundup time.
