YouTube is reading text in users’ videos
2018-12-14 12:23:13Google keeps tabs on much of your activity. Now, it turns out that its YouTube service is also reading what’s in your videos too.Facebook has filed patents to predict our future locations
2018-12-14 12:05:45One such use would be to pre-stuff our devices with ads and other content before we wander into a Wi-Fi dead zone.Kanye West tops the charts for year’s worst password pratfall
2018-12-14 11:47:38Kanye, please keep your "all zeroes! all the time!" password away from the media. And Nutella? No, "Nutella" is NOT a good password.Update now! WordPress 5.0.1 release fixes seven flaws
2018-12-14 10:42:01Don't delay, update your Wordpress website today.Border agents are copying travelers’ data, leaving it on USB drives
2018-12-13 13:27:41It's just one of many SOP SNAFUs of a pilot program for advanced searches of travelers' devices that doesn't even have performance metrics.Supermicro: We told you the tampering claims were false
2018-12-13 13:14:48Computer manufacturer Supermicro is still trying to lay to rest reports that the Chinese government tempered with its equipment to spy on Western cloud users.WordPress worms, Android fraud and Flash fails [PODCAST]
2018-12-13 13:10:51Here's the latest Naked Security podcast - enjoy!Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here
2018-12-13 12:54:52If you find patching security flaws strangely satisfying,Samsung fixes flaws that could have let attackers hijack your account
2018-12-12 12:45:16Flaws in the mobile site were leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts.Google+ to power down early after second security hole found
2018-12-12 12:37:27Google has disclosed the second security hole in its Google+ social network in three months.Text CAPTCHAs easily beaten by neural networks
2018-12-12 12:12:54As CAPTCHA-haters know to their frequent irritation,Phones are selling location data from “trusted” apps
2018-12-12 11:55:47Data brokers are tracking 200 million mobile devices in the US, updating locations up to 14,000 times a day, the New York Times has found.Dark web goldmine busted by Europol
2018-12-11 10:59:17What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.Teen SWATter who had 400 schools evacuated lands 3 years in jail
2018-12-11 10:53:11George Duke-Cohan is the British teen who posed as a worried father whose daughter had called him mid-flight during a hijacking.Facebook fined $11m for misleading users about how data will be used
2018-12-11 10:44:35They said Facebook emphasizes the service being free, not that it's making big bucks off users' data. They ordered the company to apologize.Massive botnet chews through 20,000 WordPress sites
2018-12-10 12:45:57Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords.Android click fraud apps mimic Apple iPhones to boost revenue
2018-12-10 12:10:36SophosLabs has uncovered a click fraud campaign in which malicious Android apps masquerade as being hosted on Apple devices to earn rewards.Microsoft’s gutting Edge and stuffing it with Chromium
2018-12-10 11:55:09Edge joins Chrome, Opera, Vivaldi, Yandex, and Brave. Better for web compatibility, but if one thing breaks, they all break.Microsoft calls for laws on facial recognition, issues principles
2018-12-10 11:07:54Profits are nice, but "We don’t believe that the world will be best served by a commercial race to the bottom," says President Brad Smith.Monday review – the hot 21 stories of the week
2018-12-10 10:40:42From UPnP router attacks to the Kubernetes cloud computing bug, and everything in between. It's time for your weekly roundup.Flash zero-day exploit spotted – patch now!
2018-12-07 12:08:51If you’re among the holdouts still running Flash, you have some more updating homework to do.Kids’ VTech tablets vulnerable to eavesdropping hackers
2018-12-07 12:01:45Attackers can boobytrap what should be access to only parent-vetted sites and can take over the webcam, speakers and microphone.Unencrypted medical data leads to 12-state litigation
2018-12-07 11:48:25The Attorneys general of 12 states are suing an e-record provider who lost 3.9 million personal healthcare records in 2015.Hacker-besieged DNA data tucked away under military care
2018-12-07 11:29:50Genomics England announced it's sequenced 100K Brits' genomes...Marriott, Kubernetes and PewDiePie [PODCAST]
2018-12-06 16:06:39Here's the latest Naked Security Podcast - enjoy!Facebook staff’s private emails published by fake news inquiry
2018-12-06 12:50:20The cache of seized Facebook documents show how Facebook whitelists certain companies so they can keep lapping up user data.Patch now (if you can!): Latest Android update fixes clutch of RCE flaws
2018-12-06 12:07:40Android’s December security bulletin arrived this week with another decent crop of vulnerabilities to add to the patching list for devices running version 7.0 Nougat to version 9.0 Pie,Google’s private browsing doesn’t keep your searches anonymous
2018-12-06 11:57:01DuckDuckGo says you can go right ahead and log out of Google, then enter private browsing mode,Chrome 71 stomps on abusive advertising
2018-12-06 11:38:21Google shipped version 71 of its Chrome browser yesterday, alongside fixes for 43 security issues.Kubernetes cloud computing bug could rain data for attackers
2018-12-05 11:59:13Kubernetes, a tool that powers much modern native cloud infrastructure, just got its first big security bug - and it’s a mammoth one.Quora.com admits data breach affecting 100 million accounts
2018-12-05 11:54:22Hackers have compromised data from the accounts of 100 million users of question and answer site Quora.com.Those are NOT your grandchildren! FTC warns of new scam
2018-12-05 11:20:54Grandkid imposters are managing to finagle a skyrocketing amount of money out of people, the FTC warns.Could adult content ban spell the end for Tumblr?
2018-12-05 10:54:53#TumblrIsDead? Tumblr is banning adult content in an effort to be safer, better, “more positive”.Bleichenbacher’s CAT puts another scratch in TLS
2018-12-04 13:26:30Researchers demonstrate Cache-like ATacks against RSA key exchange.AirDrop an unwanted nude pic and you could face stiff penalties
2018-12-04 12:10:06Sending pics of your bits to strangers could get you a year in jail and/or a $1K fine if this NYC bill gets passed.Zoom patches serious video conferencing bug
2018-12-04 12:01:43Zoom moved to patch a bug in its service this week that enabled people to hijack customer video conferences.‘Iceman’ hacker charged with running drone-smuggling ring from jail
2018-12-04 11:58:10Max Ray Vision says he's innocent of owning the phone used to orchestrate the scheme and ripping off debit cards to fund the drone purchase.Printers pulled into 9100 port attack spew PewDiePie propaganda
2018-12-03 12:37:10Printers worldwide printed messages urging people to subscribe to the vlogger's YouTube channel in a demo of a well-known vulnerability.Router attack exploits UPnP and NSA malware to target PCs
2018-12-03 12:35:42The UPnProxy router compromise uncovered earlier in 2018 is now being used to attack computers on networks connected to the same gateways.Microsoft cracks down on tech support scams, 16 call centers raided
2018-12-03 11:55:53Police raided 16 Indian call centers last week - a second big raid sparked by Microsoft filing complaints about tech support scammers.Faster fuzzing ferrets out 42 fresh zero-day flaws
2018-12-03 11:46:24A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept - fuzzing.Monday review – the hot 21 stories of the week
2018-12-03 10:57:21From Black Mirror-esque social ratings IRL to the guy who had his car stolen by hackers - twice, and everything in between.AVAR Conference Illuminates Malware Development
2018-11-30 20:00:00The 21st AVAR Conference opened with a traditional Indian Lamp Lighting Ceremony. K7 Computing Private Limited, an Indian cybersecurity industry leader,Huge Marriott breach puts 500 million victims at risk
2018-11-30 15:49:03The Marriott hotel empire's Starwood guest reservation database has been subject to unauthorised access since 2014.Busted! DOJ exposes huge ad-fraud operation, eight charged
2018-11-30 12:47:47The US Department of Justice has charged eight men with running a vast ad-fraud scheme.Prisoners allegedly posed as underage girls in $560K sextortion scam
2018-11-30 12:26:10They allegedly victimized 442 military men by sending nude photos and then calling, pretending to be irate fathers or police.57m Americans’ details leaked online by another misconfigured server
2018-11-30 11:30:48Misconfigured Elasticsearch servers spilled personal details on 57 million Americans, said reports this week.Driver loses his car to hackers. TWICE.
2018-11-30 11:09:03He slapped a tracker on the new one and installed CCTV... which did a fine job of recording the thieves' 90-second-long relay attack.Creeps outed as massage app exposes database with workers’ comments
2018-11-29 12:34:49Popular massage-booking app Urban lets masseurs/masseuses log comments about creepy customers, and left its database wide open.Google’s “deceitful” location tracking is against the law, say 7 EU groups
2018-11-29 12:32:35Seven European consumer organizations are planning to submit a complaint about Google's location tracking activities to their data protection authorities.Facial recognition traffic camera mistakes bus for famous woman
2018-11-29 10:58:43China's air conditioning business queen Dong Mingzhu was recently outed as a jaywalker - thanks to an ad on the side of a bus.Microsoft’s Office 365 MFA security crashes for second time
2018-11-29 09:59:46Microsoft’s multi-factor authentication (MFA) for Microsoft Office 365 and Azure Active Directory has fallen over for the second time in a week.Iranian hackers charged in the US for SamSam ransomware attacks
2018-11-28 18:18:30Two Iranians have been named in a US ransomware indictment - but given that they aren't in the US, what happens next?JavaScript library used for sneak attack on Copay Bitcoin wallet
2018-11-28 12:51:27A mystery payload sneaked into a hugely popular JavaScript library was part of a plot to ransack Bitcoins from BitPay’s Copay mobile cryptocoin wallet,Social media scraping app Predictim banned by Facebook and Twitter
2018-11-28 12:00:22We all want a "perfect" babysitter. But can we trust AI to comb through years of social media posts and label people with a "score?"Facebook bug resurrects ghostly messages from the past
2018-11-28 11:50:07In the latest in a long line of SNAFUs, it seems Facebook has found a new way to inadvertently torment us: resurfacing old chat messages.‘Grinch bots’ are ruining holiday shopping. Lawmakers hit back
2018-11-28 11:29:36The bill would outlaw automated scripts that snap up discounted holiday must-haves so resellers can gouge people with exorbitant markups.Microsoft patches Patch Tuesday’s Outlook 2010 problem patch
2018-11-27 14:23:10Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files,Google Maps scammers put their own phone numbers onto bank listings
2018-11-27 12:39:42Once they get victims on the phone, the crooks get their account PINs and CVV numbers for debit/credit cards and then drain their accounts.LinkedIn rapped for targeting ads at 18 million Facebook users
2018-11-27 12:23:58What upset the Data Protection Commissioner: none of the 18 million email addresses were those of LinkedIn users.Parents slam “weirdo” fraudsters for using child’s Facebook pic for cash
2018-11-27 11:34:14Did you help spread the viral scowling Pop-Tart™-deprived kid photo last week? Can't be helped, mom said,That Black Mirror episode with the social ratings? It’s happening IRL
2018-11-26 12:17:26Not picking up after your dog will cost you 10 points, for example, in China's Black Mirror-esque plan to socially score citizens.The phone went dark, then $1m was sucked out in SIM-swap crypto-heist
2018-11-26 12:00:16A Silicon Valley exec lost $1m in cryptocoin savings when a 21-year-old allegedly SIM-swapped his phone.Spectre mitigation guts Linux 4.20 performance
2018-11-26 11:43:34One of Intel’s fixes for the Spectre variant 2 chip flaw appears to have taken a big bite out of the performance of the latest Linux kernel.Monday review – the hot 18 stories of the week
2018-11-26 10:08:49From the deletion of 6,500 Dark Web sites to a Reddit Raspberry Pi riddle, and everything in between. It's weekly roundup time.Cathay Pacific to Face LegCo Panel on Data Leak
2018-11-23 17:36:58Legislative Councillor for Information Technology Hon Charles Mok submitted written questions to Cathay Pacific in advance of the LegCo Panel meeting. He has now released his questions and Cathay Pacific's answers.Mobile and IoT attacks – SophosLabs 2019 Threat Report
2018-11-23 12:36:50As internet users migrate from desktop and laptop computers to mobile and Internet of Things (IoT) platforms, cybercriminals are too.Cryptocurrency ‘minting’ flaw could have leached money from exchanges
2018-11-23 12:35:39Ethereum's complexity proves to be a rich source of bugs, again.Hacker says USPS ignored serious security flaw for over a year
2018-11-23 11:14:37A security researcher claims the US Postal Service ignored a security flaw affecting 60 million users,The passwordless web explained
2018-11-22 14:58:19Naked Security attempts to demystify passwordless web authentication.Update now! Adobe Flash has another critical security vulnerability
2018-11-22 12:07:01Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority.Cybercriminal techniques – Sophoslabs 2019 Threat Report
2018-11-22 11:26:15Cyberattackers are successfully evading detection on Windows computers by abusing legitimate admin tools that come pre-installed with the operating system.Reddit helps admin solve mystery of rogue Raspberry Pi
2018-11-22 11:25:29Finding a mysterious circuit board plugged into a network that you are tasked with managing is always going to be a disconcerting moment for any sysadmin.Microsoft’s MFA is so strong, it locked out users for 8 hours
2018-11-21 13:11:51It's a long time for Office 365 and Azure AD users to be locked out of such an important business platform, but MFA remains a good idea.Big breach, Creep-O-Meter and Black Friday [PODCAST]
2018-11-21 13:10:26It's the latest Naked Security Podcast - you're welcome!Dark Web hosting provider hacked, 6,500 sites erased
2018-11-21 11:44:19The database of the popular Daniel's Hosting was wiped out and all accounts deleted, taking down 30% of all hidden services.Drone owner fined for putting police helicopter crew ‘in danger’
2018-11-21 10:56:57It's the first ever prosecution under UK drone laws for a flight that could have turned deadly,Every day is Black Friday
2018-11-20 13:49:33Scammers don't stop trying to dupe you or take their foot off the gas just because it's the day after Cyber Monday.Patch Skype for Business now or risk DoS via emoji kittens!
2018-11-20 13:32:06So cute! So grabby with the bandwidth!Update now! Dangerous AMP for WordPress plugin fixed
2018-11-20 13:31:23The popular plugin for implementing Accelerated Mobile Pages returned, patched, to WordPress.org last week.Instagram accidentally reveals plaintext passwords in URLs
2018-11-20 11:13:52It's yet another security stumble following the massive Facebook hack in September, and it likely points to shoddy encryption practices.Mozilla’s IoT gift guide ranks gadgets from secure to shoddy
2018-11-19 13:29:13Mozilla slapped a “Meets Minimum Security Standards" badge on the IoT gadgets on its list that passed at least some muster.Has that website been pwned? Firefox Monitor will tell you
2018-11-19 12:01:42Firefox Monitor, a breach notification website launched by Mozilla in September, can now deliver alerts from inside the Firefox browser.Did a copy-paste error reveal the US’s secret case against Assange?
2018-11-19 11:51:47A court filing in an unrelated case mentioned the need to seal documents to keep secret the fact that "Assange" has been charged.Monday review – the hot 23 stories of the week
2018-11-19 10:25:01From the Microsoft mistake that left users fuming to the botnet that's pwned 100,000 routers, and everything in between.Could have sworn I deleted that photo from my phone! [PODCAST]
2018-11-16 22:49:54This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. Enjoy!How to rob an ATM? Let me count the ways…
2018-11-16 14:34:03A comprehensive new report lifts the lid on the sketchy state of ATM security.Judge asks if Alexa is witness to a double murder
2018-11-16 13:18:02A judge has ordered Amazon to turn over any recordings an Echo device may have made around the time a horrific crime occurred.Hacking MiSafes’ smartwatches for kids is child’s play
2018-11-16 12:23:47Researchers describe breaking into the watches as "probably the simplest hack we have ever seen."AI-generated ‘skeleton keys’ fool fingerprint scanners
2018-11-16 12:02:03Artificial intelligence can be used to 'grow' fake fingerprints that pack in common features, fooling scanners.Thought you deleted your iPhone photos? Hackers find a way to get them back
2018-11-15 18:17:40The hacking duo @fluoroacetate demonstrated zero-day exploits against phones from Apple, Samsung and Xiaomi at the recent Pwn2Own contest.Official Google Twitter account hacked in Bitcoin scam
2018-11-15 11:44:55The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts.DARPA uses a remote island to stage a cyberattack on the US power grid
2018-11-15 11:29:03It enacted a worst-case, "black start" scenario: swaths of the country's grid offline for a month, battery backups exhausted.France: Let’s make the internet safer! US: ‘How about NO?!’
2018-11-15 11:16:37Don't cry for us, Argentina: Critics saw potential for government meddling without court order, among other issues.Steganography – cool cybersecurity trick or dangerous risk? [VIDEO]
2018-11-15 00:14:46Burying secret data in plain sight- is it a clever cybersecurity trick, or a way to attract the very attention you wanted to avoid?Targeted ransomware attacks – SophosLabs 2019 Threat Report
2018-11-14 14:01:22This year's SophosLabs Threat Report is out. We talk targeted ransomware attacks, and in particular, SamSam.HTTP/3: Come for the speed, stay for the security
2018-11-14 12:52:46Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.
