5 things you can do today to make Zooming safer
2020-04-03 15:46:125 things you can do to make your Zooming safer, more private and more secure...‘Zombie’ Windows win32k bug reanimated by researcher
2020-04-03 10:29:56Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the operating system.Watch out for the new wave of COVID-19 scams, warns IRS
2020-04-03 09:12:05If somebody promises to get your economic impact payment fast, back away: it's just one flavor of COVID-19 scam the tax agency is seeing.Don’t get locked out of your own website – update this WordPress plugin now!
2020-04-02 16:24:39In theory, crooks could mess up your site so vistors can't see your content, then lock you out so you can't jump in and fix it.S2 Ep33: Ransomware on sale, dark web disaster, dead drops and pillow forts – Naked Security Podcast
2020-04-02 15:45:07Listen to the latest episode now!Phone carriers must authenticate calls to fight robocalls, says FCC
2020-04-02 11:44:07The FCC has given voice carriers until June 2021 to implement technology it says will stop the robocall plague that's driving us all insane.COVID-19 forces browser makers to continue supporting TLS 1.0
2020-04-02 09:52:37In one of the strangest stories of the year,Bill Gates’s YouTube ‘Bitcoin giveaway’ is a big fat scam
2020-04-01 13:15:42And no, Microsoft said, none of our verified accounts have been hijacked, vehemently denying early reports.QR code generator scam steals thousands in Bitcoin
2020-04-01 13:04:37Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Here's one.Microsoft’s Edge browser to get breached credential alerts
2020-04-01 11:29:02Microsoft has announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals.Marriott International confirms data breach of up to 5.2 million guests
2020-03-31 15:41:16Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people. The hotel chain says it uses an application to help provide services to its guests. Beginning mid-January this year,Patch now! Critical flaw found in OpenWrt router software
2020-03-31 14:18:03OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.Dharma ransomware source code on sale for $2,000
2020-03-31 14:17:21The source code for ransomware-as-a-service strain Dharma has been put up for sale by hackers.Data on almost every citizen of Georgia posted on hacker forum
2020-03-31 11:07:03Where did it all come from? 4.9m records were posted on a hacking forum - and the country only has an estimated population of 3.7m.Researchers speed the death of ‘bad’ data in the race against good
2020-03-31 10:42:26They have a way to inject 'good' data - i.e., accurate COVID-19 news or security patches - to outpace the spread of fake news or malware.“Instant bank fraud” warning spread on WhatsApp is a hoax
2020-03-31 08:25:47No, we don't know why people start hoaxes like this. You can do your bit by not forwarding them, not even "just in case".5 tips for keeping your data safe this World Backup Day
2020-03-30 23:16:08The only backup you will ever regret... is the one you didn't makeNo, Houseparty hasn’t hacked your phone and stolen your bank details
2020-03-30 20:12:49There's one thing missing in all the claims that deleting the Houseparty app will "unhack" you - evidence"How to stay on top of coronavirus scams – and all the others too
2020-03-30 15:57:20The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too...Apple’s iOS 13.4 hit by VPN bypass vulnerability
2020-03-30 13:43:17It’s less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.Chrome may bring back ‘www’ with option to show full URLs
2020-03-30 12:41:12Google's doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a site's security.Should governments track your location to fight COVID-19?
2020-03-30 12:00:30Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.Google sent ~40K warnings to targets of state-backed attackers in 2019
2020-03-30 11:50:11Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.Monday review – the hot 22 stories of the week
2020-03-30 09:41:57From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.Android apps are snooping on your installed software
2020-03-27 13:25:34Android apps are snooping on other software on your device - and that could tell shady advertising companies more about you than you'd like.Firefox 76 will have option to enforce HTTPS-only connections
2020-03-27 13:22:38The aim is to block the browser from reaching the small number of sites that cling to HTTP, closing security risks.Thousands of Dark Web sites deleted in attack on free hosting service
2020-03-27 11:50:02It's the second time that the popular Daniel's Hosting platform was attacked in 16 months. This time, 7,600 Dark Web sites were obliterated.FBI takes down hacker platform Deer.io
2020-03-27 10:40:13It was a top crooks' market, with over 24,000 shops doing brisk business selling credentials for Netflix, Facebook, Twitter, and more.S2 Ep32: ZoomBombing, Android malware and the WhatsApp Martinelli hoax – Naked Security Podcast
2020-03-26 15:44:05Join Sophos experts for the latest cybersecurity news and advice.Watch out! Scummy scammers target home deliveries
2020-03-26 14:51:50Anxiously waiting for a home delivery? Don't be tricked by a message that says there's a problem with your address...Apple Safari now blocks all third-party cookies by default
2020-03-26 14:10:05Starting in 13.1, advertisers and analytics firms can't track us through browser cookies. Apple says this also kills login fingerprinting.Adobe issues emergency fix for file-munching bug
2020-03-26 11:56:03Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims' files.Hijacked Twitter accounts used to advertise face masks
2020-03-26 11:47:06The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.Apple iOS 13.4 offers fixes for 30 vulnerabilities
2020-03-26 09:20:13Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.Windows has a zero-day that won’t be patched for weeks
2020-03-25 13:03:49Cybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.Your unused computer could help find a COVID-19 cure
2020-03-25 11:40:40Put it to work for the Folding@Home distributed computing project to uncover how the virus's spikes latch on and how they can be blocked.Hackers target WHO in phishing attack
2020-03-25 10:57:43A cyberattack that targeted the World Health Organization is probably just the tip of the iceberg according to experts reacting to the news this week.Battling the global COVID-19 scammers and fake news hawkers
2020-03-25 10:46:58Europol seized 34K fake surgical masks, while the office of NY's AG wants registrars to explain how they're battling the sale of lies.Facebook Messenger may ban mass-forwarding of messages
2020-03-24 12:09:14Facebook has done this before: it did it with WhatsApp, following an outbreak of lynchings sparked by viral social media hoaxes.Russia’s FSB wanted its own IoT botnet
2020-03-24 12:01:27If you thought the Mirai botnet was bad,Feds shut down bogus COVID-19 vaccine site
2020-03-24 10:05:07A vaccine for $4.95!? Nah, we didn't think so, either. Shuttering the alleged rip-off site is the DOJ's 1st takedown of COVID-19 flimflam.WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope”
2020-03-23 17:49:03Two old WhatsApp hoaxes are back, with a grain-of-truth story in the middle to add a veneer of believability. Don't spread this stuff!Cisco issues urgent fixes for SD-WAN router flaws
2020-03-23 12:51:47Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routes and their management software.Tour guide/Chinese spy gets four years for SD card dead drops
2020-03-23 12:45:03The dead drops were very James Bond: once, the data mule taped the SD card to the underside of a desk in a hotel.Stolen data of company that refused REvil ransom payment now on sale
2020-03-23 12:29:40A comment from one buyer of data purportedly from Brooks International: "It even has credit card number & a password. lol !!"Firefox is dropping FTP support
2020-03-23 12:18:23Heads up, Firefox users who rely on FTP: the browser is eliminating support for this venerable protocol.Monday review – the hot 23 stories of the week
2020-03-23 09:55:29From the EARN IT Act to the Martinelli hoax - and everything in between. It’s your weekly security roundup.S2 Ep31: Remote working, malwareless ransomware and EARN IT – Naked Security Podcast
2020-03-20 16:57:32Listen to the latest episode now!Trolls ZoomBomb work-from-home videocall with filth
2020-03-20 16:37:56Trolls have been joining videoconferencing calls to expose meeting participants to disturbing videos.Exchange rate service’s customer details hacked via AWS
2020-03-20 14:45:56Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.COVID-19 disruption delays release of Chrome version 81
2020-03-20 11:18:48It’s the COVID-19 shortage nobody expected - not toilet rolls, tinned goods or headache pills this time but Google software engineers.Location-tracking wristbands required on all incoming travelers to Hong Kong
2020-03-20 11:06:38The government says the wristband isn't privacy-invading because it won't track your location, per se;‘Dirty little secret’ extortion email threatens to give your family coronavirus
2020-03-19 22:22:30...And it's got your password as "proof".NIST shared dataset of tattoos that’s been used to identify prisoners
2020-03-19 15:36:16The EFF got in touch with the institutions that have the dataset. Some deleted it, while one refused and others didn't bother to respond.Cryptojacking is almost conquered – crushed along with coinhive.com
2020-03-19 12:56:23Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive - but it's drastically diminished.Delayed Adobe patches fix long list of critical flaws
2020-03-19 11:22:28This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.Facebook accidentally blocks genuine COVID-19 news
2020-03-19 10:34:39Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.Android malware uses coronavirus for sextortion and ransomware combo
2020-03-18 22:15:47The app says it will notify you of coronavirus cases... but in fact it locks up your phone and sextorts you for money at the same timeVMware patches virtualisation bugs
2020-03-18 12:38:10Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.Uber to file federal suit against LA over users’ real-time location data
2020-03-18 12:25:50Real-time, in-trip geolocation data isn't good for traffic/bike lane planning, a draft of the suit says. What it's good for is surveillance.DDoS attack on US Health agency part of coordinated campaign
2020-03-18 11:54:20It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.Human traffickers use social media oversharing to gain victims’ trust
2020-03-18 10:57:24Posts about money or family trouble are being used to gain trust by those who force victims into sex work or slavery, the FBI warns.Slack fixes account-stealing bug
2020-03-17 12:33:43Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.Tor browser fixes bug that allows JavaScript to run when disabled
2020-03-17 12:16:27The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.WordPress to get automatic updates for plugins and themes
2020-03-17 12:10:14Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.Europol busts up two SIM-swapping hacking rings
2020-03-17 10:51:21What a nightmare: your phone goes dead, and you can't log into your bank account because it's controlled by a hacker who's draining you dry.Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
2020-03-16 11:58:56What’s the difference between a scheduled security update and one that’s out-of-band? In this case, it's two days.Report calls for web pre-screening to end UK’s child abuse ‘explosion’
2020-03-16 11:57:40The IICSA report cited "unprecedented levels of depravity" and said that encryption is getting in the way of current screening.Open source bugs have soared in the past year
2020-03-16 10:55:41Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.Senate bill would ban TikTok from government phones
2020-03-16 10:26:55Concerns over cybersecurity risk and possible spying by China have already brought about bans from DHS, DoD, TSA, and the State Department.Monday review – the hot 23 stories of the week
2020-03-16 09:56:43Amazon and eBay shopper data was exposed, and the EARN IT act threatens end-to-end encryption. These stories and more in the weekly roundup.EARN IT Act threatens end-to-end encryption
2020-03-13 13:12:27The bill, which would undercut Section 230 protections for online publishing, presents itself as a way to stop online child abuse.Homeland Security sued over secretive use of face recognition
2020-03-13 12:05:28As of June 2019, CBP had processed more than 20 million travelers using facial recognition, civil rights group ACLU says.Confessions app Whisper spills almost a billion records
2020-03-13 11:43:46Researchers say the exposure includes exact locations of users' last posts, nicknames, age, and gender.Data of millions of eBay and Amazon shoppers exposed
2020-03-12 15:09:12Eight million customer records belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe were collected.Firefox 74 offers privacy and security updates
2020-03-12 14:55:24A month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements.Intel patches graphics drivers and offers new LVI flaw mitigations
2020-03-12 13:05:21Intel’s March security updates reached its customers this week and the dominant theme is the bundle of flaws affecting Graphics drivers.Analytics firm’s VPN and ad-blocking apps are secretly grabbing user data
2020-03-12 12:22:57Both Google and Apple have removed at least some of the apps from the company, Sensor Tower.Necurs zombie botnet disrupted by Microsoft
2020-03-12 11:16:32Necurs, one of the world's biggest botnets, infected over 9 million computers worldwide.S2 Ep30: Let’s Encrypt, ULTRASOUND attacks, backups for ransom – Naked Security Podcast
2020-03-11 17:51:42Listen to the latest episode now!TRRespass research reveals rowhammering is alive and well
2020-03-11 17:49:32"TRRespass" is a new trick for rowhammering - an attack where you write to a memory chip by reading it over and over (and over) again.Microsoft leaves critical bug unpatched on Patch Tuesday
2020-03-11 17:33:29Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical.FBI arrests alleged owner of Deer.io, top market for stolen accounts
2020-03-11 11:58:59Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.Trial for accused CIA leaker ends in hung jury
2020-03-11 11:20:25The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA's cyber arsenal.Brave browser to block web fingerprinting with randomisation
2020-03-11 10:28:16Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.Watch out for Office 365 and G Suite scams, FBI warns businesses
2020-03-10 12:52:30The FBI has warned users of Microsoft Office 365 and Google G Suite hosted email about Business Email Compromise (BEC) scams.Google data puts innocent man at the scene of a crime
2020-03-10 12:35:32The man became a suspect because location data from his Android phone was swept up in a surveillance dragnet called a geofence warrant.Ex-Inspector General indicted for stealing data on 250k govt colleagues
2020-03-10 12:04:55Crime doesn't pay, even if you have the audacity to try to sell your employer its own,Phone carriers may soon be forced to adopt anti-robocall tech
2020-03-10 11:04:21US carriers haven't been doing enough to block robocalls voluntarily. The Federal Communications Commission's response?It’s not a breach… it’s just that someone else has your data
2020-03-09 17:58:47If you lose someone's data because of a configuration blunder that lets crooks in without any actual hacking... is that a "breach" or not?One billion Android smartphones racking up security flaws
2020-03-09 14:09:50How long do Android devices continue to receive security updates after they’re purchased? The answer is: barely two years.Microsoft: Turn off Memory Integrity if it’s causing problems
2020-03-09 11:49:24Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off.Now you need a notarized document to get a .gov domain
2020-03-09 11:27:34The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.99% of compromised Microsoft enterprise accounts lack MFA
2020-03-09 11:15:17Cybercriminals compromise over a million Microsoft enterprise accounts each month as too few customers use multi-factor authentication.Monday review – the hot 29 stories of the week
2020-03-09 10:22:48From an ultrasonic attack on Siri and Google Assistant to the guy who hacked back at tech support scammers - and everything in between.IWD: biometrics, machine learning, privacy and being a woman in tech – Naked Security Podcast
2020-03-08 12:33:48To celebrate International Women's Day we invite you to this all-female splinter episode.5 tips for working safely from home
2020-03-06 16:55:25Don't let teleworking due to concerns over the coronavirus (Covid-19) put your cybersecurity health at risk....Is DKIM a Waste of Resources?
2020-03-06 12:43:52If all goes well, the March 2020 Yui Kee Newsletter will be the first to be distributed in a DKIM-signed email, but why has it taken so long, and what are the advantages of DKIM?Run ANDROID on an iPhone? Are you SERIOUS?!?
2020-03-06 12:42:01It's true - Android on an iPhone. OK, a few things don't work yet... such as sound. And the phone bit.Researcher finds 670 Microsoft subdomains vulnerable to takeover
2020-03-06 12:41:23Researchers have found it’s still child’s play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks.Chrome extension cons cryptocurrency users out of hardware wallet key
2020-03-06 11:43:46Ledger has warned users about a rogue Chrome extension that duped users into giving up the keys to their hardware crypto wallets.Cathay Pacific fined over crooks slurping its database for over 4 years
2020-03-06 11:15:37The ICO found a "catalog of errors," including backups without passwords, unpatched servers, no-longer-supported OSes and feeble anti-virus.Boots yanks loyalty card payouts after 150K accounts get stuffed
2020-03-06 10:53:28The UK pharmacy chain says it wasn't hacked, its systems are fine. It's all the password reusers mucking things up again!Coronavirus warning spreads computer virus
2020-03-05 13:37:52There's an attachment that you are "strongly recommended to read" on account of coronavirus infections in your area. Don't open it!Facebook: No, we are not killing Libra
2020-03-05 13:26:19Facebook denies that it's cringing away from its virtual currency plans due to the fact that regulators loathe it.Ethical hackers swarm Pentagon websites
2020-03-05 11:44:39Hackers are crawling all over the US Department of Defense's websites - and DoD officials are quite happy about the whole thing.Google launches FuzzBench service to benchmark fuzzing tools
2020-03-05 11:32:46Google has announced FuzzBench, a free service “for painlessly evaluating fuzzers in a reproducible way.”Zynga faces class action suit over massive Words With Friends hack
2020-03-05 11:03:22It's charging subpar password security and lousy user notification: Zynga has yet to notify users to warn them of the breach, the suit says.Why 3 million Let’s Encrypt certificates are being killed off today
2020-03-04 15:33:38If your certificate gets revoked and you don't renew it, visitors won't be able to get to your site...S2 Ep29: Facial recognition, malware madness and smart speakers – Naked Security Podcast
2020-03-04 15:08:58Listen to the latest episode now!NCSC: Secure your webcams now
2020-03-04 11:57:54We don't want to see what you do behind closed doors, but lots of hackers would be happy to pull up a chair to view that video stream.Google fixes MediaTek bug in Android March patches
2020-03-04 11:40:47There are patches for over 70 bugs, and they finally fixed a months-old exploit for MediaTek chipsets, said to affect millions of devices.Tech support scammers hacked back by vigilante
2020-03-04 11:08:50A cybercrime vigilante was so incensed by tech support scammers, he reverse-hacked the Indian call centre to spy on his would-be attackers.Facebook purges hundreds of fake accounts from state actors, marketers
2020-03-04 10:53:59It removed 5 networks engaged in foreign or government interference in Egypt, India, Russia, Iran, and Myanmar/Vietnam.
