Saturday, July 20, 2019

Firefox to pile on more native privacy features

Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.

Shapeshifting Morpheus chip aims to baffle hackers

Morpheus aims to make hacking so difficult at microprocessor level that attackers will give up long before they can do any damage.

FaceApp privacy panic sets internet alight

You grant FaceApp a perpetual, irrevocable license to use, reproduce, modify and adapt your image. Sounds scary.

Series 2 launch episode – RDP exposed [PODCAST]

The Naked Security Podcast is back. Listen now, and let us know what you think!

Hacked Bluetooth hair straighteners are too hot to handle

The Glamoriser Smart Bluetooth straightener offers up yet another example of how not to add a risky product to the Internet of Things (IoT).

Google Chrome is ditching its XSS detection tool

Google's throwing in the towel on XSS Auditor and putting its trust in Trusted Types instead.

Still not using HTTPS? Firefox is about to shame you

Two years after promising to report all HTTP-based web pages as insecure, Mozilla is about to deliver.

RDP exposed: the wolves already at your door

While everyone waits for BlueKeep to be exploited, another RDP threat is already at the door, according to new research from Sophos.

Microsoft, Google and Apple clouds banned in Germany’s schools

Citing privacy issues, Germany just banned its schools from using Microsoft Office 365, Google Docs, and Apple's iWork cloud services.

Facebook rolls out anti-scam reporting tool in UK

Facebook has coughed up £3m to help launch an anti-scam service as well as introducing a tool to report scam ads on its UK site.

Researchers hide data in music – and human ears can’t detect it

It's now possible to secretly transfer data inside music without turning it into unlistenable mush.

GandCrab ransomware revisited – is it back under a (R)evil new guise?

Did the GandCrab ransomware gang really 'retire' when they said, or did they never go away?

Bluetooth LE’s anti-tracking technology beaten

Researchers have found a way to beat the MAC address randomisation feature used by Bluetooth to protect users from being tracked.

$5b privacy fine against Facebook seen as ‘chump change’

It's 200x greater than the largest fine ever for breaking a promise to improve privacy practices.

Ransomware attackers demand $1.8m from US college

The school, located in the Bronx and serving around 8,000 students, has declined to say whether it will pay up.

Asian consortium plans blockchain-based mobile ID system

A group of Asian companies want to create a blockchain-based service to turn your phone into a mobile ID system.

Alan Turing chosen for the UK’s new £50 note – a cracking result!

In case you were wondering, scientists really can change the world, and change it for the better, too.

Instagram bug could have allowed anyone to take over your account

The good news is that Facebook updated Instagrams's servers-side defences automatically, so you don't have to do anything to fix this one.

Bust the password for an air-gapped machine – with its keyboard LEDs

Researchers have developed a technique for reading data from air-gapped PCs using LEDs. Cue dynamic hacker music now!

Apple quietly removes Zoom’s hidden web server from Macs

In the latest twist in the saga of the web-conferencing app, Apple has issued a ‘silent’ update removing Zoom's hidden web server from Macs.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.