Tuesday, September 25, 2018

Bankrupt NCIX customer data resold on Craigslist

What happens to sensitive customer data when a large company that has collected it over many years suddenly goes bust?

Facebook faces sanctions if it drags its feet on data transparency

The EU justice commissioner said she's out of patience. Also, she quit Facebook because it's a "channel of dirt."

App developers are STILL allowed to read your Gmails

Google is still allowing third-party developers access to access its users’ Gmail data, it said in a letter to Senators last week.

Police accidentally tweet bookmarks that reveal surveilled groups

The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week, uploading a screenshot that revealed browser bookmarks.

iTunes is assigning you a ‘trust score’ based on emails and phone calls

It's just a number to detect fraud, not a Black Mirror-esque score that's going to rate us all as social misfits unworthy of wedding invitations.

Monday review – the hot 19 stories of the week

From iOS security updates to Netflix phishing attacks, catch up with everything we've written in the last seven days - it's weekly roundup time.

Bitcoin flaw could have allowed dreaded 51% takeover

The scenario was always hypothetical but the fact such a thing was even possible until this week has left some in the Bitcoin community feeling alarmed.

Warning issued as Netflix subscribers hit by phishing attack

Netflix phishing scammers are at it again, sending emails that try to steal sensitive details from subscribers.

Man who shared Deadpool movie on Facebook faces 6 months in jail

US government recommended six months behind bars. That’s one month for every million people that viewed a part of the pirated movie, apparently.

US military given the power to hack back/defend forward

The new preventative cybersecurity powers include potentially acting against countries considered friendly toward the US - a risky move, some say.

FBI wants to keep “helpful” Mirai botnet authors around

The young men behind the powerful IoT device botnet have been working undercover with law enforcement since they were first fingered.

Western Digital goes quiet on unpatched MyCloud flaw

Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.

URL spoofing – what it is and what to do about it [VIDEO]

What happens if your browser doesn't tell you the truth about the identity of the website you're looking at?

iOS 12 is here: these are the security features you need to know about

One year to the day after iOS 11 appeared, Apple yesterday released its replacement, iOS 12.

Here we Mongo again! Millions of records exposed by insecure database

Another day, another poorly configured MongoDB database.

Years on, third party apps still exposing Grindr users’ locations

A third party app can use Grindr’s distance data to pinpoint a users location down to a room within a house.

How Facebook wants to protect political campaigners from hacking

The social network is trying to protect candidates, elected officials and their staff from "hackers and foreign adversaries".

Intel releases firmware update for ME flaw

It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of.

Hackers selling research phished from universities on WhatsApp

Millions of documents have been stolen from top UK universities and are being sold over WhatsApp for as little as £2.

91 “child friendly” Android apps accused of exploitation

New Mexico's AG filed a lawsuit accusing a popular app maker, plus Google's and Twitter's ad platforms, of illegally collecting kids' data.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...