Tuesday, May 21, 2019

WordPress plugin sees second serious security bug in six weeks

Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.

CEO told to hand back 757,000 fraudulently obtained IP addresses

A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back.

Brave browser concerned that Client Hints could be abused for tracking

Privacy-focused browser Brave has criticised an industry proposal it says would make browser fingerprinting easier.

Facebook bans accounts of fake news firm

It's not clear who paid Archimedes Group for its reality-warping campaigns, but it's clear disinformation is now a global scourge.

Bots rigged Russian finale of ‘The Voice Kids’ talent show

It turns out that robo-dialed calls accounted for 56.5% of the phone-in vote for the millionaire's daughter.

Monday review – the hot 20 stories of the week

It was a week of patches - from a severe Linux kernel flaw to a new 'wormable' Windows bug, here's a roundup of the week's top stories.

Google recalls Titan Bluetooth keys after finding security flaw

Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure.

Hacking gang stole millions in cryptocurrency via SIM swaps

Six alleged members of "The Community" were indicted, along with three phone service employees who allegedly helped target subscribers.

Europol arrests end GozNym banking malware gang

Arrests in Europe and the US appear to have ended the cybercrime careers of the gang behind the GozNym banking malware.

Trump seeks tales of social media bias – and your phone number

A tool from the White House invites those who suspect political bias in social media censorship to "share their story with President Trump."

Please vote for Naked Security at the European Blogger Awards 2019!

If you like what we do... please vote for us!

Facebook restores disabled ‘View As’ feature used in 2018 breach

The feature still lets you see how others see you, but without leaking access tokens.

Severe Linux kernel flaw found in RDS

Unpatched Linux systems are vulnerable to remote compromise from the local network.

San Francisco bans police use of facial recognition

The city that gave us facial recognition tech says "not in my back yard".

UPDATE NOW! Critical, remote, ‘wormable’ Windows vulnerability

Microsoft has fixed an RDP vulnerability that can be exploited remotely, without authentication and used to run arbitrary code.

Microsoft fixes Intel ZombieLoad bug with Patch Tuesday updates

May 2019 Patch Tuesday fixed 79 vulnerabilities, 19 of which are classed as Critical. Here's a summary of the most notable ones. 

Twitter bug leaks to iOS users’ location data to partner

Now fixed, the bug affected some users with multiple accounts running on an iOS device.

Update iOS and Mojave now! Apple patches are out

Apple has released its May 2019 security updates, taking iOS to version 12.3 and macOS Mojave to version 10.14.5.

Facebook sues app developer Rankwave over data misuse

The suit says Rankwave used Facebook user data for targeted marketing and ignored its cease-and-desist letter.

Update WhatsApp now! One call could give spies access to your phone

A WhatsApp zero-day has allowed an “advanced cyber actor” to successfully install spyware on victims' phones with no more than a phone call.

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...