Saturday, January 19, 2019

Vast data-berg washes up 1.16 billion pwned records

Have I Been Pwned? (HIBP) has revealed a huge cache of breached email addresses and passwords, which it has named Collection #1.

Google cracks down on access to your Android phone and SMS data

Android apps that want access to your call and SMS data now have to pass muster with Google's team of reviewers.

Did you know you can see the ad boxes Facebook sorts us into?

...or that they can edit the (often inaccurate) pigeon-holes Facebook likes to put us in, a study found.

Ep. 015 – USB anti-hacking, bypassing 2FA and government insecurity [PODCAST]

Here's the latest Naked Security podcast - enjoy!

YouTube bans dangerous and harmful pranks and challenges

The platform can't keep us from driving while blindfolded, but at least it can remove videos that glorify our more brainless moments.

Email crooks swindle woman out of $150K from home sale

She sent her bank account details three times, she said. Unfortunately, they wound up in crooks' hands, and her money wound up in their pockets.

Microsoft font gives away forgery in bankruptcy case

In a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.

Change your password! VoIP provider leaves huge database exposed online

A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.

Two charged with hacking company filings out of SEC’s EDGAR system

They're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.

Are you sure those WhatsApp messages are meant for you?

Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone else’s messages waiting for her.

Intel patches another security flaw in SGX technology

Of the six advisories Intel released last week, the most interesting is a flaw discovered in the company’s Software Guard Extensions (SGX).

Beware buying Fortnite’s V-Bucks, you could be funding organised crime

Credit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.

Police can’t compel biometric phone unlocking, rules judge

The landmark decision asserts the same legal protection for biometrics that we're given for passcodes.

Windows 7 users get fix for latest updating woe

Microsoft has vexed its Windows 7 users with a misbehaving update that caused licensing and networking errors.

Blockchain burglar returns some of $1m crypto-swag

In an interesting move for villainy, a thief who stole over $1 million from the Ethereum Classic blockchain has given some of it back.

Facebook to start fact-checking fake news in the UK

Facebook's relying on demotion instead of removal, so users will still be able to share content, even if Full Fact rates it inaccurate.

Is fake-news sharing driven by age, not politics?

Researchers say people over 65 are seven times more likely to share fake news than 18 to 29-year-olds.

New year, new career? How some Sophos experts got into cybersecurity

We asked a number of people working in different roles at Sophos how they made their way into the industry.

Shutdown hits government websites as certificates begin to expire

The US government shutdown is affecting more than just physical sites like national parks and monuments.

10 years for Boston Children’s Hospital DDoSer

Martin Gottesfeld said he wishes he “had done more” than knock out BCH’s network for at least two weeks.
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more