Wednesday, December 11, 2019

Windows 10 Mobile receives its last security patches

If you’re one of the tiny hardcore still using Windows 10 Mobile, 10 December 2019 is probably a day you’ve been dreading for nearly a year.

DoItForState domain name thief gets 14 years for pistol-whipping plot

He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.

FTC warns Christmas buyers that smart toys are a security risk

Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.

Ad industry groups ask that the CCPA keep its mitts off their cookies

Ad-blocking technologies can block the cookies that record consumers' privacy choices, they claim.

Snatch ransomware pwns security using sneaky ‘safe mode’ reboot

The Sophos Managed Threat Response (MTR) team has warned the industry of a dangerous new ransomware trick.

EU releases its 5G conclusions

The Chinese company is at the heart of a security spat with the US that has also been causing some consternation in the UK.

Facebook users were duped by Cambridge Analytica, FTC rules

Delete the data, and don't do any of that again, the FTC told the data analytics company, which already filed for bankruptcy in 2018.

TikTok settles class action over child privacy one day after it’s filed

The $1.1m settlement is an “excellent result,” TikTok said, unsurprisingly: compared with its $5.7m FTC fine, it's dirt cheap.

Serious Security: Understanding how computers count

The hard disks that fail abruptly at 32,768 hours of use - why simply 'adding 1' can send you into oblivion.

Will the new iPhone 11 track you even if you tell it not to?

Does turning location access off for all your apps mean that location access is off altogether?

Networking attack gives hijackers VPN access

Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.

HackerOne pays $20,000 bounty after accidental breach of own systems

In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.

Facebook suing ILikeAd for hijacking users’ ad accounts

Facebook says the company used celeb bait links to infect victims with malware and hijacked their ad accounts to sell diet pills.

$5m bounty set on the alleged head of Evil Corp banking Trojan group

Know where Maksim “Aqua” Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!

Monday review – the hot 22 stories of the week

Get up to date with the hot security stories from the past week - from fake Android apps to malware targeting Mac users.

Mac users targetted by Lazarus ‘fileless’ Trojan

The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.

US parents file class action against TikTok over children’s privacy

Collecting children's data without their guardians' consent is illegal under COPPA and already earned TikTok a huge fine.

Instagram trying to protect kids by getting dates of birth from new users

It's about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn't hurt, either.

OpenBSD devs patch authentication bypass bug

One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.

Cookie-stealing malware wants to know your Facebook ad budget

The AdKoob malware that sneakily peeks at how much you're spending on ads is back.
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.