Saturday, July 11, 2020

Mozilla turns off “Firefox Send” following malware abuse reports

Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks.

Kinda sorta weakened version of EARN IT Act creeps closer

Critics say the amended bill that's headed for a full Senate hearing still threatens encryption, albeit less blatantly.

Company web names hijacked via outdated cloud DNS records

Why hack into a server when you can just send vistors to a fake alternative instead?

Flashy Nigerian Instagram star extradited to US to face BEC charges

It's a short jump from a Rolls Royce ride to extradition from the UAE. Goodbye, Dubai, goodbye, Palazzo Versace, hello, Chicago jail cell.

Boston bans government use of facial recognition

To help end systemic racism, we'll stay away from an error-prone technology that's been shown to have racial bias, the city council said.

Monday review – the hot 11 stories of the week

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Facebook hoaxes back in the spotlight – what to tell your friends

At the risk of giving you a feeling of déjà vu all over again, it's time to talk about Facebook hoaxes once more.

Google buys AR smart-glasses company North

They're not surveillance spectacles, says Google, just a piece in the jigsaw of "ambient computing", where helpfulness is all around you.

MongoDB ransom threats step up from blackmail to full-on wiping

Still thinking "the crooks probably won't find me if I make a security blunder"?

133m records for sale as fruits of data breach spree keep raining down

Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters.

Microsoft issues critical fixes for booby-trapped images – update now!

Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 - update now!

Google stops pushing scam ads on Americans searching for how to vote

No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so - and to grab your PII in the process.

Firefox 78 is out – with a mysteriously empty list of security fixes

TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.

Google joins Apple in limiting web certificates to one year

Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.

iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards

TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.

Beware “secure DNS” scam targeting website owners and bloggers

If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site.

Satori IoT botnet author sentenced to 13 months in prison

Kenneth Schuchman, the creator of the massive Satori botnet of enslaved devices, will be spending 13 months behind bars.

Monday review – the hot 10 stories of the week

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.