Saturday, November 17, 2018

Could have sworn I deleted that photo from my phone! [PODCAST]

This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. Enjoy!

How to rob an ATM? Let me count the ways…

A comprehensive new report lifts the lid on the sketchy state of ATM security.

Judge asks if Alexa is witness to a double murder

A judge has ordered Amazon to turn over any recordings an Echo device may have made around the time a horrific crime occurred.

Hacking MiSafes’ smartwatches for kids is child’s play

Researchers describe breaking into the watches as "probably the simplest hack we have ever seen."

AI-generated ‘skeleton keys’ fool fingerprint scanners

Artificial intelligence can be used to 'grow' fake fingerprints that pack in common features, fooling scanners.

Thought you deleted your iPhone photos? Hackers find a way to get them back

The hacking duo @fluoroacetate demonstrated zero-day exploits against phones from Apple, Samsung and Xiaomi at the recent Pwn2Own contest.

Official Google Twitter account hacked in Bitcoin scam

The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts.

DARPA uses a remote island to stage a cyberattack on the US power grid

It enacted a worst-case, "black start" scenario: swaths of the country's grid offline for a month, battery backups exhausted.

France: Let’s make the internet safer! US: ‘How about NO?!’

Don't cry for us, Argentina: Critics saw potential for government meddling without court order, among other issues.

Steganography – cool cybersecurity trick or dangerous risk? [VIDEO]

Burying secret data in plain sight- is it a clever cybersecurity trick, or a way to attract the very attention you wanted to avoid?

Targeted ransomware attacks – SophosLabs 2019 Threat Report

This year's SophosLabs Threat Report is out. We talk targeted ransomware attacks, and in particular, SamSam.

HTTP/3: Come for the speed, stay for the security

Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.

Support wouldn’t change his password, so he mailed them a bomb

The Cryptopay customer asked customer services for a new password. They refused, given that it was against the company privacy policy.

Microsoft update breaks Calendar and Mail on Windows 10 phones

Still reeling from last week's Windows 10 Pro debacle, Microsoft dropped a fresh pile of “Oops!” onto Windows 10 Mobile users.

Google and Cloudfare traffic diverted to China… do we need to panic?

A brief outage on Monday diverted traffic to providers such as Google and Cloudflare via China - was it a blunder or a hack?

WordPress GDPR compliance plugin hacked

There's no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time.

DEA and ICE hiding cameras in streetlights and traffic barrels

Drug and immigration cops in the US are buying surveillance cameras to hide in streetlights and traffic barrels.

Does wiping your iPhone count as destroying evidence?

Police say it's a felony, but a woman arrested in connection with a drive-by shooting says she doesn't even know how to remotely wipe.

How to fit all of Shakespeare in one tweet (and why not to do it!)

A security researcher squoze 1,299,999 words into a single tweet, thanks to image metadata that Twitter doesn't remove.

Headmaster fired over cryptocoin mining on the school’s dime

O, that constant whirring noise? And the sky-high electricity bill? Why, it's those darn air conditioners and heaters!
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.