Award-winning security news, opinion, advice and research from Sophos.
BitLocker hacked? Disk encryption – and why you still need it [VIDEO] https://wp.me/p120rT-1R8Q
Microsoft Windows 7 patch warns of coming patchocalypse https://wp.me/p120rT-1R7O
Sacked IT guy annihilates 23 of his ex-employer’s AWS servers https://wp.me/p120rT-1R7c
Spycam sex videos of 1,600 motel guests sold to paying subscribers https://wp.me/p120rT-1R7i
RT @Sophos: #ICYMI: "Facebook has admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ pa…
RT @Sophos: More on the #Facebook password debacle: "It’s perfectly possible that no passwords at all fell into the hands of any crooks as…
RT @Sophos: We break down what you need to know about the latest Facebook password debacle, plus tips on securing your account: https://t.c…
Scammer pleads guilty to fleecing Facebook and Google of $121m https://wp.me/p120rT-1R7z
⚠️ 0-day alert! Patch now. ⚠️ If you use the Social Warfare plugin on your Wordpress website, please read this thread... https://twitter.com/warfareplugins/status/1108826025188909057
A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot. https://nakedsecurity.sophos.com/2019/03/21/researcher-finds-new-way-to-sniff-windows-bitlocker-encryption-keys/
A security researcher has discovered a high-severity bug in a popular PHP library that could enable attackers to run remote code on web servers. https://nakedsecurity.sophos.com/2019/03/21/flaw-in-popular-pdf-creation-library-enabled-remote-code-execution/
Change your Facebook password now! https://wp.me/p120rT-1R7j
Opera announced on Wednesday that it’s added its free Virtual Private Network (VPN) service to its Android browser app …again. https://nakedsecurity.sophos.com/2019/03/21/opera-brings-back-free-vpn-service-to-its-android-browser/
In December, the FBI seized the domains of 15 of the world’s biggest “booters” (websites that sell distributed denial-of-service, or DDoS, services) – a crackdown that’s led to an 85% decrease in the average size of DDoS attacks on a year-on-year basis. https://nakedsecurity.sophos.com/2019/03/21/fbi-crackdown-on-ddos-for-hire-sites-led-to-85-slash-in-attack-sizes/
We’ll be doing a Facebook Live in 30 minutes on disk encryption - is it worth it? Should I use it on my home laptop? Join us on our Facebook page: https://Facebook.com/SophosSecurity
Researcher finds new way to sniff Windows BitLocker encryption keys https://wp.me/p120rT-1R5Q
Flaw in popular PDF creation library enabled remote code execution https://wp.me/p120rT-1R6e
Opera brings back free VPN service to its Android browser https://wp.me/p120rT-1R5T
FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes https://wp.me/p120rT-1R63
Microsoft has said it plans to patch a new class of Windows security bug discovered by a Google Project Zero researcher despite finding no conclusive evidence that it poses a threat to users. https://nakedsecurity.sophos.com/2019/03/20/google-researcher-discovers-new-type-of-windows-security-weakness/
No sooner has Netflix made an interactive TV show than people are pulling apart its privacy implications and fretting about its potential to leak private information. #Bandersnatch https://nakedsecurity.sophos.com/2019/03/20/researchers-fret-over-netflix-interactive-tv-traffic-snooping/
Hackers set off over 30 emergency sirens in Tornedo Alley, Texas. https://nakedsecurity.sophos.com/2019/03/20/hacked-tornado-warning-systems-leave-texans-in-the-dark/
It’s been on the to-do list for a while, but Mozilla announced yesterday that with the release of Firefox 66 for desktop and Firefox for Android this week, media autoplay of video or audio is now blocked on websites by default. https://nakedsecurity.sophos.com/2019/03/20/firefox-66-will-silence-autoplaying-web-audio/
Epic Games, the company behind online gaming phenomenon Fortnite, is at the centre of a privacy storm after players noticed that it was gathering data from their Steam accounts and storing it on their computers without permission. https://nakedsecurity.sophos.com/2019/03/19/epic-in-hot-water-over-steam-scraping-code/
Elsevier – publisher of scientific journals such as The Lancet – has left its users’ passwords and email addresses lying around online. Our advice is to reset your password and if you’ve used the same password elsewhere, change that too. https://nakedsecurity.sophos.com/2019/03/20/elsevier-exposes-users-emails-and-passwords-online/
In a new twist, extortionists are claiming to be corrupt a law enforcement official who has seen you viewing illegal content such as child pornography. https://nakedsecurity.sophos.com/2019/03/19/cia-bribery-scam-crooks-offer-to-erase-child-abuse-evidence-for-10000/
Ep. 024 – Sextortion, malicious adverts and randomness [PODCAST] https://wp.me/p120rT-1R5t
Google researcher discovers new type of Windows security weakness https://wp.me/p120rT-1R3U
Researchers fret over Netflix interactive TV traffic snooping https://wp.me/p120rT-1R4r
Hacked tornado warning systems leave Texans in the dark https://wp.me/p120rT-1R3R
Elsevier exposes users’ emails and passwords online https://wp.me/p120rT-1R3K
Due to a server migration error around 50 million songs have been erased from MySpace. That includes everything uploaded to the site prior to 2015. https://nakedsecurity.sophos.com/2019/03/19/myspace-loses-50-million-songs-in-server-migration/
A hacker using the identity ‘Gnosticplayers’ has topped up one of the largest data breaches ever publicised by offering for sale 26 million records stolen from another six online companies. https://nakedsecurity.sophos.com/2019/03/19/gargantuan-gnosticplayers-breach-swells-to-863-million-records/
The judge ruled that there was prima facie evidence that Six4Three had plotted to “commit a crime or fraud” by leaking the Facebook emails in violation of an earlier court order. https://nakedsecurity.sophos.com/2019/03/19/court-embarrassing-leaks-of-internal-facebook-emails-are-fishy/
A security researcher has found a way to tinker with Windows’ core settings while persuading users to accept the changes, it emerged this week – and Microsoft has no intention of patching the issue. https://nakedsecurity.sophos.com/2019/03/19/microsoft-wont-patch-windows-registry-warning-problem/
Kiddle or Kidrex are not reinventing the search engine wheel but the idea is to offer a layer of safety to protect children from inappropriate content online. https://nakedsecurity.sophos.com/2019/03/19/child-friendly-search-engines-how-safe-is-kiddle/
CIA bribery scam – crooks offer to erase child abuse evidence for $10,000 https://wp.me/p120rT-1R3T
Due to a server migration error around 50 million songs have been erased from MySpace. That includes everything uploaded to the site prior to 2015. https://nakedsecurity.sophos.com/2019/03/19/myspace-loses-50-million-songs-in-server-migration/
What are your views on ‘child-friendly’ search engines like Kiddle and Kidrex?
Microsoft won’t patch Windows registry warning problem https://wp.me/p120rT-1QWr
Gargantuan Gnosticplayers breach swells to 863 million records https://wp.me/p120rT-1R29
Court: Embarrassing leaks of internal Facebook emails are fishy https://wp.me/p120rT-1R1H
Epic in hot water over Steam-scraping code https://wp.me/p120rT-1R2s
MySpace loses 50 million songs in server migration https://wp.me/p120rT-1R2h
Child-friendly search engines: How safe is Kiddle? https://wp.me/p120rT-1QRN
The US Government is working on an electronic voting system that it hopes will prevent people from tinkering with voting machines at the polls. https://nakedsecurity.sophos.com/2019/03/18/us-government-works-to-secure-electronic-voting/
Intel released a slew of patches last week, fixing a range of vulnerabilities that could allow attackers to execute their own code on affected devices. https://nakedsecurity.sophos.com/2019/03/18/intel-patches-a-gaggle-of-flaws-allowing-for-code-execution/
Users of Google’s cloud-based suite of productivity apps could now be asked to authenticate using Google’s Prompt system or security token. #2FA https://nakedsecurity.sophos.com/2019/03/18/g-suite-admins-can-now-disallow-sms-and-voice-authentication/
Update WordPress to version 5.1.1 to protect yourself from a recently patched vulnerability. https://nakedsecurity.sophos.com/2019/03/18/wordpress-5-1-1-patches-dangerous-xss-vulnerability/
🗞️Your top stories from the last week: Citrix admits attackers breached its network, Google says update “right this minute” and John Oliver bombards the FCC with anti-robocall robocall campaign. Read all stories here: https://nakedsecurity.sophos.com/2019/03/18/monday-review-the-hot-23-stories-of-the-week-29/
 
 
 
 
 
© 2009 creamsocial