Latest news from Naked Security (2019/03/27)

Ep. 025 – Business Email Compromise and IoT surprises [PODCAST]

Here’s our latest podcast – listen now!

Facebook’s Whitehat Settings lets bug-hunters dial back app security

The “Whitehat” settings will help researchers to analyze network traffic from its mobile apps by dialling back security settings.

Preinstalled Android apps are harvesting and sharing your data

New research reveals that the bloatware preinstalled on many new Android phones could do far more than simply chew up your storage.

DragonEx exchange hacked, smoking ashes being raked over

“Part” of its assets have been retrieved, and they’ve got an address for a suddenly much plumper Bittrex wallet.

Latest news from Naked Security (2019/03/26)

Apple patches 51 security flaws

Apple’s update for iOS and macOS patches 51 holes, the more serious of which include bugs in Safari, Keychain and FaceTime.

FEMA exposes sensitive data of 2.3 million disaster survivors

The agency said it exposed 2.3m people’s details in a “major privacy incident” involving a contractor that set up temporary housing.

Tech giants back bill that privacy advocates claim is toothless

The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.

Family tracking app spilled pics, names and real-time location data

A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.

Medtronic cardiac implants can be hacked, FDA issues alert

Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).

Latest news from Naked Security (2019/03/25)

Thousands of API and cryptographic keys leaking on GitHub every day

Researchers have found that one of the most popular source code repositories in the world is still housing thousands of publicly accessible user credentials.

Update now! WordPress hackers target Easy WP SMTP plugin

Two hacking groups have been spotted targeting websites running unpatched versions of the WordPress plugin Easy WP SMTP.

New ratings point to keyless cars that can stand up to relay attacks

Researchers rated six of the 11 newly launched cars as being easy to open up and drive off with a cheap relay device anyone can buy online.

Monday review – the hot 29 stories of the week

From an ex-employee from IT hell to Window 7’s upcoming patchocalypse, and everything in between. It’s weekly roundup time!

Facebook password crisis – what to do? [VIDEO]

Watch this special edition of Naked Security Live – we answer the questions people have been asking us, like “Should I stay or should I go?”

Sacked IT guy annihilates 23 of his ex-employer’s AWS servers

He was fired after four weeks, ripped off the credentials of former colleague “Speedy”, and will be mulling it all over for two years in jail.