Latest news from Naked Security (2019/03/06)

Google reveals BuggyCow macOS security flaw

Google’s Project Zero researchers have revealed a “high severity” macOS security flaw nicknamed ‘BuggyCow’ which Apple appears to be in no rush to patch.

Leaky ski helmet speakers expose conversations and data

Chips 2.0 speakers are the perfect accessory for any on-trend skier. There’s just one problem: Everyone else can listen in too.

Google Photos disables sharing on Android TV

Two models of Android TVs showed a stream of strangers’ Google accounts, along with profile pics, though not the actual photos.

Ep. 022 – Plaintext passwords, cryptocoin criminality and the Momo monstrosity [PODCAST]

Here’s the latest episode of the Naked Security podcast – listen now!

Facebook criticised for misuse of phone numbers provided for security

Facebook admits it’s using numbers supplied for 2FA for more than security, and you can’t turn it off.

Latest news from Naked Security (2019/03/05)

Companies are flying blind on cybersecurity

IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.

Comcast security nightmare: default ‘0000’ PIN on everybody’s account

It didn’t require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customers… and phone hijackers.

Update now! Critical Adobe ColdFusion flaw now being exploited

Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.

Windows IoT Core exploitable via ethernet

Microsoft’s IoT version of Windows is vulnerable to an exploit that could give an attacker complete control of the system.

Apple gets bug for free, while HackerOne declares first $1m bug hunter

An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.

Latest news from Naked Security (2019/03/04)

TikTok to pay record fine for collecting children’s data

It’s been a predator’s playground, where children’s photos have been public by default and trolling adults could message them.

Is a Facebookcoin in the works?

Facebook, Signal and Telegram are all planning cryptocurrencies. But why these companies, why now, and will they be successful?

YouTube disables comments on millions of videos of children

After big brands pulled ads, YouTube banned millions of comments, closed hundreds of accounts, and sped up development of a predator filter.

Anomaly in pen-test tool made malware servers visible

A security company was able to track command and control traffic generated by hacking groups thanks to an anomaly in a pen-testing tool.

Monday review – the hot 21 stories of the week

From the Momo Challenge to Mozilla’s potential insider threats from Aussie staff, and everything in between – it’s weekly roundup time.