Latest news from Naked Security (2019/04/03)

Researchers trick Tesla’s Autopilot into driving into oncoming traffic

They placed unobtrusive stickers that drivers wouldn’t see but would fool autopilot into thinking the lane was veering off to the left.

Is your hard drive exposed online?

Over 13,500 internet-connected storage devices have been exposed online by users who didn’t set passwords for them.

2m credit cards ripped off from restaurant chain, sold on the dark web

PoS malware affected some Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology and Tequila Taqueria locations.

Patch Android now! April updates fixes three critical flaws

Android’s April update includes two critical CVE-level patches among a total of 11 affecting handsets running versions 7, 8, and 9.

Latest news from Naked Security (2019/04/02)

Government spyware hidden in Google Play store apps

The malware, dubbed Exodus, records and steals all manner of data and leaves phones vulnerable to further hacking and data tampering.

TP-Link router zero-day that offers your network up to hackers

Downgrade attack lets any user take over – just ask for old-style access to the debugging port and you won’t need a password.

Are there viable alternatives to Facebook and Twitter?

There’s growing interest in social networks that prioritize user control. Two of the popular ones are Mastodon and Diaspora.

VMware patches critical vulnerabilities

VMware has released patches for several critical security vulnerabilities, days after two were unveiled at Pwn2Own.

Possible Toyota data breach affecting 3.1 million customers

Several Toyota companies have announced that they might have suffered data breach attempts, with one affecting 3.1 million customers.

Wrecked Teslas hang onto your (unencrypted) data

Sold at salvage and auctions, they contain info from drivers’ paired mobile devices, plus highly personal pre-crash video.

Latest news from Naked Security (2019/04/01)

Russia accused of massive GPS spoofing campaign

Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.

Microsoft slaps down 99 APT35/Charming Kitten domains

Court order in hand, Microsoft seized control of the hacker group’s (which it calls Phosphorous) phishing sites.

Top-secret defense document hoarder Harold Martin pleads guilty

Martin admitted that for more than 20 years, he stole and a vast quantity of highly classified information, stashing it in his home and car.

Politicians mistakenly vote the wrong way in controversial internet law

Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.

Monday review – the hot 21 stories of the week

From the Android bloatware selling your data to the hoards of security keys on GitHub, and everything in between. It’s the weekly roundup.