Latest news from Naked Security (2019/05/31)

Unpatched Docker bug allows read-write access to host OS

Suse developer Aleksa Sarai has uncovered a bug in the way that the container framework handles path names.

Flipboard data breach – what users should do now

Hugely popular news aggregation site Flipboard – one billion app downloads from Google Play and counting – has become the latest internet company to admit it has suffered a breach.

Foreign spies may be hiding in your VPN, warns DHS

“…nation-state actors have demonstrated intent and capability to leverage VPN services and vulnerable users for malicious purposes.”

Facial recognition used to strip adult industry workers of anonymity

A name-and-shame database is supposed to “save” husbands from wives who have appeared on porn sites.

Latest news from Naked Security (2019/05/30)

The cryptominer that kept coming back

A Monero cryptominer made a home on an Apache Tomcat server and just wouldn’t stay away.

New Zealand’s “hacked” budget was found on a website

Police close their investigation, concluding that New Zealand’s “wellbeing” budget wasn’t hacked.

A million devices still vulnerable to ‘wormable’ RDP hole

An internet-wide scan has revealed almost one million devices vulnerable to CVE-2019-0708.

What a teen grade hacker’s confession can teach us

“We had access to the grade book. Now we could change the grades.”

Latest news from Naked Security (2019/05/29)

New research generates deepfake video from a single picture

Now it’s easier for attackers to produce deepfakes, even if the target doesn’t have much existing footage. Like the Mona Lisa.

Three tech-support scammers charged with ripping off the elderly

The defendants allegedly pulled in over $1.3 million over the course of about six years for unnecessary and undelivered tech support.

Researchers uncover smart padlock’s dumb security

Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.

Millions of Canva users’ data stolen as GnosticPlayers strikes again

The initial breach notification was topped with marketing fluff: an unfortunate choice, given what could be the resulting glazed eyeballs.