Latest news from Naked Security (2019/12/11)

Windows 10 Mobile receives its last security patches

If you’re one of the tiny hardcore still using Windows 10 Mobile, 10 December 2019 is probably a day you’ve been dreading for nearly a year.

DoItForState domain name thief gets 14 years for pistol-whipping plot

He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.

FTC warns Christmas buyers that smart toys are a security risk

Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.

Ad industry groups ask that the CCPA keep its mitts off their cookies

Ad-blocking technologies can block the cookies that record consumers’ privacy choices, they claim.

Latest news from Naked Security (2019/12/10)

Snatch ransomware pwns security using sneaky ‘safe mode’ reboot

The Sophos Managed Threat Response (MTR) team has warned the industry of a dangerous new ransomware trick.

EU releases its 5G conclusions

The Council of the European Union sent a memo summarizing its thoughts on the “need to mitigate security risks linked to 5G”.

Facebook users were duped by Cambridge Analytica, FTC rules

Delete the data, and don’t do any of that again, the FTC told the data analytics company, which already filed for bankruptcy in 2018.

TikTok settles class action over child privacy one day after it’s filed

The $1.1m settlement is an “excellent result,” TikTok said, unsurprisingly: compared with its $5.7m FTC fine, it’s dirt cheap.

Serious Security: Understanding how computers count

The hard disks that fail abruptly at 32,768 hours of use – why simply ‘adding 1’ can send you into oblivion.

Latest news from Naked Security (2019/12/09)

Will the new iPhone 11 track you even if you tell it not to?

Does turning location access off for all your apps mean that location access is off altogether?

Networking attack gives hijackers VPN access

Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.

HackerOne pays $20,000 bounty after breach of own systems

In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.

Facebook suing ILikeAd for hijacking users’ ad accounts

Facebook says the company used celeb bait links to infect victims with malware and hijacked their ad accounts to sell diet pills.

$5m bounty set on the alleged head of Evil Corp banking Trojan group

Know where Maksim “Aqua” Yakubets is? Can you pry him out of Russia and his Lamborghinis? The biggest ever cybercrook reward awaits!

Monday review – the hot 22 stories of the week

Get up to date with the hot security stories from the past week – from fake Android apps to malware targeting Mac users.