Latest news from Naked Security (2019/01/31)

Update now! Chrome and Firefox patch security flaws

Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux.

14k HIV+ records leaked, Singapore says sorry

Singapore’s Ministry of Health said the HIV status of 14,200 people, plus confidential data of 2,400 of their contacts, is in the possession of somebody who’s not authorized to have it and who’s published it online.

Phone cloner gets 65 months in jail

A US court has sentenced a man to over five years for his part in a massive telecommunications fraud involving stolen cellphone accounts and reprogrammed phones.

Apple kicks Facebook’s snoopy Research app out of the App Store

It was paying people, including teens, up to $20 to install an app that got root access for “nearly limitless access,” encryption or no.

Ep. 017 – DNS hijacking, a weird breach and a cybersecurity confession [PODCAST]

Here’s the latest Naked Security podcast – enjoy!

Latest news from Naked Security (2019/01/30)

Matrix under the microscope: what a niche ransomware can teach us

The malware middle ground is full of journeymen, wallflowers and also-rans that’ll bite you hard, if you let them.

Sophos Home’s been updated, and it’s got some cool new features

There’s a new version of Sophos Home out today, and it comes with a whole host of new features.

Privilege escalation vulnerability uncovered in Microsoft Exchange

A researcher has discovered an alarming way that an attacker controlling a Microsoft Exchange mailbox account could potentially elevate their privileges to become a Domain Administrator.

Firefox makes it easier for users to dodge ad-trackers

Firefox has introduced a new set of controls to make it easier for privacy-conscious users to protect themselves from online ad trackers.

It’s mop-up time for WebStresser DDoS-for-hire users

Cops from 14 countries are seeking to inflict a bit of distributed denial-of-freedom to whoever’s behind 6 million around-the-globe attacks.

Scammers steal social media videos to wring hearts and wallets

They’re putting up fake accounts to bilk the tender-hearted for donations, using the images of a real 5-year-old with real cerebral palsey.

Latest news from Naked Security (2019/01/29)

Apple scrambles to fix FaceTime eavesdropping bug

Apple is scrambling to fix an embarrassingly dangerous “snooping” bug in its popular FaceTime app.

Japanese government will try to hack its citizens’ IOT devices

Japan will hack citizens’ IoT devices to mop up cyber security before the Olympics. Don’t like the notion? Here’s how to lock ’em down!

Facebook to tie together WhatsApp, Instagram and Facebook Messenger

Should we cheer for WhatsApp-esque, end-to-end encryption everywhere, or tremble at creeping Facebookism?

Thieves’ names and descriptions made public on B&Q database

DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.

Credential-stuffing attack prompts Dailymotion password reset

Dailymotion is resetting the account passwords of an unknown number of users after being hit by a “large-scale” credential stuffing attack.