Latest news from Naked Security (2020/03/03)

Why ‘free’ Wi-Fi isn’t really free

How much data is too much to give away to get online while you’re waiting at the train station? In the airport? A shopping mall?

Digital piggy bank sevice broken into by cybercrooks

A financial proivider that gives loans but locks them down to turn them into savings… didn’t lock down its own network.

Huge flaw found in how facial features are measured from images

It has to do with optics: faces appear to flatten out as we get further away. Our brains compensate, but AI-run facial recognition doesn’t.

GoodRx stops sharing personal medical data with Google, Facebook

The mobile app saves people money but was letting 20 companies know who’s taking antipsychotics, erectile dysfunction and HIV meds, and more.

Nvidia patches severe flaws affecting GeForce, Quadro NVS and Tesla

In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.

XSS plugin vulnerabilities plague WordPress users

Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.

Latest news from Naked Security (2020/03/02)

Siri and Google Assistant hacked in new ultrasonic attack

Researchers have demonstrated how voice assistants can be secretly activated without ever physically touching the device.

Let’s Encrypt issues one billionth free certificate

Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago.

Ironpie robot vacuum can suck up your privacy

You might want to unplug this not-so-smart robot: researchers found they can watch video streams piped out from its security camera.

Fresh phish! Stripe scam baked and delivered in under an hour

Less than an hour after the crooks registered their scamming domain, the phishing attack was under way.

Facebook sues data analytics firm OneAudience over malicious SDK

Facebook says OneAudience paid developers to install its social-media-profile-looting SDK into their apps to get marketing data for clients.

Monday review – the hot 23 stories of the week

From Chrome’s mystery zero-day to why the EC has switched to Signal, get yourself up to date with everything we’ve written in the last week.

Latest news from Naked Security (2020/02/28)

Clearview AI loses entire database of faceprint-buying clients to hackers

Time to worry about how well the facial recognition startup protects its 3b+ database of faceprints scraped from our social media accounts?

Ransomware wipes evidence, lets suspected drug dealers walk free

Six alleged drug criminals will go free thanks to a ransomware attack on a small Florida city, it was revealed this month.

Firefox rolling out DNS-over-HTTPS privacy by default in the US

Mozilla has said it plans to make a privacy technology called DNS-over-HTTPS (DoH) the default setting for US users of Firefox within weeks.

Google has right to censor conservative nonprofit on YouTube

It’s not a “state actor”, so isn’t subject to 1st Amendment scrutiny and can censor PragerU’s videos on abortion, gun rights and terrorism.