Latest news from Naked Security (2019/12/06)

Mac users targetted by Lazarus ‘fileless’ Trojan

The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.

US parents file class action against TikTok over children’s privacy

Collecting children’s data without their guardians’ consent is illegal under COPPA and already earned TikTok a huge fine.

Instagram trying to protect kids by getting dates of birth from new users

It’s about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn’t hurt, either.

OpenBSD devs patch authentication bypass bug

One of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls.

Latest news from Naked Security (2019/12/05)

Cookie-stealing malware wants to know your Facebook ad budget

The AdKoob malware that sneakily peeks at how much you’re spending on ads is back.

S2 Ep19: One of us just prevented a ransomware attack – Naked Security Podcast

Listen now!

iCloud-hacking politician to be sentenced on Christmas eve

Former Dutch city council member Mitchel van der K invaded hundreds of iCloud accounts “frequently and repeatedly”.

Machine-raiding Python libraries squashed by community

Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.

Critical DoS messaging flaw fixed in December Android update

Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.

Yodel parcel tracking app blabs about other people’s parcels

Yodel’s mobile parcel delivery app was leaking people’s delivery data to others using the app, a security researcher discovered.

IM RAT spy tool seller raided, busted, kicked offline

The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.

Latest news from Naked Security (2019/12/04)

Steam players – beware of fake skins as phishers try to hijack accounts

Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.

Facebook made to ‘correct’ user’s post as Singapore flexes fake-news muscle

“Facebook did a great job,” said Alex Tan, who admitted that his story about a whistleblower’s arrest was based on hearsay.

Microsoft looks to Rust language to beat memory vulnerabilities

Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code with the help of Rust.

FBI: Russia-based FaceApp is a ‘potential counterintelligence threat’

It’s a grabby little app, data-wise, but how is it different from, say, Google or Facebook?