Latest news from Naked Security (2019/06/17)

Yubico recalls FIPS Yubikey tokens after flaw found

Security token maker Yubico has issued an important advisory affecting high-end versions of its YubiKey authentication key.

Privacy foul for soccer league app that eavesdropped on users

The LaLiga app used phones’ GPS and microphones to sniff out bars that were broadcasting soccer matches illegally.

I’d like to add you to my professional network of people to spy on

A deepfake was reportedly spotted in the wild: LinkedIn’s well-connected, young, attractive Eurasia/Russia expert “Katie Jones.”

Widely used medical infusion pump can be remotely hijacked

These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.

Monday review – the hot 21 stories of the week

From the GoldBrute botnet to Microsoft’s battle with irresponsibly disclosed bugs – and everything in between. It’s your weekly roundup.

Latest news from Naked Security (2019/06/14)

Critical flaw found in Evernote Web Clipper for Chrome

Anyone using it in its unpatched state is at risk not only of a compromise of their Evernote account but, potentially, of third-party accounts too.

Android phones can now be security keys for iOS devices

Hey, iOS users. Got a spare Android phone lying around? Now, you can use it as a secure access key for online services.

Facebook got 187,000 users’ data with snoopy VPN app

According to a letter it sent to Sen. Richard Blumenthal, that’s 31,000 US users, with the rest in India.

Cop arrested following explicit chat with bogus 16yo girl

A male college student Snapchat-filtered himself into a young girl and went out to catch a predator. The first one he caught was a Californian cop.

Latest news from Naked Security (2019/06/13)

Facebook keeps deepfake of Mark Zuckerberg

“Whoever controls the data, controls the future,” says the evil Zuck, who, according to the platform’s current policy, won’t be taken down.

Backpacker claims to find a network of hidden webcams in farm stay

In the bug repellent gizmo, in the shower, in the little birds glued to the footboard—all hiding webcams, alleges the Dutch backpacker.

Vim devs fix system-pwning text editor bug

Diehard text editor users everywhere breathed a sigh of relief this week as the open source community fixed a bug in one of the most venerable *nix programs: Vim.

Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day

Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not – Microsoft must patch what’s in front of it whatever the backstory.

Critical Adobe Flash player bug and more in June’s Patch Tuesday

June patch Tuesday features fixes from Adobe and Microsoft for critical flaws including a remote code vulnerability in Adobe Flash Player.

FBI warns users to be wary of phishing sites abusing HTTPS

Why you shouldn’t trust a website simply because it’s secured using HTTPS and backed by the green padlock symbol.

Radiohead releases ‘OK Computer’ sessions that hacker tried to ransom

The band shrugged off the threat and released the files on Bandcamp. They’re long and not very interesting, they said.

Hackers stole photos of travelers and license plates from subcontractor

Critics say if the US can’t protect such data – which was improperly stored by a subcontractor – it shouldn’t collect it.