Latest news from Naked Security (2019/03/07)

Unclosable browser popup! 13-year-old charged for sharing code

She didn’t create it, but she allegedly shared it. That’s enough to get in trouble in Japan, with its history of being tough on cyber crime.

NSA might shut down phone snooping program, whatever that means

We’ve heard this tale before. This time, it was mentioned by a congressional aide. Also, the NSA released Ghidra, a free reverse-engineering tool.

Monero cryptominers hijack hundreds of unpatched Docker hosts

A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers.

Backdoored GitHub accounts spewed secret sneakerbot software

Researchers have uncovered a network of GitHub accounts containing backdoored versions of legitimate software.

Serious Chrome zero-day – Google says update “right this minute”

When a security expert on the Chrome team says, “update your Chrome installs… like right this minute” – well, here’s how to check!

Latest news from Naked Security (2019/03/06)

Google reveals BuggyCow macOS security flaw

Google’s Project Zero researchers have revealed a “high severity” macOS security flaw nicknamed ‘BuggyCow’ which Apple appears to be in no rush to patch.

Leaky ski helmet speakers expose conversations and data

Chips 2.0 speakers are the perfect accessory for any on-trend skier. There’s just one problem: Everyone else can listen in too.

Google Photos disables sharing on Android TV

Two models of Android TVs showed a stream of strangers’ Google accounts, along with profile pics, though not the actual photos.

Ep. 022 – Plaintext passwords, cryptocoin criminality and the Momo monstrosity [PODCAST]

Here’s the latest episode of the Naked Security podcast – listen now!

Facebook criticised for misuse of phone numbers provided for security

Facebook admits it’s using numbers supplied for 2FA for more than security, and you can’t turn it off.

Latest news from Naked Security (2019/03/05)

Companies are flying blind on cybersecurity

IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.

Comcast security nightmare: default ‘0000’ PIN on everybody’s account

It didn’t require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customers… and phone hijackers.

Update now! Critical Adobe ColdFusion flaw now being exploited

Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.

Windows IoT Core exploitable via ethernet

Microsoft’s IoT version of Windows is vulnerable to an exploit that could give an attacker complete control of the system.

Apple gets bug for free, while HackerOne declares first $1m bug hunter

An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple.