Latest news from Naked Security (2019/04/25)

ExtraPulsar backdoor based on leaked NSA code – what you need to know

A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.

Blochainbandit stole $54 million of Ethereum by guessing weak keys

Someone has been quietly pilfering Ethereum (ETH) cryptocurrency worth millions of dollars without anyone noticing or, apparently, caring.

Atlanta Hawks fall prey to Magecart credit card skimming group

The Atlanta Hawks basketball team is recovering after a sophisticated cybercrime group hacked its ecommerce site and planted credit card skimming code on it.

Teen sues Apple for $1 billion over Apple stores’ facial recognition

He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.

Latest news from Naked Security (2019/04/24)

Ex-student records himself using USB Killer to fry college computers

Vishwanath Akuthota faces a potential ten-year stretch after killing at least 66 computers at his former college.

NYPD forgets to redact facial recognition docs, asks for them back

The privacy think tank had them for 20 days, and one of the docs was already displayed at a conference, but the NYPD is still clawing them back.

Gunpoint domain hijack turns out to have been a family affair

The owner of State Snaps hired his cousin to break into the home of the owner of DoItForState.com to force him to transfer the domain.

DNS over HTTPS is coming whether ISPs and governments like it or not

DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.

Latest news from Naked Security (2019/04/23)

Phone fingerprint scanner fooled by chewing gum packet

A video has surfaced claiming to show someone unlocking a Nokia 9 by tapping a gum packet against the fingerprint scanner.

Hotspot finder app blabs 2 million Wi-Fi network passwords

If you used WiFi Finder, your passwords to both public and private networks have been left online in an unprotected database.

Once again, it’s 123456: the password that says ‘I give up’

A new survey says 46% of users find security confusing, which helps explain how that old clunker keeps popping to the top of breach lists.

Tuesday review – the hot 21 stories of the week

A day late! From the weakness in several VPNs to the Internet Explorer browser flaw, and much more – catch up on everything we wrote last week.