Security Bits Logo

Security Bits – 22 February 2019

Followup

Notable Security Updates

Notable News

  • Data from UK fraud prevention group Cifas shows that teens are being successfully scammed into being money mules (Editorial by Bart the Irish police were warning very strongly about this at a recent conference for Irish 3rd-level IT staff too. This is not just a UK problem, and it is resulting in young people getting prosecuted and ending up with criminal records – be careful!) — nakedsecurity.sophos.com/…
  • The O.MG Cable is a proof-of-concept USB cable that looks like a regular cable, but is actually a keyboard and mouse with a wifi receiver. It illustrates a much bigger point — never plug anything you don’t trust into any port on any of your computers! — nakedsecurity.sophos.com/…
  • New research has highlighted different ways in which the various popular password managers leave passwords in memory while the apps are running. The bottom line is that in order for these vulnerabilities to be attacked your computer must already be infected with malware, at which point all bets are off anyway. The advice from security experts like Sophos’s Naked Security Team remains the same: use a password managernakedsecurity.sophos.com/…
  • 🇬🇧 A UK government report has found that FaceBook “intentionally and knowingly violated both data privacy and anti-competition laws” and at one point describes the company as behaving like ‘digital gangsters’nakedsecurity.sophos.com/…
  • 🇺🇸 Court filings show that the US government has been lying about not sharing the Terror Watch List with private organisations, they actually share a sub-set of it with 1,400 private companies — www.stripes.com/…
  • Nest (owned by Google) has come under fire for not previously disclosing that their Nest Guard security systems have have built-in microphones that were not listed as existing on the packaging or in the documentation — www.businessinsider.com/… & nakedsecurity.sophos.com/…
  • Thousands of Android apps bypass Advertising ID to track users — nakedsecurity.sophos.com/…
  • YouTube have updated their ‘strikes’ rules to simplify and hopefully strengthen them — www.macobserver.com/…
  • While Android itself doesn’t support three-level location privacy settings like iOS does (iOS allows never, when using the app, and always, while Android only allows never and always), Facebook have updated their Android app to allow users limit the app’s use of location data to only when the app is in use — nakedsecurity.sophos.com/…
  • A heads up to remaining Windows 7 users, Microsoft will be pushing a mandatory security update to upgrade the hashing algorithm used to verify software updates, if you don’t install it you’ll stop receiving security updates this summer — arstechnica.com/…

Suggested Reading

Palate Cleansers

Leave a Reply

Your email address will not be published.

Scroll to top