{"id":16905,"date":"2018-11-24T19:56:56","date_gmt":"2018-11-25T03:56:56","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=16905"},"modified":"2018-11-24T19:56:56","modified_gmt":"2018-11-25T03:56:56","slug":"sb-2018-11-24","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2018\/11\/sb-2018-11-24\/","title":{"rendered":"Security Bits \u2013 24 November 2018"},"content":{"rendered":"<h3>Notable Security Updates<\/h3>\n<ul>\n<li>Adobe have issued an emergency patch for a critical bug in Flash \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/22\/update-now-adobe-flash-has-another-critical-security-vulnerability\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/20\/patch-skype-for-business-now-or-risk-dos-via-emoji-kittens\/\">Patch Skype for Business now or risk DoS via emoji kittens! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/20\/update-now-dangerous-amp-for-wordpress-plugin-fixed\/\">Update now! Dangerous AMP for WordPress plugin fixed \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Microsoft pulls Office patches that are causing application crashes. Office365 users don&#8217;t need to take action, but those with perpetual licensees are being warned they should manually remove the patches to prevent crashes \u2014 <a href=\"https:\/\/arstechnica.com\/?p=1415699\">arstechnica.com\/\u2026<\/a><br \/>\n<!--more--><\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>FireFox have integrated their recently launched FireFox monitor service into the latest version of their browser. The first time you visit a site that is known to have been breached FireFox will warn you of that fact \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/19\/has-that-website-been-pwned-firefox-monitor-will-tell-you\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/mark-zuckerberg-tries-to-tackle-growing-criticisms\/\">Mark Zuckerberg Tries to Tackle Growing Criticisms \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/krebsonsecurity.com\/2018\/11\/how-to-shop-online-like-a-security-pro\/\">How to Shop Online Like a Security Pro \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/22\/the-passwordless-web-explained\/\">The passwordless web explained \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li>&#x2b50;&#xfe0f; Amazon has informed users that it found a vulnerability that left email addresses and other non-password data theoretically exposed, but it seems Amazon found and fixed the problem before any bad guys got to abuse it \u2014 <a href=\"https:\/\/www.imore.com\/amazon-accidentally-exposed-peoples-email-addresses-its-website\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/techcrunch.com\/2018\/11\/15\/millions-sms-text-messages-leaked-two-factor-codes\/\">A leaky database of SMS text messages exposed password resets and two-factor codes \u2014 techcrunch.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/2018\/11\/19\/sms-database-leak-exposed-2fa-login-codes\/\">SMS Database Leak Exposed 2FA Login Codes \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/krebsonsecurity.com\/2018\/11\/usps-site-exposed-data-on-60-million-users\/\">USPS Site Exposed Data on 60 Million Users \u2014 krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/23\/hacker-says-usps-ignored-serious-security-flaw-for-over-a-year\/\">Hacker says USPS ignored serious security flaw for over a year \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Facebook has patched a bug in Instagram that accidentally exposed the plain-text passwords of some users earlier this year. It seems not many users were affected, and Facebook say they have notified those affected already \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/20\/instagram-accidentally-reveals-plaintext-passwords-in-urls\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/16\/hacking-misafes-smartwatches-for-kids-is-childs-play\/\">Hacking MiSafes\u2019 smartwatches for kids is child\u2019s play \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/23\/cryptocurrency-minting-flaw-could-have-leached-money-from-exchanges\/\">Cryptocurrency \u2018minting\u2019 flaw could have leached money from exchanges \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/21\/hacker-erases-6500-sites-from-the-dark-web\/\">Hackers erase 6,500 sites from the Dark Web in one attack \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1414715\">Tim Cook defends using Google as primary search engine on Apple devices \u2014 arstechnica.com<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>&#x2b50;&#xfe0f; Sophos have released their annual threat report for 2019 \u2014 <a href=\"https:\/\/www.sophos.com\/medialibrary\/PDFs\/technical-papers\/sophoslabs-2019-threat-report.pdf\">www.sophos.com\/\u2026<\/a> (PDF)\n<ul>\n<li><strong>Summary:<\/strong> Cybercriminal Techniques \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/22\/cybercriminal-techniques-sophoslabs-2019-threat-report\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Summary:<\/strong> Mobile &amp; IoT attacks  \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/23\/mobile-and-iot-attacks-sophoslabs-2019-threat-report\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/silicon-valley-lost-its-soul\/\">Former Facebook Privacy Advisor says Silicon Valley Lost its Soul \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Territory\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/16\/ai-generated-skeleton-keys-fool-fingerprint-scanners\/\">AI-generated \u2018skeleton keys\u2019 fool fingerprint scanners \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.theregister.co.uk\/2018\/11\/21\/unmasking_browsers_side_channels\/\">Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you&#8217;re visiting \u2014 www.theregister.co.uk\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.1843magazine.com\/features\/the-scientists-who-make-apps-addictive\">The scientists who make apps addictive \u2014 www.1843magazine.com\/\u2026<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Notable Security Updates Adobe have issued an emergency patch for a critical bug in Flash \u2014 nakedsecurity.sophos.com\/\u2026 Patch Skype for Business now or risk DoS via emoji kittens! \u2014 nakedsecurity.sophos.com\/\u2026 Update now! Dangerous AMP for WordPress plugin fixed \u2014 nakedsecurity.sophos.com\/\u2026 Microsoft pulls Office patches that are causing application crashes. Office365 users don&#8217;t need to take [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":14958,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2866,50,569,2239,2867],"class_list":["post-16905","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-notable-news","tag-security","tag-security-bits","tag-security-updates","tag-suggested-reading"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2018\/04\/Security-Bits-Logo_1000px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/16905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=16905"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/16905\/revisions"}],"predecessor-version":[{"id":16906,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/16905\/revisions\/16906"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/14958"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=16905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=16905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=16905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}