Followup
- 🇺🇸 Mozilla refute the very misleading (factually incorrect) presentation American ISPs gave to congress urging them to take action against encrypted DNS (DoH) — nakedsecurity.sophos.com/…
- Microsoft have issued yet another warning about the patch they released a few months ago for older versions of Windows to remove the so-called BlueKeep vulnerability. Attacks have now been observed in the wild! — nakedsecurity.sophos.com/…
Notable Security Updates
- Linux users warned to update libarchive to beat flaw — nakedsecurity.sophos.com/…
- Microsoft patched 74 Windows and Office (including Office for Mac) bugs on Patch Tuesday, including one zero-day in IE — krebsonsecurity.com/… & nakedsecurity.sophos.com/…
- Nvidia patches graphics products and GeForce Experience update tool — nakedsecurity.sophos.com/…
Notable News
- Google have patched a bug in the Beam feature of Android that would allow attackers to install malware on victims phones. The victim would have to approve a prompt though. If you can’t patch your Android device, you need to think twice before OKing a prompt asking you to install software unexpectedly (actually, we should always do that on everu device running any OS!) — nakedsecurity.sophos.com/…
- Still have Office for Mac 2011 installed? I really is time to get rid of it now as Microsoft are warning of in-the-wild attacks against long-known security vulnerabilities in the out-of-support app — nakedsecurity.sophos.com/…
- MacOS Catalina users should be aware that if they use encrypted email and do not have full disk encryption enabled (why would anyone who cares enough about security to encrypt their email not go with the defaults and encrypt their drive?) that caches maintained to allow Siri to make use of your emails (locally only) to inform its answers are not encrypted. This could leak potentially sensitive information. Apple have promised a patch in a future software update. But, the quick fix is to enable full disk encryption, which everyone should do anyway IMO — www.imore.com/… & nakedsecurity.sophos.com/…
- Facebook News:
- Facebook have fixed an apparent bug that caused the camera to activate unexpectedly in their iOS app — nakedsecurity.sophos.com/…
- Leaked Internal Facebook Documents Reveal Disturbing Information — www.macobserver.com/…
- Facebook deleted pro-vaccination adverts on political grounds, study finds — www.verdict.co.uk/…
- Facebook may soon scan your face to verify your identity — www.fastcompany.com/…
- Facebook confesses 100 devs may have accessed leaked Groups data — nakedsecurity.sophos.com/…
- 🇺🇸 Facebook Pay rolls out in the US following India trial — www.computing.co.uk/…
- Related Opinion: I worked on political ads at Facebook. They profit by manipulating us. — www.washingtonpost.com/…
> The real problem is that Facebook profits partly by amplifying lies and selling dangerous targeting tools that allow political operatives to engage in a new level of information warfare. Its business model exploits our data to let advertisers aim at us, showing each of us a different version of the truth and manipulating us with hyper-customized ads — ads that as of this fall can contain blatantly false and debunked information if they’re run by a political campaign. As long as Facebook prioritizes profit over healthy discourse, it can’t avoid damaging democracy.
- Google News:
- Google to offer checking accounts in partnership with banks starting next year — techcrunch.com/…
- Google’s Project Nightingale Collects Health Data on Millions of Americans — www.macobserver.com/… & Google was allegedly collecting millions of Americans’ healthcare data — www.imore.com/…
- Google has launched OpenTitan a project to develop an open source secure enclave for Android — www.wired.com/…
- Google Seeks Better Android Security via App Defense Alliance — www.macobserver.com/…
- 🇷🇺 Russia’s sovereign internet law comes into force — nakedsecurity.sophos.com/…
- 🇺🇸 Warrant let police search online DNA database — nakedsecurity.sophos.com/…
- 🇺🇸 Pentagon publishes AI guidelines — nakedsecurity.sophos.com/…
- 🇺🇸 Microsoft says it will honor California’s new privacy law across US — nakedsecurity.sophos.com/…
- 🇺🇸 Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional — www.aclu.org/…
Suggested Reading
- PSAs, Tips & Advice
- Notable Breaches & Privacy Violations
- Notable IoT Vulnerabilities
- Security researchers found a bug in the Ring Video Doorbell Pro that leaked WiFi usernames and passwords, but thankfully an automatic update has already been pushed out to fix the problem (they used HTTP instead of HTTPS which is a pretty embarrassing mistake) — labs.bitdefender.com/…
- News
- ⭐️ Brave 1.0 launches, extends ad-watching payouts to iOS — nakedsecurity.sophos.com/…
- ⭐️ iOS 13.3. beta 2 brings Safari support for NFC, USB, and Lightning FIDO2 security keys — 9to5mac.com/… & Apple iOS 13.3 Is Poised To Launch With This Killer Security Feature — www.forbes.com/…
- ⭐️ DuckDuckGo Privacy Essentials Returns to Safari — www.macobserver.com/…
- Huge Airbnb scam leads to promise to vet every host, every listing — nakedsecurity.sophos.com/…
- Apple has pulled Instagram stalking app Like Patrol from the App Store — www.imore.com/…
- Apple fires employee after he texts customer’s pic to his own phone — nakedsecurity.sophos.com/…
- Intel’s major chip flaw still hasn’t been fixed — www.imore.com/…
- Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — krebsonsecurity.com/…
- Only 44% of People Correctly Spotted Fake News on Facebook — www.macobserver.com/…
- 🇺🇸 US grounds Chinese-made drones as part of security review — nakedsecurity.sophos.com/…
- Opinion & Analysis
- ⭐️ Undercover reporter tells all after working for a Polish troll farm — nakedsecurity.sophos.com/…
- ⭐️ Antitrust 101: Why everyone is probing Amazon, Apple, Facebook, and Google — arstechnica.com
- ⭐️ How ransomware attacks — nakedsecurity.sophos.com/…
- ⭐️ What the newly released Checkra1n jailbreak means for iDevice security — arstechnica.com
- How the Linux kernel balances the risks of public bug disclosure — nakedsecurity.sophos.com/…
- Propellor Beanie Territory
- ⭐️ Researchers discover that microphones in smart speakers can be triggered by laser light, allowing them to silently send commands to voice assistants from a distance — nakedsecurity.sophos.com/… & www.imore.com/…
- ⭐️ GitHub will store all of its public open source code in an Arctic vault — www.engadget.com/…
- Apple developers – get this update to protect the rest of us! — nakedsecurity.sophos.com/…
Suggested Listening
Palate Cleansers
- 🎧 A short, understandable, and to-the-point explanation of quantum computing, and why it matters for encryption — TED Talks Daily: “Cryptographers, quantum computers and the war for information” — overcast.fm/…
Note: When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.