Subj : Sophos Virus News To : All From : Daryl Stout Date : Sun Jul 07 2019 19:34:26 Here's the latest anti-virus and System Security news from the Naked Security Blog at Sophos. You can access these for yourself at http://nakedsecurity.sophos.com You can also sign up to receive a daily digest (Monday through Friday) of security issues and links, delivered right to your email box. It's a reminder to PRACTICE SAFE HEX!! You could lose your data via an attack of malware, ransomware, or be a victim of identity theft, otherwise. Note that text in some of the links may content text that some may find vulgar, profane, offensive, explicitly sexual, etc. -- these are provided to alert you that your system may have been infected!! *** The BBS was OFFLINE from June 19 through July 8, due to severe thunderstorms that ripped the electric meter off my residence. The heat inside the structure with no air conditioning was so unbearable, that I had to stay at a local motel for nearly 2 weeks while I waited for the insurance company to settle the claim. Then, after getting power and air conditioning back, I began work to upgrade the BBS to Windows 10 32-bit. So, this is a long set of data, from the downtime...sorry for any inconvenience. *** July 5, 2019 *** 5 tips to stay secure on social media Social media isn't for everyone, but lots of us love it - so here's how to be in it and win it. *** OpenPGP experts targeted by long-feared ‘poisoning’ attack Somebody out there has taken a big dislike to Robert J. Hansen (‘rjh’) and Daniel Kahn Gillmor (‘dkg’), two well-regarded experts in the specialised world of OpenPGP email encryption. *** Bitcoin eats as much energy as Switzerland That's around seven gigawatts, equal to 0.21% of the world's supply: as much power as generated by seven Dungeness nuclear power plants. *** Mannequin Challenge videos teach computers to see An internet craze could change the way computers see, thanks to research published by Google. *** Deepfake revenge porn now a crime in Virginia It's the first state to enact a deepfakes ban, but it's not going to be the last: laws are being considered in many other states. *** July 4, 2019 *** Why are they "smart" locks if more money buys you less security? Smart locks are cool and useful - but they are also a great reminder that cybersecurity is all about value, not cost. *** Open Sesame! Zipato's smart hub hacked to open front doors The Zipato controller has three critical security flaws which could be used together by hackers to open your home's doors for you, according to researchers. *** Facebook's down-ranking those "miracle cure" health posts we all hate Clickbait health/nutrition posts will sink in page rankings due to two ranking updates, Facebook announced. *** Facebook should put a stop to Libra for now, says Congress Could Facebook's Libra cryptocurrency undermine the security of the global financial ecosystem? *** TikTok investigated (again) over how it handles children's data and safety It's already gotten hit with the biggest-ever US child privacy fine, and now it might be facing a fine for GDPR violations. *** July 3, 2019 *** Serious Security: Beware eBay scrapers promising to help you Selling items online? Watch our for people who suddenly offer to help! *** IoT vendor Orvibo gives away treasure trove of user and device data Researchers at web privacy review service vpnMentor discovered the data in an exposed ElasticSearch server online. It contains two billion items of log data from devices sold by Shenzen, China-based smart IoT device manufacturer Orvibo. *** Georgia's court system hit by ransomware There's a hint that it might involve Ryuk ransomware. If so, it might be the fourth Ryuk attack against state and local agencies since May. *** Miami police body cam videos up for sale on the darkweb Videos from Miami Police Department body cams were leaked and stored in unprotected, internet-facing databases, then sold on the darkweb. *** Patch Android! July 2019 update fixes 9 critical flaws Depending on when users receive it, this week’' Android's July patch update will fix 33 security vulnerabilities, including 9 marked critical, and 24 marked high. *** July 2, 2019 *** Scary Granny zombie game slurps credentials, spawns phishing attack Halloween came a little early for some Android users this year after a horror-themed computer game was found stealing their account credentials and displaying potentially malicious ads. *** Dating app Jack'd fined $240K for leaving private photos up for a year The company behind the gay dating app left users' private photos online for a year in spite of knowing about the security bugs. *** Medtronic rushes to replace insulin pumps after flaws found Medtronic is immediately recalling of all MiniMed 508 & Paradigm insulin pumps after researchers uncovered serious security flaws. *** Relatives' DNA in geneology database leads to murder conviction Privacy advocates may question the use of genealogy data in forensics, but defense attorneys in this case did not. *** July 1, 2019 *** RDP BlueKeep exploit shows why you really, really need to patch A video of the exploit shows CVE-2019-0708 being exploited remotely, without authentication. *** ETERNALBLUE sextortion scam puts your password where your name should be Here's a sextortion scam that puts your password right where your name would usually be, to rattle your cage even more than usual. *** Cloud computing giant PCM hacked The attackers allegedly stole admin credentials for Office 365 accounts, and planned to use stolen data to conduct gift card fraud. *** Crave that Instagram verified badge? Don't fall for this login-stealing scam It's yet another way to trick Instagram users out of their login credentials. Don't fall for it, lest your account be hijacked! *** Monday review - the hot 21 stories of the week From the controversial DeepNude app to the Molotov-cocktail-throwing hacker who dropped his USB stick - and everything in between. *** June 28, 2019 *** $50 DeepNude app undresses women with a single click "I'm not a voyeur, I'm a technology enthusiast," says the creator, who combined deepfake AI with a need for cash to get ka-CHING! *** Mozilla's bizarre robo-surfer project demonstrates ad snooping In an effort to show you how advertisers snoop on your surfing activity, Mozilla is offering you the chance to pretend that you're someone else. *** Google Maps shortcut turns into 100-car mud pie in farmer's field Trying to save 20 minutes, 100 drivers took a Google Maps shortcut... into a field, where the mud-stuck cars then caused a 2-hour delay. *** Cryptocurrency phish dials back the fear, cranks up the politeness Spammers and scammers are getting better at spelling and grammar - so make sure you aren't relying on language alone to spot phishes... *** Tesla 3 navigation system fooled with GPS spoofing Cybersecurity researchers have fooled the Tesla Model 3's automatic navigation system into rapidly braking and taking a wrong turn on the highway. *** June 27, 2019 *** YouTube's antics with kids' data prompts call for FTC to force change Sen. Markey and 2 consumer groups said the Google-owned service must comply with COPPA and should be held accountable for not doing so. *** FTC crackdown targets operators behind 1 billion robocalls It's a drop in the "4.7 billion robocalls placed per month" bucket, but hey, it's better than nothing! *** Are heart electrocardiograms the next big thing in biometrics? After fingers, the iris of the eye, ears and even lips, it was probably inevitable that someone would propose the human heart might be the next big thing in biometric security. *** June 26, 2019 *** Hacker threw Molotov cocktail, dropped USB drive of his DDoS deeds Those things drop out of pockets at the worst times. Like, say, when you're hurling a bomb at a brick-and-mortar that you've also DDoSed. *** Social engineering forum hacked, user data dumped on rival site Social Engineered, dedicated to the "Art of Human Hacking," was gutted, with 55,121 users' details leaked on the same day as the hack. *** VLC media player gets biggest security update ever Maintainers of the world's most popular open source media player, VLC, has issued the biggest single set of security fixes in the program's history. *** Google creates educational tools to help kids spot fake news Google has expanded its internet safety guide for children with techniques and games to help them be more info-literate online. *** Serious Security: Rambleed attacks blunted - the OpenSSH way Here's a way to keep secrets safe in memory, even in a world of hardware-level leakage due to tricks like Rambleed, Spectre and more. *** June 25, 2019 *** WeTransfer sends user file links to wrong people Popular file transfer service WeTransfer faces embarrassment this week after admitting that it had mailed file links to the wrong users. *** Presidential text alerts are open to spoofing attacks, warn researchers Researchers have shown that it's technically possible for hackers to target the US Presidential text Alerts system to send fake messages. *** Government agencies still send sensitive files via hackable .zips Senator Ron Wyden has written to NIST asking for guidance and training for government staff in how to share files securely. *** Cop awarded $585K after colleagues snooped on her via license database Krekelberg alleged that 58 fellow officers broke a federal privacy law by searching for her driver's license data without any reason. *** June 24, 2019 *** Mozilla patched two Firefox zero-day flaws in one week Two emergency zero days affecting a browser in one week counts as unusual - especially when they pop up as separate alerts two days apart. *** Mobile apps riddled with high-risk vulnerabilities, warns report Be careful before installing that mobile app on your iOS or Android device - many mobile applications are riddled with vulnerabilities. *** Desjardins' employee from hell spills 2.9m records The leak, carried out by a since-fired rogue employee, affected 2.7 million people and 173,000 businesses - about 41% of its clientele. *** Facebook posts reveal your hidden illnesses, say researchers The language we use could be indicators of disease and, with patient consent, could be monitored just like physical symptoms. *** Monday review - the hot 20 stories of the week From Bella Thorne publishing her own nudes to the Yubikey recall - and everything in between. It's weekly roundup time. *** June 21, 2019 *** Microsoft uses AI to push Windows 10 upgrade to users From November, users running some versions of Windows 10 will be required to upgrade or find themselves unable to receive security updates. *** Used Nest cams were letting previous owners spy on you Google says it's fixed the issue, but we haven't heard details on how many, and which, products were affected. *** Florida city will pay over $600,000 to ransomware attackers Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware. *** Government is exposing identities of child abuse victims DHS and FBI investigators are using Facebook profile IDs in court records - IDs that are easily used to look up their profile pages. *** June 20, 2019 *** Update Firefox now! Zero-day found in the wild Mozilla has fixed a critical zero-day bug in the latest point releases of the Firefox web browser. *** Google launches new Chrome protection from bad URLs The "Suspicious Site Reporter" extension lets users easily report dubious sites, while a new warning flags potential typosquatting pages. *** Facebook's Libra cryptocurrency is big news but will it be secure? Unless you've been under a rock, you'll know that earlier this week Facebook announced plans for a new global cryptocurrency for absolutely everyone called Libra. *** "Deeply personal medical" records exposed online The Facebook ad agency xSocialMedia exposed 150K medical histories, along with identifying information for the people involved. *** --- SBBSecho 3.07-Win32 * Origin: The Thunderbolt BBS - tbolt.synchro.net (454:1/33) .