Subj : Sophos Virus News To : All From : Daryl Stout Date : Tue Oct 15 2019 16:39:38 Here is the latest information from the Naked Security Blog from Sophos. You can go to nakedsecurity.sophos.com to read these. You can also sign up to have these delivered to your email during the week. Be sure that you PRACTICE SAFE HEX -- and that you keep your anti-virus, anti-malware, anti-spyware, and anti-ransomware software up to date. Do NOT open any email attachments, even if they appear to be from someone you know. Also, if your browser seemingly locks up, telling you to call Microsoft at a certain number, do NOT call the number!! Instead, close your web browser, clear the cache and cookies, do a full virus scan, then restart the browser. *** Update now! Windows users targeted by iTunes Software Updater zero-day The flaw is a rare "unquoted path class" described as "so thoroughly documented that you would expect programmers to be well aware..." But that's not the case. *** Facebook's Libra cryptocurrency loses all but one payment company Gone: Mastercard, Visa, PayPal, eBay, Stripe, Mercado Pago. Of six payments firms first involved in Libra, just one, PayU, remains. *** Apple says Tencent isn't snooping on your browsing habits Apple was quick to allay user concerns this weekend after someone spotted that it was working with Chinese company Tencent to check its users' website requests for malicious URLs. *** 350+ hackers hunt down missing people in first such hackathon Organizers said 100 leads were generated every 10 minutes by contestants using OSINT - open-source intelligence such as online searches. *** Stalker found pop star by searching eyes' reflections on Google Maps A man confessed to stalking and attacking a young pop star by zooming in on the reflections in her eyes from selfies. *** Soldering spy chips inside firewalls is now a cheap hack, shows researcher The tiny ATtiny85 chip doesn't look like the next big cyberthreat facing the world, but sneaking one on to a firewall motherboard would be bad news for security were it to happen. *** Computing enthusiast cracks ancient Unix code Old passwords never die... they just become easier to decode. *** Hacker wants $300 for 250,000 records stolen from sex worker site In spite of prostitution being legal in the Netherlands, this could lead to the same type of blackmail attempts/suicide from Ashley Madison. *** Monday review - the hot 20 stories of the week From hackers bypassing 2FA to an Android zero day Google thought it had fixed - get yourself up to date with everything we've written in the last seven days. It's weekly roundup time. *** S2 Ep12: Dark Web, O.MG Cable spying and securing new laptops - Naked Security Podcast Listen to the latest episode now! *** Most Americans don't have a clue what https:// means ....and wouldn't know 2FA from a hole in the ground, according to Pew Research. *** Hackers bypassing some types of 2FA security FBI warns Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies. *** Facebook flags thousands of kids as interested in gambling, booze According to a new report, its algorithmic labelling may expose minors to age-inappropriate, targeted advertising. *** Apple removes app that tracks Hong Kong police and protestors Apple was under fire this week after banning an app that tracked the location of both police and protesters in Hong Kong on a live map. *** Twitter used 2FA phone numbers for targeted advertising Twitter may have “inadvertently” handed phone and email data from some users to advertisers as part of its Tailored Audiences system that targets users' feeds with ads. *** California outlaws facial recognition in police bodycams The bill was introduced by Phil Ting: one of 26 state lawmakers misidentified as suspects in an ACLU test of the technology. *** Job seekers are scrubbing clean their social media accounts Most people nowadays are quite aware that hiring managers put their social media postings under a microscope, a new survey finds. *** October Patch Tuesday: Microsoft fixes critical remote desktop bug Microsoft fixed 59 vulnerabilities in October's Patch Tuesday, including several critical remote code execution (RCE) flaws. *** Deepfakes have doubled, overwhelmingly targeting women Deepfake tech has push-button apps and service portals. Can code commodification do the same for detection, so women can actually afford it? *** Copy-and-paste sharing on Stack Overflow spreads insecure code It's the time-saving technique employed by many coders - copy and paste code from crowd-sourcing 'Q&A' websites. But is it always secure? *** TOMS hacker tells people to log off and enjoy a screenless day TOMS seems like a really nice shoe company, and it just got hacked in a really nice way. But it's still a hack. *** --- SBBSecho 3.10-Win32 * Origin: The Thunderbolt BBS - tbolt.synchro.net (454:1/33) .