Security News from around the web

by Alice Violet on June 5, 2020 at 15:18

The latest Naked Security podcast is out now!

by Paul Ducklin on June 5, 2020 at 14:35

A million sites attacked by 20,000 different computers.

by Paul Ducklin on June 4, 2020 at 17:36

Apparently, some people consider their passwords "invincible", even after a data breach. Don't be those people.

by Tomáš Foltýn on June 4, 2020 at 16:43

The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers The post Mozilla fixes high‑risk Firefox flaws, bug in DoH feature appeared first on WeLiveSecurity

by Lisa Vaas on June 4, 2020 at 11:54

Attackers hacked and encrypted the computers of a contractor whose clients include the US military, government agencies and major military contractors.

by Danny Bradbury on June 4, 2020 at 09:38

Google has deleted an app from the Play Store that offered to delete Android software associated with China.

by BrianKrebs on June 3, 2020 at 22:00

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico's top tourist destinations disrupted their highly profitable business, which raked in an estimated $20 million a month and enjoyed the protection of top Mexican authorities.

by Paul Ducklin on June 3, 2020 at 16:37

How time flies - the latest four-weekly Firefox update is out.

by Sarah O'Rourke on June 3, 2020 at 16:00

Posted by Christiaan Brand, Product Manager, Google Cloud Starting today, we’re rolling out a change that enables native support for the W3C WebAuthn implementation for Google Accounts on Apple devices running iOS 13.3 and above. This capability, available for both personal and work Google Accounts, simplifies your security key experience on compatible iOS devices and allows you to use more types of security keys for your Google Account and the Advanced Protection Program.Using an NFC security key on iPhoneMore security key choices for usersBoth the USB-A and Bluetooth Titan Security Keys have NFC functionality built-in. This allows you to tap your key to the back of your iPhone when prompted at sign-in.You can use a Lightning security key like the YubiKey 5Ci or any USB security key if you have an Apple Lightning to USB Camera Adapter.You can plug a USB-C security key in directly to an iOS device that has a USB-C port (such as an iPad Pro).We suggest installing the Smart Lock app in order to use Bluetooth security keys and your phone’s built-in security key, which allows you to use your iPhone as an additional security key for your Google Account.In order to add your Google Account to your iOS device, navigate to “Settings > Passwords & Accounts” on your iOS device or install the Google app and sign in.Account security best practicesWe highly recommend users at a higher risk of targeted attacks to get security keys (such as Titan Security Key or your Android or iOS phone) and enroll into the Advanced Protection Program. If you’re working for political committees in the United States, you may be eligible to request free Titan Security Keys through the Defending Digital Campaigns to get help enrolling into Advanced Protection.You can also use security keys for any site where FIDO security keys are supported for 2FA, including your personal or work Google Account, 1Password, Bitbucket, Bitfinex, Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more.

by John E Dunn on June 3, 2020 at 15:23

VMWare’s VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure.

by Lisa Vaas on June 3, 2020 at 15:09

The US rail service hasn't disclosed the number of passengers affected in a 16 April breach.

by Tomáš Foltýn on June 3, 2020 at 14:57

Dealing with skeletons lurking in your Facebook closet has never been easier The post Facebook now lets you delete old posts in bulk appeared first on WeLiveSecurity

by Paul Ducklin on June 3, 2020 at 07:54

We're absolutely delighted - delighted and proud! - to report that we won not one but two awards at last night's European Security Blogger Awards 2020.

by BrianKrebs on June 2, 2020 at 18:04

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up -- and publicly shaming those don't. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic.

by Paul Ducklin on June 2, 2020 at 16:48

If you're getting TLS connection errors that suddenly started this weekend, a tired old encryption library might be the problem.