⚠ FaceTime bug, eavesdropping and digital snooping – what to do? [VIDEO] ⚠

In this week's Naked Security Live video: what to do about microphone-equipped devices in your home?

📖 Read

via "Naked Security".

🔐 How to secure NGINX with Let's Encrypt 🔐

If you run NGINX and want to use free certificates, it's possible with Let's Encrypt.

📖 Read

via "Security on TechRepublic".

🕴 Nest Hack Leaves Homeowner Sleepless in Chicago 🕴

A Chicago-area family's smart home controls were compromised in a hack that has left them feeling vulnerable in their own home.

📖 Read

via "Dark Reading: ".

ATENTION‼ New - CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.

📖 Read

via "National Vulnerability Database".

❌ Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware ❌

The Remexi spyware has been improved and retooled.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Spectre and Meltdown explained: New variants and more efficient patches 🔐

Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.

📖 Read

via "Security on TechRepublic".

❌ Houzz Urges Password Resets After Data Breach ❌

The decorating website said that account usernames, passwords and more have been compromised as part of a breach.

📖 Read

via "Threatpost | The first stop for security news".

🔐 How to lock a user account on Cent OS 7 🔐

You can easily prevent unwanted users and attacks from gaining access to your CentOS 7 server.

📖 Read

via "Security on TechRepublic".

⚠ Monday review – the hot 28 stories of the week ⚠

From the DNS outage that deleted users' Azure data to the Nest security cam hijacker, and everything in between. It's weekly roundup time.

📖 Read

via "Naked Security".

⚠ Selling fake likes and follows is illegal, rules New York ⚠

A groundbreaking settlement in New York finds that selling fake likes and followers is illegal.

📖 Read

via "Naked Security".

⚠ FBI burrowing into North Korea’s big bad botnet ⚠

The FBI revealed that it joined the Joanap botnet and started chewing it up from the inside.

📖 Read

via "Naked Security".

⚠ Chrome’s hidden lookalike detection feature battles URL imposters ⚠

Chrome now checks for misspellings of popular URLs and will display a link to the site that it thinks the user might have wanted to visit.

📖 Read

via "Naked Security".

⚠ Security weaknesses in 5G, 4G and 3G could expose users’ locations ⚠

Researchers have discovered security holes in 5G, 4G and 3G telephony protocols, which can expose a user's location.

📖 Read

via "Naked Security".

❌ SpeakUp Linux Backdoor Sets Up for Major Attack ❌

Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.

📖 Read

via "Threatpost | The first stop for security news".

🕴 IoT Security's Coming of Age Is Overdue 🕴

The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.

📖 Read

via "Dark Reading: ".

❌ ‘Collection #1’ Data Dump Hacker Identified ❌

Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.

📖 Read

via "Threatpost | The first stop for security news".

🔐 3 ways state actors target businesses in cyber warfare, and how to protect yourself 🔐

State-sponsored groups are leveraging weaknesses in IoT devices to build botnets, and attacking private industry and public infrastructure in attacks, according to a Booz Allen report.

📖 Read

via "Security on TechRepublic".

🕴 Facebook Struggles in Privacy Class-Action Lawsuit 🕴

Facebook's privacy disclosures "are quite vague" and should have been made more prominent, a federal judge argued.

📖 Read

via "Dark Reading: ".

❌ Spy Campaign Spams Pro-Tibet Group With ExileRAT ❌

Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Researchers Devise New Method of Intrusion Deception for SDN 🕴

Team from University of Missouri take wraps off Dolus, a system 'defense using pretense' which they say will help defend software-defined networking (SDN) cloud infrastructure.

📖 Read

via "Dark Reading: ".

<b>&#9000; Crooks Continue to Exploit GoDaddy Hole &#9000;</b>

<code>Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.</code><code>Media</code><code>On January 22, KrebsOnSecurity published research showing that crooks behind a series of massive sextortion and bomb threat spam campaigns throughout 2018 — an adversary that’s been dubbed “Spammy Bear” —  achieved an unusual amount of inbox delivery by exploiting a weakness at GoDaddy which allowed anyone to add a domain to their GoDaddy account without validating that they actually owned the domain.</code><code>Spammy Bear targeted dormant but otherwise legitimate domains that had one thing in common: They all at one time used GoDaddy’s hosted Domain Name System (DNS) service. Researcher Ron Guilmette discovered that Spammy Bear was able to hijack thousands of these dormant domains for spam simply by registering free accounts at GoDaddy and telling the company’s automated DNS service to allow the sending of email with those domains from an Internet address controlled by the spammers.</code><code>Very soon after that story ran, GoDaddy said it had put in place a fix for the problem, and had scrubbed more than 4,000 domain names used in the spam campaigns that were identified in my Jan. 22 story. But on or around February 1, a new spam campaign that leveraged similarly hijacked domains at GoDaddy began distributing Gand Crab, a potent strain of ransomware.</code><code>As noted in a post last week at the blog MyOnlineSecurity, the Gand Crab campaign used a variety of lures, including fake DHL shipping notices and phony AT&T e-fax alerts. The domains documented by MyOnlineSecurity all had their DNS records altered between Jan. 31 and Feb. 1 to allow the sending of email from Internet addresses tied to two ISPs identified in my original Jan. 22 report on the GoDaddy weakness.</code><code>“What makes these malware laden emails much more likely to be delivered is the fact that the sending domains all have a good reputation,” MyOnlineSecurity observed. “There are dozens, if not hundreds of domains involved in this particular campaign. Almost all the domains have been registered for many years, some for more than 10 years.”</code><code>Media</code><code>A “passive DNS” lookup shows the DNS changes made by the spammers on Jan. 31 for one of the domains used in the Gand Crab spam campaign documented by MyOnlineSecurity. Image: Farsight Security.</code><code>In a statement provided to KrebsOnSecurity, GoDaddy said the company was confident the steps it took to address the problem were working as intended, and that GoDaddy had simply overlooked the domains abused in the recent GandCrab spam campaign.</code><code>“The domains used in the Gand Crab campaign were modified before then, but we missed them in our initial sweep,” GoDaddy spokesperson Dan Race said. “While we are otherwise confident of the mitigation steps we took to prevent the dangling DNS issue, we are working to identify any other domains that need to be fixed.”</code><code>“We do not believe it is possible for a person to hijack the DNS of one or more domains using the same tactics as used in the Spammy Bear and Gand Crab campaigns,” Race continued. “However, we are assessing if there are other methods that may be used to achieve the same results, and we continue our normal monitoring for account takeover. We have also set up a reporting alias at dns-spam-concerns@godaddy.com to make it easier to report any suspicious activity or any details that might help our efforts to stop this kind of abuse.”</code><code>That email address is likely to receive quite a few tips in the short run. Virus Bulletin editor…