A week in security (April 02 – April 08)

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. 

Other cybersecurity news

  • Millions affected by Facebook photo API bug: An issue granted third-party apps more access to photos than should normally be granted, including images uploaded but not published. (Source: Facebook)
  • Bomb threats may be a hoax: An email in circulation urging ransom payments in Bitcoin lest bombs across the US be detonated may well be a fake, according to US law enforcement. (Source: The Register)
  • Man jailed for fraud offenses: A man in the UK has been jailed for taking part in fraudulent activities. The main point of interest is surely the spectacular device he built. (Source: Met Police)
  • Another Google Plus bug: For six days, developers were able to access profile data not made public by the users. (Source: Google)
  • Windows 10 data collection: Reddit users complained Windows 10 is grabbing a certain kind of data even with the setting disabled. (Source: How to Geek)
  • Taylor Swift concert tracks stalkers with facial recognition software: At a recent event, cutting-edge tech was deployed to ensure the crowds were free of potential troublemakers. (Source: Rolling Stone)
  • Password disasters of 2018: A tongue in cheek look at some of the more spectacular password mishaps seen rumbling into view this year. (Source: Help Net Security)
  • Android Trojan steals from PayPal accounts: Even with 2FA enabled, it might not be enough to keep your account balance safe. (Source: ESET)
  • Character recognition collects URLs in YouTube videos: Theoretically private data in hidden videos may not be as private as you’d first hoped. (Source: Austin Burk’s blog)
  • Traveller data left lying around on USB sticks: Border Agents aren’t being quite as careful as they should be where potentially sensitive passenger data is concerned. (Source: Naked Security)

Stay safe, everyone!