Issue 126

Personal note - minimal mode

This week's issue will unfortunately be a 'minimal mode' version due to lack of time on my part.
While we were visiting an amusement park a few days ago, my wife fell and tore a ligament. I'm in caretaker mode for her and our daughter, family first!

As usual in minimal mode, I selected the links that looked interesting to me, just with less curation and summaries than usual. I hope you still get value out of it. Enjoy!

Breaches and leaks

  • France's secure Telegram replacement hacked in an hour: link.
  • Medical information of 150.000 rehab patients exposed: link.
  • Hotspot finder app exposed 2 million Wi-Fi passwords: link.
  • discloses security breach: link.

FBI report: cybercrime losses in 2018 total $2.7 billion

$1.2 billion of those losses stem just from those "This is your CEO please wire this amount to that account please" scams.

Blochainbandit stole $54 million of Ethereum by guessing weak keys

Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps

Security flaw lets attackers recover private keys from Qualcomm chips

GoDaddy takes down 15,000 subdomains used for online scams

NIT publishes guidelines on vetting mobile app security (pdf)

Microsoft Defender APIs now generally available

Marcus “MalwareTech” Hutchins pleads guilty to writing and selling malware

Another dark web marketplace, Wall Street Market, bites the dust

DNS over HTTPS is coming whether ISPs and governments like it or not

An inside look at how credential stuffing operations work


1Password: a password manager worth recommending

After using 1Password Teams for several years, I finally moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from.