Issue 126

Personal note - minimal mode

This week's issue will unfortunately be a 'minimal mode' version due to lack of time on my part.
While we were visiting an amusement park a few days ago, my wife fell and tore a ligament. I'm in caretaker mode for her and our daughter, family first!

As usual in minimal mode, I selected the links that looked interesting to me, just with less curation and summaries than usual. I hope you still get value out of it. Enjoy!



Breaches and leaks

  • France's secure Telegram replacement hacked in an hour: link.
  • Medical information of 150.000 rehab patients exposed: link.
  • Hotspot finder app exposed 2 million Wi-Fi passwords: link.
  • Bodybuilding.com discloses security breach: link.


FBI report: cybercrime losses in 2018 total $2.7 billion

$1.2 billion of those losses stem just from those "This is your CEO please wire this amount to that account please" scams.
bleepingcomputer.com


Blochainbandit stole $54 million of Ethereum by guessing weak keys


sophos.com


Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps


bitdefender.com


Security flaw lets attackers recover private keys from Qualcomm chips


zdnet.com


GoDaddy takes down 15,000 subdomains used for online scams


zdnet.com


NIT publishes guidelines on vetting mobile app security (pdf)


nist.gov


Microsoft Defender APIs now generally available


bleepingcomputer.com


Marcus “MalwareTech” Hutchins pleads guilty to writing and selling malware


krebsonsecurity.com


Another dark web marketplace, Wall Street Market, bites the dust


zdnet.com


DNS over HTTPS is coming whether ISPs and governments like it or not


sophos.com


An inside look at how credential stuffing operations work


zdnet.com


Sponsorships

1Password: a password manager worth recommending

After using 1Password Teams for several years, I finally moved my personal password vault to them as well. The UX and support are an order of magnitude better than where I came from.