EFF

EFF Releases Certbot 1.0 to Help More Websites Encrypt Their Traffic

Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) today released Certbot 1.0: a free, open source software tool to help websites encrypt their traffic and keep their sites secure.

Certbot was first released in 2015, and since then it has helped more than two million website administrators enable HTTPS by automatically deploying Let’s Encrypt certificates. Let’s Encrypt is a free certificate authority that EFF helped launch in 2015, now run for the public’s benefit through the Internet Security Research Group (ISRG).

HTTPS is a huge upgrade in security from HTTP. For many years, web site owners chose to only implement HTTPS for a small number of pages, like those that accepted passwords or credit card numbers. However, in recent years, it has become clear that all web pages need protection. Pages served over HTTP are vulnerable to eavesdropping, content injection, and cookie stealing, which can be used to take over your online accounts.

Full article

Miscellanious

New Nitrokey FIDO2 for 2FA and passwordless login

Nitrokey

We are happy to introduce the new Nitrokey FIDO2! The device can be ordered now and will be delivered within the next days. Nitrokey FIDO2 convinces by easy handling, two-factor authentication (2FA) and it can be used for passwordless login instead of a password. This brings us one step closer to our motto “secure your digital life”.

Full blog post

Miscellanious

Peak season for crappy articles from ZDNet!

Do you read articles on ZDNet?

All recommendations about “best tech gadgets”, “best target”, “don’t leave home without these essential accessories” etc are all based on Affiliate Programs meaning ZDNet earns a kick-back.

The kick-back means you can’t trust the recommendations given by ZDNet.

WIRED

Think Twice Before Giving Gifts With a Microphone or Camera

WIRED

Photograph: Getty Images

As we draw ever closer to Black Friday, Cyber Monday, and all the shopping days in between, you’ll have no shortage of cheap, flashy, internet-connected gadgets to choose from for holiday gifts. But in the frenzy, don’t forget that the widgets you buy will live at recipients’ houses—or on their wrists—for months or years to come. With that in mind, it’s worth considering the security and privacy risks involved, so you know what you’re getting people into before they unwrap the box.

Full article

Cybersecurity Insiders

Microsoft updates are filled with Ransomware

Cybersecurity Insiders

Chicago based Information Security company named Trustwave has discovered a new cyber threat campaign in disguise of Microsoft Update. The Illinois based Cybersecurity company’s team of experts from its subsidiary SpiderLabs have found that an email campaign in the name of Microsoft is doing round from the past few weeks which is actually a phishing campaign spreading Cyborg Ransomware.

Full article

Naked Security

Update WhatsApp now: MP4 video bug exposes your messages

Naked Security

WhatsApp’s pitch: Simple. Secure. Reliable messaging.

Needed marketing addendum: Hole. Update. Now. Evil. MP4s.

Facebook on Thursday posted a security advisory about a seriously risky buffer overflow vulnerability in WhatsApp, CVE-2019-11931, that could be triggered by a nastily crafted MP4 video.

Full article

Naked Security

XSS security hole in Gmail’s dynamic email

Naked Security

Did Android users celebrate loudly when Google announced support for Accelerated Mobile Pages for Email (AMP4Email) in its globally popular Gmail service in 2018?

Highly unlikely. Few will even have heard of it, nor have any idea why the open source technology might improve their webmail experience.

They might, however, be interested to learn that a researcher, Michał Bentkowski, of Securitum, recently discovered a surprisingly basic security flaw affecting Google’s implementation of the technology.

Full article

Naked Security

Brand new Android smartphones shipped with 146 security flaws

Naked Security

If you think brand new Android smartphones are immune from security vulnerabilities, think again – a new analysis by security company Kryptowire uncovered 146 CVE-level flaws in devices from 29 smartphone makers.

Without studying all 146 in detail, it’s not clear from the company’s list how many were critical flaws, but most users would agree that 146 during 2019 alone sounds like a lot.

The sort of things these might allow include the modification of system properties (28.1%), app installation (23.3%), command execution (20.5%), and wireless settings (17.8%).

Remember, these devices, which included Android smartphones made by Samsung and Xiaomi, had never even been turned on, let alone downloaded a dodgy app – these are the security problems shipped with your new phone, not ones that compromise the device during its use.

Full article