Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to. Let’s try a week without ransomware stories…
Hundreds of scam apps hit over 10 million Android devices. This trend apparently has never stopped, mostly around premium SMS fraud. One way is to turn OFF SMS at the carrier level, which is starting to sound more and more appealing each day.
Portpass app may have exposed hundreds of thousands of users’ personal data. Any rushed data sharing initiative carries risk, and here we see how up to 650,000 Canadians may have had their personal data exposed already.
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic. If this isn’t a call for proper security posture, I’m not sure what is. What this means is that traditional firewalls that rely on deep packet inspection are now 92% ineffective at discovering malware.
Apple forgot to sanitize the Phone Number field for lost AirTags. You can specify a lost airtag’s phone number so good samaritans can reach you, but the field can specify code that leads such good samaritans to a malicious place. Oof. Ouch. For now, just don’t reporto any lost airtags and you’ll be safe from being taken somewhere you don’t want to be.
Fortinet, Shopify and more report issues after the root CA certificate from Lets Encrypt expires. Last week we covered this as a warning and notice and sure enough, many services failed, but for the most part, web services were fairly quickly restored when systems administrators saw the problems. And it’s hard to tell how many end users were impacted, but most of us are ok, apparently.
Did you know?
There’s a Multibillion-Dollar Market for Your Phone’s Location Data. We all ought to think about how we feed the market by default and what we can do to turn it off. For starters, review all apps that have any ability to track you, and any browsers you use that don’t have tracker blockers.
For a video version of this see: https://youtu.be/uyxhyjlGdT4
