Subj : Sophos Virus News To : All From : Daryl Stout Date : Wed Dec 19 2018 11:12:01 Here's the latest anti-virus and System Security news from the Naked Security Blog at Sophos. You can access these for yourself at http://nakedsecurity.sophos.com You can also sign up to receive a daily digest (Monday through Friday) of security issues and links, delivered right to your email box. It's a reminder to PRACTICE SAFE HEX!! You could lose your data via an attack of malware, ransomware, or be a victim of identity theft, otherwise. Note that text in some of the links may content text that some may find vulgar, profane, offensive, explicitly sexual, etc. -- these are provided to alert you that your system may have been infected!! *** Serious Security: When cryptographic certificates attack Machine learning is all the rage - but don't knock human savvy just yet! One weird character can be enough to alert a smart researcher... *** Snack-happy parrot shows insider threats come in all shapes and sizes The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream. *** Instagram became the preferred tool in Russia’s propaganda war Facebook and Twitter got a lot of heat, but "Instagram's appeal is that's where the kids are, and that seems to be where the Russians went." *** SQLite creator fires back at Tencent's bug hunters The creator of SQLite has downplayed reports of a bug that could lead to remote code execution. *** How not to secure US missile defenses One BMDS site's patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago. *** After SamSam, Ryuk shows targeted ransomware is still evolving Devastating, targeted ransomware attacks didn't start with SamSam and they didn't end with it either. *** Facebook photo API bug exposed users' unpublished photos It affected up to 6.8 million users and up to 1,500 apps. "We're sorry this happened," said Facebook with what must be acute apology fatigue. *** Logitech flaw fixed after Project Zero disclosure The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options. *** Twitter fixes bug that lets unauthorized apps get access to DMs "You authorize it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and dank memes. Tragic!" said the researcher. *** Sneaky phishing campaign beats two-factor authentication Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn't mean every method for doing this is equally secure. *** --- SBBSecho 3.06-Win32 * Origin: ILinkNet: The Thunderbolt BBS - tbolt.synchro.net (454:1/33) .