Dating-app video calls could have been spied on

A vulnerability in an SDK that lets users make video calls in dating and healthcare apps could have let creeps spy on private calls.The affected dating apps include eHarmony and Plenty of Fish, while the healthcare apps include Talkspace, Practo and Dr. First’s Backline. The bug, which went unpatched for eight months, was discovered last year when a company called Agora did a security audit of a personal robot called “temi” that uses the toolkit. There’s no evidence that the flaw has been exploited in the wild, which is good news, given that it had the potential to affect “millions–potentially billions–of users,” according to McAfee Advanced Threat Research (ATR).

(ThreatPost)

Microsoft pulls buggy Windows update that blocked security updates

For the second time this week, Microsoft has pulled a Windows 10 servicing stack update (SSU) because it blocked customers from installing this month’s security and Cumulative Updates. The company yanked the updates because Windows 10 security updates were spinning their wheels, getting stuck at 24% during the installation process. You  can’t uninstall an SSU from your computer after it’s been deployed, but if you’ve already installed SSU No. KB4601390, Microsoft has instructions on how to reset the update components to mitigate the issue and have the new SSU deployed.

(Bleeping Computer)

Windows, Linux servers targeted by new WatchDog botnet

Unsecured servers are being besieged by crypto-mining botnets that want a free ride to make undeserved profits. The latest to be discovered is a botnet named WatchDog. Discovered by Unit42, a security division at Palo Alto Networks, WatchDog has been active for two years: since January 2019. Researchers say that they’ve seen the botnet infect both Windows and Linux systems. It gains a foothold through outdated enterprise apps, using 33 different exploits to target 32 vulnerabilities in software that includes Drupal, Elasticsearch, Apache Hadoop, SQL Server, and Oracle WebLogic. 

(ZDNet)

Dutch police post ‘don’t bother’ warnings on hacker forums

On January 26, Dutch police took over the Emotet botnet, dismantled the infrastructure and seized data on its users. Now, they’re posting on hacker forums, warning crooks not to bother, since “hosting criminal infrastructure in The Netherlands is a lost cause.” Since they knocked the kneecaps off one of the most prolific botnets of the past decade, Dutch police have been creating accounts on hacker forums to keep an eye on hackers’ activities. The forum posts include a YouTube video showing the botnet operators’ arrests and ending with a warning that “Everyone makes mistakes. We are waiting for yours.”

(Bleeping Computer)

Thanks to our episode sponsor, Kenna Security

Ready to shift gears to risk-based vulnerability management? Now’s the time. Through Kenna Security’s on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management … well, more manageable. And you can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.

Once useful QR app turns into malware overnight

How does a trusted, useful barcode and QR scanner app that’s been around for years and been installed over 10 million times suddenly turn into a rabid pusher of unwanted advertising? Malwarebytes explored the issue earlier this month. The security firm has since been contacted by the company it thought was responsible for the app’s newly obnoxious behavior. But that company is pointing the finger at a third-party buyer that apparently issued malicious updates. Lavabird, the company that acted as an intermediary between seller and buyer, says it’s “outraged” that the buyer is ignoring attempts to get in touch. The app, known as Barcode Scanner, has been kicked out of Google’s Play Store.  

(ZDNet)

Australia calls Facebook block ‘an assault on a sovereign nation’

Outraged Australian politicians are accusing Facebook of having “attacked a sovereign nation” after the platform blocked Australian news media yesterday morning. As we reported yesterday, Facebook began blocking users from viewing or sharing Australian news due to a proposed law that would require it to pay publishers for links to content. News from Australian publishers can’t be posted or shared, while posts from international publishers can’t be shared by Australian users. A parade of government ministers is decrying the move, which they say affects  government health pages. Facebook has been restoring government pages, but that’s not nearly enough to soothe the Australian government.

(diginomica)

$30 will get you 3 months of cred-stealing Trojan 

Cisco Talos has uncovered a Trojan that pickpockets login details from the Chrome browser, Microsoft Outlook, Mozilla Thunderbird, Firefox and Chromium-based browsers. The malware, which is also a keylogger, is called Masslogger. It uses all manners of obfuscation, including trying to evade detection by Windows Defender scans. Infections are triggered by rigged phishing emails. Masslogger apparently isn’t all that new: previous research attributed it to a malware operator who was renting it at the price of $30 for three months or $50 for a lifetime license.

(The Register)

Hackers target military-run websites in Myanmar

Hackers on Thursday attacked military government websites in Myanmar after authorities shut down the internet for a fourth straight night. According to NetBlocks, a group that monitors internet outages around the world, internet connectivity has dropped to just 21% of ordinary levels. Protesting the country’s recent military coup, a group calling itself Myanmar Hackers targeted military-run websites including the Central Bank, the Myanmar military, state-run broadcaster MRTV, the Port Authority, and the Food and Drug Administration. “We are fighting for justice in Myanmar,” the hacking group said on its Facebook page.

(Security Week)