Passkeys: all the news and updates around passwordless sign-on (The Verge)

The Verge: Passkeys: all the news and updates around passwordless sign-on. “Passkeys are built on WebAuthn (or Web Authentication) tech and stored directly on your device. They are supported by companies like Apple, Google, and Microsoft because they’re more secure than passwords or PINs which can be stolen. Password managers can help backup and sync passkeys across all your devices. It’s expected that passkeys will eventually replace passwords entirely, though it’s going to take some time. Here you can follow all the updates and developments — including which companies have rolled out support in preparation for a passwordless future.”

Krebs on Security: ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security: ‘Snatch’ Ransom Group Exposes Visitor IP Addresses. “The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.”

How-To Geek: Update LibreOffice Now to Fix a Security Flaw

How-To Geek: Update LibreOffice Now to Fix a Security Flaw. “Earlier this month, a security vulnerability in the popular libwebp software library was discovered, affecting everything from web browsers to email clients. The Document Foundation, the developers behind the free and open-source LibreOffice suite, has now released an emergency update for LibreOffice that includes the fix. You should update as soon as possible if you have LibreOffice installed.”

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online. “The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online.”

BBC: AI-generated naked child images shock Spanish town of Almendralejo

BBC: AI-generated naked child images shock Spanish town of Almendralejo. “A sleepy town in southern Spain is in shock after it emerged that AI-generated naked images of young local girls had been circulating on social media without their knowledge. The pictures were created using photos of the targeted girls fully clothed, many of them taken from their own social media accounts.”

Bleeping Computer: Apple emergency updates fix 3 new zero-days exploited in attacks

Bleeping Computer: Apple emergency updates fix 3 new zero-days exploited in attacks. “Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year. Two bugs were found in the WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991), enabling attackers to bypass signature validation using malicious apps or gain arbitrary code execution via maliciously crafted webpages.”

Popular Science: Patch a potential privacy risk by deleting your ancient LiveJournal

Popular Science: Patch a potential privacy risk by deleting your ancient LiveJournal. “I looked into ways to back up LiveJournal posts. It wasn’t straightforward. At all. LiveJournal offers an official exporting tool, but it can only export one month’s worth of posts at a time, which is basically useless. I tried using Wget to scrape old entries, but this backfired hilariously: LiveJournal blocked my IP address. After a lot of research, I figured out that using WordPress is the best way to back up your old LiveJournal posts. Of course, if you have no interest in saving anything and just want to delete your LiveJournal account, you can skip straight to that section below.”

WIRED: China-Linked Hackers Breached a Power Grid—Again

WIRED: China-Linked Hackers Breached a Power Grid—Again. “Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that a Chinese hacker group with connections to APT41, which Symantec is calling RedFly, breached the computer network of a national power grid in an Asian country—though Symantec has declined to name which country was targeted. The breach began in February of this year and persisted for at least six months as the hackers expanded their foothold throughout the IT network of the country’s national electric utility, though it’s not clear how close the hackers came to gaining the ability to disrupt power generation or transmission.”

BBC: Greater Manchester Police officers’ details hacked in cyber attack

BBC: Greater Manchester Police officers’ details hacked in cyber attack. “Police officers’ personal details have been hacked after a company was targeted in a cyber attack. The firm in Stockport, which makes ID cards, holds information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP). The force confirmed it was aware of the ransomware attack.”

TechCrunch: TikTok fined $379M in EU for failing to keep kids’ data safe

TechCrunch: TikTok fined $379M in EU for failing to keep kids’ data safe. “It’s been a long time coming but TikTok has finally been found in breach of the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data. Under the decision issued today by the Irish Data Protection Commission (DPC), the video sharing platform has been reprimanded and fined €345 million (~$379 million). It has also been ordered to bring its offending data processing into compliance within three months.”

Bleeping Computer: Fake Cisco Webex Google Ads abuse tracking templates to push malware

Bleeping Computer: Fake Cisco Webex Google Ads abuse tracking templates to push malware. “Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. Webex is a video conferencing and contact center suite that is part of Cisco’s collaboration products portfolio and used by corporations and businesses worldwide.”