ThreatPost: VLC Player Gets Patched for Two High-Severity Bugs

ThreatPost: VLC Player Gets Patched for Two High-Severity Bugs. “Maintainers of the popular open-source VLC media player patched two high-severity bugs Friday. The flaws were an out-of-bound write vulnerability and a stack-buffer-overflow bug. Developers behind the software, VideoLAN, said the patches were two of 33 fixes being pushed out to the media player and part of a new bug bounty program funded by European Commission.”

ACLU: The FBI Has Access to Over 640 Million Photos of Us Through Its Facial Recognition Database

ACLU: The FBI Has Access to Over 640 Million Photos of Us Through Its Facial Recognition Database. “At a House Oversight Committee hearing this week with an FBI witness, we learned new details that further confirm our fears that the FBI’s face recognition apparatus continues to balloon, threatening our fundamental liberties. The details also underscore the urgent need for Congress to put the brakes on law enforcement use of this powerful technology. Here are some of the most concerning details we learned from the hearing…”

Vice: The Open Source Project That Keeps Google’s Hands Off Your Android Data

Vice: The Open Source Project That Keeps Google’s Hands Off Your Android Data. “MicroG is one of several projects working to keep the promise of free and open source software alive on Android. Users can opt for F-Droid instead of the Google Play store, an open source implementation of Google’s app store that, you guessed it, only offers open source applications. For web browsing, Mozilla Firefox provides a robust alternative to Chrome; in lieu of Google Drive, there are programs like NextCloud. But as those who have embarked on the great open source-only Android experiment can tell you, open source applications leave much to be desired in form, functionality, and stability.”

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw. “Industrious French security researcher Robert Baptiste, aka ‘Elliot Alderson’ says he has discovered security flaws in three different WordPress plugins for enterprise collaboration platform Slack. If abused, attackers could gain access to the Slack API and pull information off a team’s Slack channels, create or archive channels, invite users, and even if they felt inclined, make posts themselves.”

Business Standard: Instagram leak to online frauds, Indian firms have a ‘cyber battle’ ahead

Business Standard: Instagram leak to online frauds, Indian firms have a ‘cyber battle’ ahead. “Recently, private contact information of millions of Instagram users was found in an unguarded online database, and the cache was traced back to Mumbai-based social media marketing firm Chtrbox. Before that, security lapse in one of State Bank of India (SBI) servers had leaked data of its SBI Quick service customers. These breaches are just a few examples underscoring Indian firms’ vulnerability, despite warnings from past incidents.”

Baltimore’s bill for ransomware: Over $18 million, so far (Ars Technica)

Ars Technica: Baltimore’s bill for ransomware: Over $18 million, so far. “It has been a month since the City of Baltimore’s networks were brought to a standstill by ransomware. On Tuesday, Mayor Bernard ‘Jack’ Young and his cabinet briefed press on the status of the cleanup, which the city’s director of finance has estimated will cost Baltimore $10 million—not including $8 million lost because of deferred or lost revenue while the city was unable to process payments. The recovery remains in its early stages, with less than a third of city employees issued new log-in credentials thus far and many city business functions restricted to paper-based workarounds.”