Friday 8 March 2019

Chrome Zero-Day RCE: Exploit in the Wild – Patch Now


Google is warning Chrome users to update their browser installations immediately. Previous versions have a nasty security bug that allows remote code execution.

And it’s not theoretical: It turns out that this vulnerability was already being exploited before the patch was available. Google is being super-cagey about the exact nature of the flaw, but the company is being unusually insistent about how urgent this is.

So you know what to do and when to do it. In this week’s SB Blogwatch, we sit up and take notice.


Read more: securityboulevard.com/2019/03/chrome-zero-day-rce-exploit-in-the-wild-patch-now

Thursday 7 March 2019

RSAC 2019: Better, wetter—and weirder


It’s that time again: Another RSA Conference in a rain-lashed San Francisco. This year’s theme is “Better.”

RSAC is the big infosec bunfight for hawkish vendors, arm-wavy consultants, and harassed PR mavens. Some think it’s the place to see and be seen, but others can’t wait for it to be over for yet another year.

And what caught your humble blogwatcher’s eye this year? In Security Blogwatch, we scour the Moscone Center so you don’t have to.


Read more: techbeacon.com/security/rsac-2019-better-wetter-weirder

Tuesday 5 March 2019

Uproar Over Facebook 2FA Privacy Violation


Facebook has been caught red-handed again, so say privacy wonks. They accuse Zuckerberg’s crew of misusing phone numbers given to it for use in two-factor authentication.

Said wonks say Facebook is sharing the data with Instagram and WhatsApp to secretly link your profiles together. And that it lets miscreants look you up by your phone number, subjecting your identity to stalking, social engineering and other malicious awfulness. Facebook is also accused of violating GDPR, for using the numbers without consent.

Yet Facebook spokesdroids are unrepentant. In this inaugural SB Blogwatch, we phone a friend.


Read more: securityboulevard.com/2019/03/uproar-over-facebook-2fa-privacy-violation