Right wing conspiracy theorist Alex Jones has been ripping off his Infowars audience for years by selling overpriced vitamin supplements of dubious effectiveness, but now security researchers have discovered that the Infowars store has been infected with malware that steals his customers’ credit card information, according to Gizmodo.

The malware, known as Magecart, was discovered by Dutch security researcher Willem de Groot on every Infowars store page. The code would spring to life when customers checked out, mining their payment data and sending their credit card information every 1.5 seconds to a server located in in Lithuania…

https://www.rawstory.com/2018/11/alex-jones-infowars-infected-malware-steals-credit-card-information/

In March, Twitter CEO Jack Dorsey held a clear-the-air livestream discussion to address concerns about the #health of the company’s platform. Abuse and disinformation were top of mind, but Dorsey also spoke to another problem as well: the proliferation of cryptocurrency giveaway scams.

Send us a small bit of bitcoin, an account made to look like @ElonMusk or @realDonaldTrump would say, pledging in true Nigerian Prince fashion that it would deliver a much larger amount in return. These were unsophisticated schemes, but they were widespread. Dozens of bogus scam-peddling celebrity accounts were being created every day, and that was alarming to Dorsey and to Twitter’s vice president of trust and safety, Del Harvey. On the livestream, Dorsey and Harvey promised quick, tactical action against them, noting that Twitter would use pattern matching and machine learning to eliminate a problem that seemingly came out of nowhere…

https://www.buzzfeednews.com/article/janelytvynenko/twitter-cryptocurrency-scams-verified-accounts-russia-target

Your internet browser is a doorway to your computer. Everyday users are installing all manner of browser extensions—small pieces of software that live inside Chrome or Firefox—to optimize their workflow, block ads, or otherwise improve their web experience. Nearly half of all users of Chrome on desktop use extensions…

https://motherboard.vice.com/en_us/article/zmdxxj/the-hack-millions-of-people-are-installing-themselves

“Privacy Not Included” is Mozilla’s Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative “creepiness,” from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!).

Mozilla’s reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for “unexpected reasons,” whether it has known security vulnerabilities, whether it has parental controls and more…

https://boingboing.net/2018/11/14/privacy-not-included-mozi.html/amp

The wall behind Sid Sijbrandij emanates a warm orange glow. Then, waves rush toward the shore at his back. The change in scenery isn’t distracting, however. It’s deliberate. The GitLab co-founder has a green screen in his office, which is also his home.

Every employee of the San Francisco-based startup, which offers tools for software developers, works from home. Three years ago, that was nine people. Today, GitLab’s 350 employees across 45 countries use video calls and Slack chats to stay constantly connected. The dramatic expansion has been enabled by outsize investment–a $100 million fund raise in September landed it a $1 billion valuation. It has also been propelled by revenue growth that skyrocketed to nearly $10.5 million last year, up 6,213 percent from just over $165,000 in 2014–helping it notch No. 44 on this year’s Inc. 5000 list of the fastest-growing companies in America…

https://www.inc.com/cameron-albert-deitch/2018-inc5000-gitlab.html

Apple’s decision to no longer report iPhone sales has led many to assume the iPhone XS (details), iPhone XS Max (details) and iPhone XR (details) must be in trouble. This is premature, but attempts to woo new customers won’t be helped now Apple has had to admit to a serious hardware problem on its game-changing model…

https://www.forbes.com/sites/gordonkelly/2018/11/11/apple-warns-iphone-x-display-problem-upgrade-fix-repair-iphone-xs-max-xr-cost-warranty/amp/

Usually it’s the Russians that dump its enemies’ files. This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered.

CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack US systems: we may release your tools to the wider world…

https://www.vice.com/en_au/article/8xpa7k/us-military-cybercom-publicly-dumped-russian-government-malware-fancy-bear-apt28

Locking bootloaders with trusted computing is an important step towards protecting users from some of the most devastating malware attacks: by allowing the user to verify their computing environment, trusted computing can prevent compromises to operating systems and other low-level parts of their computer’s operating environment…

https://boingboing.net/2018/11/11/ring-minus-1.html

Windows 10’s problems are growing. Despite the introduction of new monthly charges, the number of high profile incidents with recent updates (including one which deletes users’ personal data) is off the charts. And now Microsoft has warned there is another serious problem…

Spotted by The Register, Microsoft’s activation servers have started accidentally downgrading expensive Windows 10 Pro systems into cheaper Windows 10 Home PCs, then invalidating their licences. Needless to say, that’s a nasty financial hit (Home is $119, Pro is $199) and affected users are furious…

https://www.forbes.com/sites/gordonkelly/2018/11/08/microsoft-windows-10-update-problem-crash-windows-10-home-pro-downgrade/amp/