Security: Sphinx, Ransomware, Webmin, YubiKey

• Exposed Sphinx Servers Are No Challenge for Hackers [Ed: That’s the same agency and the same troll site that initially promoted the lies and the FUD about VLC]

  A popular open-source text search server, Sphinx offers impressive performance for indexing and searching data in databases or just in files. It is cross-platform, available for Linux, Windows, macOS, Solaris, FreeBSD, and a few other operating systems. [...] CERT-Bund posted the warning on Twitter today alerting network operators and providers about the risk of running Sphinx servers with a default configuration that are open on the web. The organization highlights that Sphinx lacks any authentication mechanisms. Exposing it on the web gives an attacker the possibility "to read, modify or delete any data stored in the Sphinx database."

• Ransomware Hits Texas Local Governments [iophk: Windows TCO]

  The attack was observed on the morning of August 16 and appears to have been launched by a single threat actor, the DIR announcement reads.

  The State Operations Center (SOC) was activated soon after the attack reports started to come in, and DIR says that all of the entities that were actually or potentially affected appear to have been identified and notified.

  A total of twenty-three entities have been confirmed as impacted so far, and the responders are working on bringing the affected systems back online.

• Webmin Backdoored for Over a Year

  The security hole impacts Webmin 1.882 through 1.921, but most versions are not vulnerable in their default configuration as the affected feature is not enabled by default. Version 1.890 is affected in the default configuration. The issue has been addressed with the release of Webmin 1.930 and Usermin version 1.780.

• The YubiKey 5Ci is the 'first' iOS-compatible security key

  Like other YubiKey options in the 5 series, the YubiKey 5Ci supports multiple authentication protocols, including IDO2/WebAuthn, FIDO U2F, OTP (one-time-password), PIV (Smart Card), and OpenPGP.

Android Leftovers

• The Casio WSD-F21HR has a heart rate monitor, finally

• Huawei easing Android dependence

• HarmonyOS: What's with Huawei's Android-replacement operating system?

• OnePlus 7: Android fans may have just been given a huge reason not to buy this phone

• Xiaomi launches Mi A3 Android One smartphone with 48MP rear camera in India for $181

• Lighter 'Google Go' search engine now available for Android users worldwide

Analysis of the state of play of Open Source policies in EU Member States

The study on OSS policies will answer the following research questions, each of which will be elaborated upon in dedicated chapters: [...]

Android Leftovers

• Who needs Android Beam? Xiaomi, Oppo, Vivo join forces for file-sharing

• LG V30 Android Pie update reportedly pulled from LG Bridge

• [Updated] OPPO F7 ColorOS 6 (Android Pie 9.0) update trial version (soak test) goes live

• 10 best Chromecast games for Android

• Fearing data privacy issues, Google cuts some Android phone data for wireless carriers

• YouTube killing built-in ‘Messages’ feature next month on Android, iOS, and web

• Google publishes Android Q Security Release Notes

• Xiaomi Mi A3 review: More than the sum of its parts