In today’s cybersecurity news…
How to delete Facebook, Messenger, or Instagram – if you want Meta out of your life
If you want to dump Facebook, Messenger, Instagram, and WhatsApp accounts quickly from your phone or computer.. each app has its own steps, but it’s straightforward and takes just a few minutes. Deleting means no going back—Facebook and Instagram offer a 30-day grace period, but once it’s done, your data is gone. Messenger requires the mobile app for deletion, and WhatsApp asks for your phone number during the process. Want to keep Messenger? You’ll need to deactivate Facebook instead.
(ZDnet)
GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’
The FTC claims GoDaddy failed basic security practices, leaving millions of customer websites vulnerable. Allegations include ignoring software patches, skipping multi-factor authentication, and not monitoring threats. Between 2019 and 2022, attackers repeatedly breached its systems. Despite these failures, GoDaddy faces no fines under a new FTC settlement, requiring it to adopt better security measures like MFA, SIEM tools, and secure connections. GoDaddy denies fault but says it’s already addressing the issues. If it slips up, future violations could cost $51,744 each.
TikTok could possibly stay alive after Sunday’s upcoming ban
“Americans shouldn’t expect to see TikTok suddenly banned on Sunday,” said an administration official. Officials aim to implement the law without immediately shutting down the app, deferring the issue to Donald Trump’s incoming administration. Trump said he wants to preserve its use. And Trump’s pick for attorney general, Pam Bondi, didn’t say she would enforce the ban when asked about it at her Senate confirmation hearing. The ban, part of a national security law, mandates ByteDance, TikTok’s Chinese parent company, to divest ownership. Legal challenges cite free speech concerns. During his first term, Trump tried to implement a TikTok ban, but during his 2024 Presidential campaign, vowed to “save TikTok.”
(NBC News)
DJI will no longer block US users from flying drones in restricted areas
DJI announced in a blog post it’s removed geofencing restrictions in the U.S., letting users fly drones in previously restricted areas like airports, nuclear plants, and wildfires, though its app will still issue warnings. The company argues the responsibility should lie with the drone operators, citing tools like Remote ID for enforcement, though concerns remain about safety, especially after a sub-250-gram DJI drone damaged a firefighting plane in Los Angeles. Critics, including DJI’s former policy head, argue the decision undermines aviation safety, shifting all accountability to users.
(Engadget)
Huge thanks to our sponsor, Dropzone AI
Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws
Microsoft’s January 2025 Patch Tuesday tackled 161 vulnerabilities across Windows, Office, Hyper-V, Azure, and more—the highest monthly total since 2017. Of these, 11 were rated critical.
A serious Windows OLE vulnerability also stood out, enabling remote code execution via specially crafted emails in Outlook—though the preview pane isn’t an attack vector. Microsoft patched two critical RDP flaws, allowing remote, unauthenticated code execution. Updates are strongly recommended.
Illinois to get mobile driver’s licenses in Apple Wallet by end of 2025
Illinois plans to launch digital IDs in Apple Wallet by year-end, allowing residents to add driver’s licenses and state IDs to iPhones and Apple Watches, with Google Wallet support to follow. Secretary of State Alexi Giannoulias emphasizes robust testing to ensure privacy and security, calling this the first step in a cutting-edge mobile ID program. Illinois joins 10 other states and territories offering IDs in Apple Wallet. New Jersey is also pushing for mobile driver’s licenses, citing convenience like real-time address updates. Misconceptions persist, but officials stress that mDLs don’t enable government tracking.
Pro-Ukraine Group Launches Cyberattack on Russia’s Largest State Procurement Platform
Russia’s Roseltorg, a platform for government and corporate procurement, confirmed a cyberattack after initially citing “maintenance work” for outages. Pro-Ukraine hacker group Yellow Drift claimed responsibility, alleging they deleted 550 terabytes of data, including emails and backups, and shared screenshots as proof. Roseltorg stated it restored affected infrastructure, though its website remains offline. Clients, including major corporations and government agencies, report concerns over financial losses and delays. This attack is part of a broader wave targeting Russian entities.
Governments Advocate for Spyware Regulations at UN Security Council Meeting
The UN Security Council held its first meeting on the dangers of commercial spyware, focusing on its misuse and implications for global security and human rights. It’s supported by the U.S. and 15 other nations, with most attendees calling for stricter controls, with Russia and China dismissing concerns. Experts like Citizen Lab’s John Scott-Railton warned of spyware’s proliferation, citing Europe as a hotspot. Countries like Poland and Greece highlighted local reforms following spyware scandals. Russia accused the U.S. of hypocrisy, citing NSA surveillance, while China criticized prioritizing spyware over harmful international activities. Over the past four years, the U.S. government has taken several actions against commercial spyware.