Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-01-14 17:08:01 |
British TV viewers targeted by email fraudsters (lien direct) |
TV fraudsters are using the disguise of emails from the TV Licensing authority to steal large sums of money from the bank accounts of unwary Brits.
|
|
|
|
|
2019-01-14 10:07:00 |
The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison (lien direct) |
A 34-year old man has been jailed after being found guilty of launching a massive denial-of-service attack against Boston Children's Hospital.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-01-10 14:27:01 |
Reddit users locked out of accounts after \'security concern\' (lien direct) |
A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a “security concern.”
The lockout has occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing attack.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-01-10 12:35:02 |
Smashing Security #110: What? You can get paid to leave Facebook? (lien direct) |
Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
★★★
|
|
2019-01-09 12:43:04 |
Automated phishing attack tool bypasses 2FA protection (lien direct) |
Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it's easy to imagine that many criminals will be tempted to put it to malicious use.
|
Tool
|
|
|
|
2019-01-09 11:27:02 |
Being paid to quit Facebook (lien direct) |
Research claims Facebook users are prepared to give up the social network for a year… if paid over $1000.
|
|
|
|
|
2019-01-07 16:24:01 |
Earn $2,000,000 by remotely jailbreaking an iPhone (lien direct) |
Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?
The sad truth is that we may never know for sure… but intelligence agencies might.
|
|
|
|
|
2019-01-04 16:04:02 |
Town of Salem hack exposes details of 7.6 million gamers (lien direct) |
Just before Christmas, hackers managed to break into a database belonging to a popular online game and steal the details of over seven million players.
Read more in my article on the Hot for Security blog.
|
Hack
|
|
|
|
2019-01-04 11:43:03 |
German politicians suffer massive hack of personal details and private communications (lien direct) |
The private communications, emails, contact details, mobile phone numbers, memos, and financial information of hundreds of politicians have been published online.
|
Hack
|
|
|
|
2019-01-03 15:39:00 |
TheHackerGiraffe says he\'s retired from hacking smart TVs to promote PewDiePie (lien direct) |
TheHackerGiraffe, the hacker who breached innocent users' unsecured printers, Google Chromecast streaming devices, and smart TVs to promote the PewDiePie YouTube channel, has announced his retirement.
|
|
|
|
|
2019-01-03 13:06:01 |
Hackers demand ransom from Dublin\'s tram system, after Luas website defaced (lien direct) |
The website of Luas, the tram system operating in Ireland's capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-01-02 10:17:04 |
Appearing on the \'Random but Memorable\' podcast (lien direct) |
Just before Christmas I was fortunate enough to be invited onto the “Random but Memorable” podcast, hosted by Matt Davey and Michael Fey of 1Password.
Take a listen.
|
|
|
|
|
2018-12-30 21:13:01 |
Graham Cluley\'s Desert Planet Picks (lien direct) |
Here's something a bit different (and utterly unrelated to computer security).
|
|
|
|
|
2018-12-20 11:50:00 |
Spooked by a speaking security camera? Polite hacker tells owner how to fix his IoT security (lien direct) |
The “white hat” hacker, who claimed to be part of a group calling itself the “Anonymous Calgary Mindhive”, said it hadn't been hard for him to hijack control of Gregg's Nest security camera.
Read more in my article on the Bitdefender Box blog.
|
|
|
|
|
2018-12-20 00:00:01 |
Smashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor (lien direct) |
Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The CyberWire's Dave Bittner.
|
|
|
|
|
2018-12-19 13:47:00 |
Facebook waited months before admitting privacy bug exposed millions of users\' unposted photos (lien direct) |
At the end of last week Facebook revealed that an API bug had given developers of third-party apps access to the photos of millions of users.
But Facebook didn't find out about the problem last week. It found out about it in September.
|
|
|
|
|
2018-12-14 17:50:00 |
International email bomb hoax proves to be a spectacular failure (lien direct) |
Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday.
But if the hoaxer thought they were going to make a lot of money through the scam, they're going to be disappointed.
|
|
|
|
|
2018-12-14 10:59:04 |
2018 - a year of data breaches in review (lien direct) |
Week after week, month after month, 2018 saw organisations and companies struck by massive and damaging data breaches, putting the personal details of innocent members of the public at risk.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2018-12-13 09:52:02 |
Smashing Security #108: Hoaxes, Huawei and chatbots - with Mikko Hyppönen (lien direct) |
The curious case of George Duke-Cohan, Huawei's CFO finds herself in hot water, and the crazy world of mobile phone mental health apps.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guests Mikko Hyppönen from F-Secure and technology journalist Geoff White.
|
|
|
|
|
2018-12-12 21:49:02 |
Supermicro says independent investigation found no spy chips on its motherboards (lien direct) |
An independent audit has found no evidence that malicious chips were planted on Supermicro's motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.
|
|
|
|
|
2018-12-12 14:48:05 |
Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail (lien direct) |
Scammers want you to send $2000 to help Huawei's CFO bribe her way out of jail.
|
|
|
|
|
2018-12-11 02:30:04 |
Google admits Google Plus hit by *another* privacy flaw, speeds up site\'s closure (lien direct) |
Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.
|
|
|
|
|
2018-12-11 01:20:04 |
GlobeImposter ransomware victims find themselves abandoned by their extortionists (lien direct) |
It's a bad day when your computers get hit by ransomware.
But it only gets worse when you realise that you not only don't have backups, but also have no way of contacting the criminals who encrypted your data.
|
Ransomware
|
|
|
|
2018-12-07 15:35:04 |
Three years in jail for teenager who spammed out school bomb threats (lien direct) |
British teenager George Duke-Cohan has been jailed for three years for making hoax bomb threats that closed hundreds of schools up and down the UK.
|
|
|
|
|
2018-12-06 13:04:01 |
Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea (lien direct) |
Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-12-06 01:16:01 |
Smashing Security #107: Sextorting the US army, and a Touch ID scam (lien direct) |
Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won't believe who was behind a sextortion scam that targeted over 400 members of the US military.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.
|
|
|
|
|
2018-12-05 14:48:01 |
It looked like a Citrix ShareFile phishing attack, but wasn\'t (lien direct) |
Guest contributor Bob Covello isn't happy about a password reset email that Citrix has been sending its customers.
If you're a company contacting your customers via email, please make sure it doesn't look phishy.
|
|
|
|
|
2018-12-04 12:58:04 |
Quora hack leaves details of 100 million accounts exposed (lien direct) |
Approximately 100 million Quora users may have had their information accessed by hackers.
|
Hack
|
|
|
|
2018-12-03 19:53:02 |
Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users (lien direct) |
Two iOS fitness apps have been found exploiting a sneaky user interface trick to fool users into making unwanted in-app purchases with Touch ID.
|
|
|
|
|
2018-12-03 19:05:02 |
Digitize and automate your customer agreement process for financial transactions. Download this free OneSpan guide. (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
OneSpan is now giving you the chance to download its Financial Agreement Automation RFP Guide for Account Opening, Digital Lending and Leasing Automation.
Trillions of dollars in financial transactions are processed each year. These include credit agreements, loans, new account openings, mortgages, pensions and annuities.
Today's customer is looking for speed, ease and convenience. To meet these demands, financial institutions must offer fully digital experiences.
This guide is for financial institutions evaluating technology for agreement automation.
Agreement automation refers to the digitization of the customer agreement process for financial transactions – including application data validation, digital identity verification, agreement signing and storage, and audit trail capture.
This guide will assist you in:
Determining your agreement automation requirement
Deciding which stakeholders to involve in the RFP process
Developing RFP questions (14 pages of sample RFP questions provided)
Evaluating options for implementation
Download your copy of OneSpan's guide now.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-11-30 12:35:03 |
Marriott warns of hack. 500 million Starwood hotel guests\' personal data could be exposed. (lien direct) |
There's bad news if you're one of the 500 million hotel guests whose data was included on the Starwood guest reservation database.
|
|
|
|
|
2018-11-29 14:27:01 |
(Déjà vu) US charges Iranian hackers for SamSam ransomware attacks (lien direct) |
Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.
Read more in my article on the Tripwire State of Security blog.
|
Ransomware
|
|
|
|
2018-11-29 14:23:00 |
Dell suffers security breach, reset customer passwords (but didn\'t tell customers why until now) (lien direct) |
Dell has revealed that earlier this month it discovered that hackers had breached its security and were attempting to access customer details - including names, email addresses, and hashed passwords.
|
|
|
|
|
2018-11-29 12:04:05 |
Smashing Security #106: Google Maps, Fed phishing, and Grinch bots (lien direct) |
How are scammers stealing your money through Google Maps? Why did the FBI create a fake FedEx website? And how are US senators hoping to stop Grinch bots ruining Christmas?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
And don't miss our special bonus interview about passwords with Rachael Stockton of LastPass.
|
|
FedEx
LastPass
|
|
|
2018-11-28 16:53:01 |
Germany proposes security guidelines for routers, but not everybody is happy (lien direct) |
The German government has published draft guidelines on how it believes broadband routers should be secured. But some people think more could be done.
Read more in my article on the Bitdefender Box blog.
|
|
|
|
|
2018-11-28 16:49:05 |
School district fails to reclaim $120,000 wired by bank to scammer (lien direct) |
A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-11-27 14:01:02 |
More details on One Planet York app vulnerability don\'t paint council in a good light (lien direct) |
New information has come to light which makes it more difficult to defend York city council's actions and communications in response to being told about a vulnerability in its One Planet York app.
|
Vulnerability
|
|
|
|
2018-11-27 12:33:04 |
When the FBI rather than the fraudsters make the fake FedEx website (lien direct) |
Fraudsters beware! The Feds are prepared to use your own tricks against you.
|
|
FedEx
|
|
|
2018-11-26 23:41:00 |
Did UK city council over-react to a vulnerability report in its recycling app or not? (lien direct) |
Some in the computer security community feel that the council over-reacted by reporting the incident to the police.
I'm not so sure.
|
Vulnerability
|
|
|
|
2018-11-22 13:58:05 |
SIM swap! Man charged after million dollar cryptocurrency theft (lien direct) |
Prosecutors believe 21-year-old Manhattan resident Nicholas Truglia targeted the cellphones of Silicon Valley executives in “SIM-swapping” attacks.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-11-22 00:22:05 |
Smashing Security #105: Facebook, Nietzsche, Tesla, and Nicole (lien direct) |
Tesla takes customer service a step too far, is it a romantic gesture or stalking when you email 246 women called Nicole, and Carole finds herself in a Facebook dilemma.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
|
|
Tesla
|
|
|
2018-11-21 15:29:02 |
Amazon warns customers it leaked their names and email addresses (lien direct) |
What aren't you telling us Amazon, and why?
|
|
|
|
|
2018-11-21 14:52:01 |
High Tail Hall data breach exposes over 400,000 furry fans (lien direct) |
An online fantasy role-playing game where participants can dress up as buxom furry animals has had its user database leaked onto the internet.
|
Data Breach
|
|
|
|
2018-11-21 13:53:01 |
Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts (lien direct) |
A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.
Read more in my article on the Hot for Security blog.
|
Vulnerability
|
|
|
|
2018-11-20 13:13:04 |
Two friends jailed for TalkTalk hack plot (lien direct) |
Judge describes men connected to TalkTalk hack as “individuals of extraordinary talent.” Sigh…
Read more in my article on the Hot for Security blog.
|
Hack
|
|
|
|
2018-11-19 21:31:00 |
(Déjà vu) Unlock the power of threat intelligence with this practical guide. Get your free copy now (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've published “The Threat Intelligence Handbook.”
It's aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.
Download your free copy now.
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Threat
|
|
|
|
2018-11-19 19:22:05 |
Multi-factor failure locks out Microsoft Office 365 and Azure users (lien direct) |
Users of Microsoft Azure and Office 365 are struggling to access their accounts today, due to a multi-factor authentication malfunction.
|
|
|
|
|
2018-11-19 17:12:02 |
Vision Direct hack reveals customer credit card details (lien direct) |
Criminals planted credit-card skimming code on Vision Direct online store.
|
Hack
|
|
|
|
2018-11-15 23:17:00 |
Under attack! Should your company ever \'hack back\'? (lien direct) |
Are targeted companies missing a trick? Could they not use their tech skills to penetrate their attacker's own computer systems, and launch a counter-attack which might knock out their adversaries' infrastructure?
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2018-11-15 15:12:01 |
20% of MageCart-compromised merchants get reinfected within days (lien direct) |
MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again.
Read more in my article on the Tripwire State of Security blog.
|
Malware
|
|
|