Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-12-04 09:11:05 |
The lax computer security of British MPs - as detailed in their own tweets (lien direct) |
|
|
|
|
|
2017-11-29 17:17:22 |
Apple fixes root password bug: \'Install this update as soon as possible\' (lien direct) |
To their credit, it didn't take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.
|
|
|
|
|
2017-11-29 11:15:15 |
Smashing Security podcast #054: A great big fat macOS bug (lien direct) |
Yes, you can log into macOS High Sierra's root account with no password.
|
|
|
★★★★
|
|
2017-11-29 00:43:47 |
Huge MacOS bug lets anyone login as root without a password: what you need to know (lien direct) |
|
|
|
★★
|
|
2017-11-27 10:32:05 |
Facebook flaw allowed unauthorised users to delete any photo (lien direct) |
|
|
|
|
|
2017-11-23 00:24:18 |
Smashing Security podcast #053: Game of Thrones, a major Amazon cloud leak, and web tracking gone crazy (lien direct) |
The FBI think they've identified the HBO hacker, the US military have been caught with a leaky bucket, and web tracking has just got scarier than ever.
|
|
|
★★
|
|
2017-11-21 23:34:10 |
(Déjà vu) Uber paid hackers $100,000 to keep data breach quiet (lien direct) |
|
|
Uber
|
|
|
2017-11-21 12:33:41 |
Scammed via Western Union? Claim your share of a $586 million refund now! (lien direct) |
Western Union has agreed to pay more than half a billion dollars (an eye watering $586 million) to scam victims.
|
|
|
|
|
2017-11-21 10:16:44 |
Vigilante or bug hunter? (lien direct) |
A website is taken down after a vulnerability researcher discovers a way to extract customers' personal details.
|
|
|
|
|
2017-11-16 15:28:04 |
Forever 21 clothing stores hit by credit card data breach after encryption failure (lien direct) |
Clothing retailer Forever 21 is telling customers to keep a close eye on their credit card statements, after the American fashion outlet warned that it had suffered a data breach at some of its stores.
|
|
|
|
|
2017-11-16 08:47:52 |
Smashing Security podcast #052: Facebook tackles vengeful scumbags, and a sex toy privacy boob (lien direct) |
Is your sex toy listening to you? Do you trust Facebook with your most intimate photos? And just how did a vengeful DDoSer come up with that nickname?
|
|
|
|
|
2017-11-15 11:14:56 |
US Government issues alert about North Korean "Hidden Cobra" cyber attacks (lien direct) |
The FBI and US Department of Homeland Security have issued an alert that hackers have targeted the aerospace industry, financial services and critical infrastructure with a remote access trojan (RAT) to further exploit vulnerable networks.
|
Medical
|
APT 38
|
|
|
2017-11-15 11:13:52 |
Using bots to scam the scammers (lien direct) |
A new bot takes the work out of fighting back against the scammers.
|
|
|
|
|
2017-11-15 09:07:22 |
10-year-old kid succeeds in unlocking his mum\'s iPhone X, with just a glance (lien direct) |
Is Apple's Face ID really as secure as we're told?
|
|
|
|
|
2017-11-14 11:07:41 |
Most UK law firms aren\'t ready for GDPR, claims report (lien direct) |
A survey finds that "only 25%" legal sector IT decision-makers say that their firms were GDPR ready.
|
|
|
|
|
2017-11-12 22:45:47 |
Amazon moves to stop S3 buckets leaking business data (lien direct) |
Businesses don't need to be targeted by sophisticated hackers to have private and sensitive data splashed across the newspaper headlines.
|
|
|
|
|
2017-11-09 08:41:18 |
Smashing Security podcast #051: Robots, romance, passwords, and CrunchyRoll (lien direct) |
Passwords are under the microscope again, CrunchyRoll leads anime fans to malware, a sexy robot gains Saudi citizenship, and Carole begins her career as an agony aunt.
|
Guideline
|
|
|
|
2017-11-08 12:13:36 |
Not on Facebook? News flash: Facebook still knows about you (lien direct) |
Facebook doesn't keep profiles for non-users, but it does use their contact information to connect people.
|
|
|
|
|
2017-11-08 11:52:24 |
Give Facebook your nude pics to tackle revenge porn (lien direct) |
|
|
|
|
|
2017-11-07 14:14:04 |
Fake WhatsApp app tricked over a million users (lien direct) |
Google Play has suffered another failure, as over one million users have been duped into downloading a fake version of WhatsApp made available in the official Android app store.
|
|
|
|
|
2017-11-02 11:17:01 |
Google\'s bug-tracking system contained its own vulnerabilities, researcher discovers (lien direct) |
Bugs in the system could have helped unauthorised parties access details of every vulnerability report sent to Google, opening the door for exploitation before a fix is made available.
|
|
|
|
|
2017-11-02 01:06:05 |
Smashing Security podcast #050: MailChimp, Piers Morgan, and the Dark Overlord (lien direct) |
There's little time to celebrate our 50th episode, because there are rants to be had about MailChimp's switch to single opt-in, Graham upsets Piers Morgan on Twitter, and the Dark Overlord hacking gang are up to some pretty horrid tricks.
|
|
|
|
|
2017-10-31 22:54:02 |
Another Hollywood studio is hacked by The Dark Overlord (lien direct) |
A Hollywood production studio has found itself the unwitting victim of a notorious group of hackers who have specialised in breaking into organisations and stealing large amounts of data.
|
|
|
|
|
2017-10-31 17:47:23 |
I can no longer recommend MailChimp (lien direct) |
|
|
|
|
|
2017-10-31 15:41:36 |
How to better protect your data when you\'re on a business trip overseas (lien direct) |
What should you be doing to protect yourself better digitally if you're travelling to a high-risk country?
|
|
|
|
|
2017-10-28 23:20:38 |
Risky online dating apps putting your privacy in danger (lien direct) |
If you weren't nervous enough about the prospect of meeting a complete stranger after connecting on an online dating app, there's something else to worry about.
|
|
|
|
|
2017-10-26 15:39:19 |
Smashing Security podcast #049: Hacking funeral homes, crypto mining websites, and careful with that hairspray (lien direct) |
Scammers show a lack of imagination after hacking a funeral home, more websites are secretly stealing visitors' resources to mine for cryptocurrency, and everyone is very confused about the USA's airline laptop ban.
|
|
|
|
|
2017-10-26 13:01:03 |
Rule #1: If you want something to be private, don\'t broadcast it (even blurred out!) on TV (lien direct) |
|
|
|
|
|
2017-10-24 16:14:49 |
Reaper IoT botnet could be more devastating than Mirai (lien direct) |
Think the Mirai botnet which launched a DDoS attack that knocked major websites offline last year was bad?
It's possible that you ain't seen nothing yet.
|
Cloud
|
APT 37
|
|
|
2017-10-24 14:31:02 |
87% of banks don\'t identify fraud in real time. Download the \'2017 Faces of Fraud Survey\' report now! (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
The 2017 Faces of Fraud Survey, conducted by iSMG, the world's largest media organization devoted solely to information security and risk management, delivers revealing insights into the sector's challenges in fraud practices and strategies, and underscores the growing vulnerability of mobile channels.
The 2017 Faces of Fraud Survey was commissioned by VASCO and compiled with responses from banking and security leaders representing financial institutions ranging from under $500 million to more than $20 billion in assets. Key findings include:
52 percent say today's fraud schemes are too sophisticated and evolve too quickly to keep pace
Only 38 percent have high confidence in their organization's ability to detect and prevent fraud
Almost half identify technical barriers or controls not talking to one another as a top challenge to improving enterprise fraud
41 percent do not want to add new anti-fraud controls that might negatively impact the customer experience
35 percent say they are countering mobile exploits with multifactor authentication
Just 13 percent believe they are identifying fraud in real time
Download the 2017 Faces of Fraud Survey, a 27-page report that documents how leaders in the banking and security industries are preparing for fraud. Roughly 250 banking/security leaders participated in this survey, which was conducted to determine:
The top forms of fraud afflicting financial organizations in 2017
The biggest gaps in organizations' efforts to detect and prevent fraud
What organizations are doing to counter the surge in mobile exploits
Get your copy of the full report now.
|
Guideline
|
|
|
|
2017-10-23 14:49:45 |
FBI failed to break into nearly 7000 mobiles due to encryption (lien direct) |
Unless law enforcement agencies can find a way to bypass the device's security by exploiting a software flaw, the best they can hope for is to guess a mobile phone's passcode or to find a suspect willing to cough up.
|
|
|
|
|
2017-10-21 20:01:25 |
Found a flaw in a popular Android app? Google might give you $1000 (lien direct) |
Google has announced a new bug bounty program that aims to uncover security holes in high-profile Android apps.
|
|
|
|
|
2017-10-18 23:48:38 |
Smashing Security podcast #048: KRACK, North Korea, and an 18th century cyber attack (lien direct) |
KRACK! Has the Wi-Fi vulnerability got you worried? Did North Korea hack a British TV company? And what have Dutch police learnt from Pokémon?
|
|
|
|
|
2017-10-18 11:24:38 |
How to make your Google account more secure than ever before (lien direct) |
Google Advanced Protection isn't for everyone. But for high-risk Google accounts it's a must.
|
|
|
|
|
2017-10-17 16:59:36 |
KRACK Wi-Fi attack - the rules haven\'t changed (lien direct) |
|
|
|
|
|
2017-10-17 15:55:37 |
Microsoft bug-tracking database was \'hacked by Wild Neutron gang\' (lien direct) |
The Wild Neutron hacking group gained access to an internal database Microsoft uses to track software vulnerabilities.
|
|
|
|
|
2017-10-17 12:16:44 |
RAT flies under the radar with exploit-laden file downloaded by decoy Word document (lien direct) |
A malware campaign is using a decoy Word document to automatically download an exploit-laden file and install a remote administration tool (RAT) for nefarious purposes.
|
|
|
★★★
|
|
2017-10-13 10:32:28 |
F-35 fighter jet secrets stolen from Australian defence contractor in \'extensive\' hack (lien direct) |
Unknown individuals stole sensitive information pertaining to Australia's defense programs by hacking a government contractor.
|
|
|
|
|
2017-10-13 10:07:18 |
Former policewoman who stalked married man is jailed for 11 months (lien direct) |
A former policewoman will spend the next 11 months in prison for her decision to harass and stalk a married man online.
|
|
|
|
|
2017-10-12 14:26:51 |
Can you trust that \'Sign in to iTunes Store\' dialog on your iPhone? (lien direct) |
it's all too easy for a malicious app developer to determine a user's Apple ID password - just by asking for it.
|
|
|
|
|
2017-10-11 23:19:26 |
Smashing Security podcast #047: Kaspersky, AI, and a well-handled data breach (lien direct) |
America turns the heat up on Kaspersky anti-virus, Disqus announces a data breach, Elon Musk plans a bolthole on Mars to escape our robot overlords, and Graham gets to play chess with Garry Kasparov.
|
|
|
|
|
2017-10-11 17:04:22 |
Equifax: Umm, actually hackers stole records of 15.2 million Brits, not 400,000 (lien direct) |
Equifax has confirmed that a recent data breach exposed a file containing 15.2 million UK personal information records.
|
|
Equifax
|
|
|
2017-10-10 20:25:02 |
VPN logs helped expose man\'s cyberstalking campaign against former roommate, claims FBI (lien direct) |
Using a VPN is not necessarily a guarantee that your identity will be kept secret from the police.
|
|
|
|
|
2017-10-10 20:06:38 |
Do you trust your browser to save your credit card data and shipping info? (lien direct) |
Technology could mean the end of sharing your credit card details with vendors.
|
|
|
|
|
2017-10-10 11:50:05 |
PornHub visitors hit with malware attack via poisoned ads (lien direct) |
|
|
|
|
|
2017-10-09 11:39:24 |
Disqus reveals data breach, but wins points for transparency (lien direct) |
Disqus has public announced that its user database leaked in 2012, exposing the usernames, email addresses, sign-up dates, and last login dates of more than 17 million users.
|
|
|
|
|
2017-10-08 21:42:10 |
\'Hola señorita\' says smart camera as it follows owner\'s every move (lien direct) |
It gets a little more NSFW from there...
|
|
|
|
|
2017-10-08 21:09:43 |
Hackers publish school district\'s student data after threatening to \'kill some kids\' (lien direct) |
Hackers published the student directory of an Iowa school district online after they threatened to "kill some kids" at local schools.
|
|
|
|
|
2017-10-06 12:35:53 |
Apple fixes flaw that displayed actual password rather than password hint (lien direct) |
If you're running macOS High Sierra on your desktop or laptop, stop right now and make sure you have applied the latest security update.
|
|
|
|
|
2017-10-06 12:15:10 |
Dnsmasq vulnerability puts home routers and IoT devices at risk (lien direct) |
Vulnerability researchers at Google have uncovered exploitable software flaws in code running on internet-connected devices that could allow a malicious hacker to run remotely any code of their choosing.
|
|
|
|