Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-01-13 14:39:44 |
Cable Haunt: Hundreds of millions of cable modems may be vulnerable to hijacking attack (lien direct) |
Researchers warn that your cable modem might be vulnerable to hijacking, due to a critical security vulnerability in its Broadcom firmware.
Learn more now.
|
Vulnerability
|
|
|
|
2020-01-13 12:14:18 |
Shitrix: Hackers target unpatched Citrix systems over weekend (lien direct) |
Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.
Take action to protect your systems now before the exploit hits you in the face.
|
Vulnerability
|
|
|
|
2020-01-10 17:12:11 |
Graham Cluley on Totally Unprepared Politics podcast (lien direct) |
Just before the UK’s General Election in December, I recorded an interview with the “Totally Unprepared Politics” podcast.
Thanks to Adill Al-ashgar for inviting me on the show. And don’t worry, although we do touch on some politics, it’s mostly about cybersecurity.
|
|
|
|
|
2020-01-10 16:19:01 |
Amazon Ring employees snooped on users\' security videos (lien direct) |
It’s not only external hackers who pose a threat to the customer data that your company stores.
|
Threat
|
|
|
|
2020-01-10 11:18:39 |
Just one month later, the Currys PC World/Dixons Travel hack would have cost them a heck of a lot more (lien direct) |
DSG Retail, the parent company of Currys PC World and Dixons Travel, has been fined £500,000 for a hack which lasted from July 2017 to April 2018.
But if the breach had lasted for just one month longer, they could have expected a much MUCH larger penalty.
|
Hack
|
|
|
|
2020-01-09 22:30:49 |
Cryptojacked routers reduce by 78% in SE Asia following Operation Goldfish Alpha (lien direct) |
Operation Goldfish Alpha was a six-month effort to secure hacked devices across Southeast Asia.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2020-01-09 15:56:11 |
Stop everything. Update Firefox now (lien direct) |
A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.
Make sure you are running the very latest version of Firefox.
|
Vulnerability
|
|
|
|
2020-01-09 14:33:10 |
Man jailed for using webcam RAT to spy on women in their bedrooms (lien direct) |
A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2020-01-09 00:11:43 |
Smashing Security #160: SNAFUs! MS Word, Amazon Ring, and TikTok (lien direct) |
We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you’re comfortable with, and how teens are flocking to TikTok (and why that might be a problem).
All this and much more is covered in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2020-01-08 13:54:49 |
City of Las Vegas wakes up to a cyber attack (lien direct) |
In the early hours of Tuesday morning, city officials in Las Vegas were alerted that their computer network had suffered a security breach.
If it’s a ransomware attack, it sounds unlikely that they’ll be willing to give in to the extortionists’ demands.
|
Ransomware
|
|
|
|
2020-01-08 10:13:29 |
“Planned maintenance”? Travelex\'s masterclass in how not to respond to cyberattack (lien direct) |
For days Travelex’s website has said it was down for “planned maintenance”.
Now it finally admits that the company is struggling with a ransomware outbreak that has disrupted its online services.
|
Ransomware
|
|
|
|
2020-01-06 11:18:54 |
Download AV-Comparatives real-world test into how well different security products defend against APTs (lien direct) |
Download AV-Comparatives’ real-world test which reports on how well different security products defend against the increasing number of APT attacks.
|
|
|
|
|
2020-01-06 10:36:10 |
Company held hostage by ransomware shuts down, tells 300 employees to find new jobs (lien direct) |
It wasn’t a case of “Happy Holidays” for the employees of an Arkanasas-based telemarketing firm after they were told to find new jobs just before Christmas, after failing to recover from a ransomware attack.
|
Ransomware
|
|
|
|
2020-01-06 10:01:09 |
Travelex still offline after discovering malware on New Year\'s Eve, and other banks\' currency services are also affected (lien direct) |
The world’s largest foreign exchange bureau is still offline today, and the online currency services of other high street banks are disrupted.
|
Malware
|
|
|
|
2019-12-19 00:33:26 |
Smashing Security #159: Rap, robbery, and IoT holiday hell (lien direct) |
A rapping bank worker is accused of stealing from the vault, the devices that can hide your car’s true mileage, and why it may be a case of “No No No” rather than “Ho Ho Ho” when it comes to IoT toys this Christmas.
And as Carole sups the mulled wine, Graham has problems with his internet connection…
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.
|
|
|
|
|
2019-12-12 15:03:57 |
Waco water bill attack just the latest in a wave of Click2Gov breaches (lien direct) |
The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-12-12 00:07:27 |
Smashing Security #158: The man behind The Missing Cryptoqueen (lien direct) |
We’re joined by special guest Jamie Bartlett of “The Missing Cryptoqueen” podcast in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political…
All this and much much more can be found in the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.
|
|
|
|
|
2019-12-11 13:40:51 |
1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre (lien direct) |
1&1 Telecom GmbH has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-12-11 11:15:20 |
49% of workers, when forced to update their password, reuse the same one with just a minor change (lien direct) |
A new survey has revealed some alarming news about the way users are choosing their passwords in their homes and workplace.
|
|
|
|
|
2019-12-10 14:20:28 |
Snatch ransomware reboots Windows in Safe Mode to bypass anti-virus protection (lien direct) |
Never let it be said that malware authors don’t continue to find innovative ways to prevent their creations from being detected.
|
Ransomware
Malware
|
|
|
|
2019-12-09 15:42:25 |
Hackers steal credit card details from Sweaty Betty customers (lien direct) |
Women’s activewear retailer Sweaty Betty has emailed some of its customers warning that their payment card details may have been compromised by malicious code running on its website.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-12-07 17:48:38 |
Amazon battles leaky S3 buckets with a new security tool (lien direct) |
A new AWS feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, a company’s brand being damaged, and even – potentially – put its customers at risk.
Read more in my article on the Bitdefender Business Insights blog.
|
Tool
|
|
|
|
2019-12-05 13:09:51 |
Major data center provider hit by ransomware attack, claims report (lien direct) |
CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack.
Read more in my article on the Tripwire State of Security blog.
|
Ransomware
|
|
|
|
2019-12-05 00:10:39 |
Smashing Security #157: A biometric knuckle duster (lien direct) |
What is Kaspersky’s ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2019-12-04 21:48:23 |
Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000 (lien direct) |
Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.
|
|
|
|
|
2019-12-03 10:13:20 |
Jail for bomb hoaxer who targeted Super Bowl, Houses of Parliament, and schools for Jewish children (lien direct) |
Andreas Dowling used accounts and text-to-speech software to hide his identity as he caused 35,000 pupils to be evacuated from their schools.
|
|
|
|
|
2019-12-02 10:28:53 |
Cryptocurrency exchange locks its cold wallet as CEO “goes missing” (lien direct) |
Users of the Chinese cryptocurrency exchange IDAX must be feeling a little anxious right now. It has locked its cold wallet, suspending all deposits and withdrawals, after its CEO allegedly disappeared.
|
|
|
|
|
2019-11-29 14:31:56 |
Customers complain after alarms go offline, as security firm hit by ransomware attack (lien direct) |
Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection.
Read more in my article on the Hot for Security blog.
|
Ransomware
|
|
|
|
2019-11-29 08:35:32 |
Palo Alto Networks employee data breach highlights risks posed by third party vendors (lien direct) |
The personal details of some past and present Palo Alto Networks employees – their names, dates of birth and social security numbers – have been exposed online. But is it really the company’s fault?
Read more in my article on the Bitdefender Business Insights blog.
|
Data Breach
|
|
|
|
2019-11-28 17:21:52 |
Sextortion with a twist of Litecoin (lien direct) |
Internet users are being sent sextortion emails, claiming to have recorded videos of their X-rated website visits and demanding payment be made in Litecoin.
|
|
|
|
|
2019-11-27 16:59:33 |
Smashing Security #156: Better safe than Sony (lien direct) |
In this 20 minute clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures – reportedly carried out by North Korea for the very oddest of reasons…
|
Hack
|
|
|
|
2019-11-26 11:33:30 |
Facebook and Twitter warn some users\' private data was accessed via third-party app SDK (lien direct) |
Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-11-25 15:01:34 |
Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets (lien direct) |
For a long time it has been regarded as one of the security industry’s urban myths, but now law enforcement agencies have confirmed that they are investigating whether thieves have been identifying which cars might be carrying high tech gadgets through the use of Bluetooth scanners.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2019-11-25 14:32:37 |
Hackers attack OnePlus again – this time stealing customer details (lien direct) |
Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-11-22 16:46:27 |
VIDEO: “Not All Cybercriminals Are Evil Geniuses” (lien direct) |
Yesterday I spoke at IRISSCON in Dublin. Here is the blurb of what I was speaking about: The media loves to present hackers as evil geniuses, but that’s often not the case. They may not be smart, and they may not be bad. Sometimes they may even be neither! The truth is that good people […]
|
|
|
|
|
2019-11-22 15:07:44 |
Twitter finally upgrades its 2FA security feature. Mobile number no longer required! (lien direct) |
Hundreds of millions of Twitter users now have an improved way to better safeguard their accounts from being compromised.
|
|
|
★★★
|
|
2019-11-21 01:00:05 |
Smashing Security #155: Juicejacking, YouTube hacking, password slacking (lien direct) |
A bank has some of the worst password advice ever, travellers are told to be wary when USB charging their smartphones and laptops, and a gamer has his YouTube account hacked.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White.
|
|
|
|
|
2019-11-20 14:42:08 |
Millions of Android phones may be vulnerable to camera spying vulnerability (lien direct) |
Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.
Read more in my article on the Hot for Security blog.
|
Vulnerability
|
|
|
|
2019-11-20 11:00:57 |
Twitter warns verified users against attempts to mislead public after Conservative factcheckUK stunt (lien direct) |
The Conservative Party press office posed as an independent fact-checking service on Twitter, abusing its verified status in an attempt to fool British voters.
I find it hard to see it any other way…
|
|
|
|
|
2019-11-19 16:24:05 |
Bad boy of Brexit Arron Banks hacked, private Twitter messages leaked (lien direct) |
British businessman Arron Banks, one of the self-styled “Bad Boys of Brexit” and a leading figure of the Leave.EU campaign, has had his Twitter account hacked.
|
Guideline
|
|
|
|
2019-11-19 15:12:18 |
Man who made $542,925 renting out DDoS services sentenced to prison (lien direct) |
A 21-year-old man who made half a million dollars running DDoS-for-hire services has been sentenced to prison for 13 months.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-11-19 11:44:23 |
Ransomware strikes again in the state of Louisiana (lien direct) |
Ransomware hit Louisiana’s state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack.
Read more in my article on the Tripwire State of Security blog.
|
Ransomware
|
|
|
|
2019-11-19 00:36:04 |
Come see me speak at IRISSCON in Dublin this week about cybercriminals (lien direct) |
I’m off to Dublin this week to join the galaxy of security superstars speaking at IRISSCON 2019. Find out more about the conference and see you there!
|
|
|
|
|
2019-11-14 13:54:56 |
Only after running out of hard disk space did firm realise hacker had stolen one million users\' details (lien direct) |
Yet another company has been found woefully lacking when it comes to securing consumers' data.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-11-14 11:04:09 |
About the “easy to hack” EU Exit: ID Document Check app (lien direct) |
The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”
But is this something worth losing any sleep over?
|
|
|
|
|
2019-11-14 00:07:37 |
Smashing Security #154: A buttock of biometrics (lien direct) |
The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
|
|
|
|
|
2019-11-12 12:37:16 |
That “sophisticated” Labour cyber-attack – don\'t panic (lien direct) |
With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”
|
|
|
|
|
2019-11-11 13:37:26 |
BlueKeep: What you need to know (lien direct) |
Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.
But that may be about to change…
Read more in my article on the Tripwire State of Security blog.
|
|
|
★★
|
|
2019-11-07 11:55:07 |
Mac users warned that disabling all Office macros doesn\'t actually disable all Office macros (lien direct) |
It's been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.
Unfortunately, it seems that's not the case – at least not for users of the Mac version of Microsoft Office.
Read more in my article on the Hot for Security blog.
|
Malware
|
|
|
|
2019-11-07 01:00:50 |
Smashing Security #153: Cybercrime doesn\'t pay (but Uber does) (lien direct) |
The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.
|
|
Uber
|
|