Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-01 08:43:00 |
Free buyer\'s guide to evaluating fraud detection & prevention tools (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
The fraud detection and prevention market offers a wide range of tools with a wide range of capabilities, but fraud is an ever-evolving threat. Not every tool can keep up with the new fraud schemes in play today.
Download this guide from OneSpan to gain expert insight on the essential capabilities you need in a fraud detection tool. From machine learning and an advanced rule engine to dynamic authentication flows, learn the nine key requirements to look for when comparing fraud solutions.
Inside, you'll discover:
The nine capabilities you need to combat today's fraud schemes
The value of a layered, context-aware online security approach to fraud detection
Why analyzing the mobile device itself is so crucial
How to explore the full potential of your data
How OneSpan's Risk Analytics solution meets these requirements
Download OneSpan's “Buyer's Guide to Evaluating Fraud Detection & Prevention Tools”.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Tool
|
|
|
|
2018-09-28 14:27:00 |
Zuckerberg\'s Facebook page? I\'ll livestream its deletion, says hacker (lien direct) |
A Taiwanese bug hunter says that he will livestream his attempt to delete Mark Zuckerberg's Facebook page this weekend.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-09-28 13:21:00 |
Australian teen who hacked into Apple and stole 90 GB of files avoids jail (lien direct) |
An Australian teenager who hacked into Apple's network on multiple occasions over several months and stole sensitive files has been told that he will not be imprisoned.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-09-28 10:06:03 |
Come to the National Information Security Conference (NISC), 10-12 October 2018 (lien direct) |
Graham Cluley will be chairing the 19th National Information Security Conference (NISC) in Glasgow, Scotland, between 10th-12th October. Register for your ticket now.
|
|
|
|
|
2018-09-27 08:29:01 |
Smashing Security #097: Dash cam surveillance, robocall plague, and Zoho woe (lien direct) |
Why was Zoho's website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
|
|
|
|
|
2018-09-26 08:41:04 |
Malware steals passwords from SHEIN, 6.4 million customers impacted (lien direct) |
Women's fashion retailer SHEIN has suffered a major security breach that has exposed the personal information and passwords of over six million customers.
Read more in my article on the Hot for Security blog.
|
Malware
|
|
|
|
2018-09-25 10:03:00 |
14 years prison for man who helped hackers evade detection by anti-virus software (lien direct) |
A US court has sentenced the creator of a notorious service that helped malware authors avoid detection by anti-virus software to 14 years in prison.
Read more in my article on the Hot for Security blog.
|
Malware
|
|
|
|
2018-09-25 09:53:04 |
NewsNow suffers security breach - passwords should be considered compromised (lien direct) |
Online news aggregation service NewsNow has admitted that it has suffered a security breach, potentially exposing users' passwords.
|
|
|
|
|
2018-09-24 07:00:01 |
Take this short survey to assess your organization\'s threat intelligence maturity (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
Recorded Future believes that every security team can benefit from threat intelligence. That's why it has launched its new Threat Intelligence Grader - so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it.
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. It empowers organizations to reveal unknown threats before they impact business, and enables teams to respond to alerts 10 times faster.
To supercharge the efforts of security teams, Recorded Future's technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies.
91 percent of the Fortune 100 use Recorded Future.
Try out Recorded Future's Threat Intelligence Grader for yourself now!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Threat
|
|
|
|
2018-09-19 23:35:00 |
Smashing Security #096: Bribing Amazon staff, and blinking deepfakes (lien direct) |
Amazon staff are being bribed to delete negative reviews and leak data, deepfakes are getting more dangerous, an update on John McAfee's bitcoin bet, and our guest gets a shock…
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week (for a while at least) by David Bisson.
|
|
|
|
|
2018-09-19 12:12:04 |
\'Peekaboo\' zero-day lets hackers view and alter surveillance camera footage (lien direct) |
Hundreds of thousands of security cameras are believed to be vulnerable to a zero-day vulnerability that could allow hackers to spy on feeds and even tamper with video surveillance recordings.
Read more in my article on the Bitdefender BOX blog.
|
Vulnerability
|
|
|
|
2018-09-19 12:04:04 |
The makers of the Mirai IoT-hijacking botnet are sentenced (lien direct) |
Three men who operated and controlled the notorious Mirai botnet in October 2016 have been sentenced to five years of probation.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-09-19 07:33:01 |
Your business should be more afraid of phishing than malware (lien direct) |
If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate.
Read more in my article on the Bitdefender Business Insights blog.
|
Malware
|
|
|
|
2018-09-18 23:34:05 |
US Dept of State says attack on email system exposed employees\' personal data (lien direct) |
The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees.
|
Data Breach
|
|
|
|
2018-09-17 15:01:03 |
Another wave of sextortion emails (lien direct) |
During the last few months, many of us will have received emails that try to extract a ransom via an anonymous cryptocurrency.
But as email blackmailers make big winnings, others are trying to cash in on the craze.
|
|
|
|
|
2018-09-17 13:43:02 |
Bristol Airport says it did not pay any ransom to recover from cyber attack (lien direct) |
Officials at Bristol Airport in the UK declined to pay a ransom demand from extortionists who attacked its computer systems late last week, forcing them to resort to whiteboards and public address systems to communicate with travellers.
|
|
|
|
|
2018-09-17 12:53:01 |
8 Industry Best Practices for a Successful Mobile First Strategy (eBook by OneSpan) (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
And you can now download OneSpan's free eBook: “8 Industry Best Practices for a Successful Mobile First Strategy”.
Financial institutions strategically aim for customers to do more with mobile while minimizing fraud exposure tied to untrusted, high-risk devices. To enable growth in the mobile channel, financial institutions need to provide fast, convenient and frictionless high-value services delivered as securely and fraud-proof as possible. Building trust between the bank and the customer is priority one in achieving this goal.
Inside OneSpan's eBook, you'll discover how to:
Provide a frictionless experience
Measure risk on each mobile device
Combat social engineering and other threats
Simplify document signing
Login quickly and securely
Adopt an Omni-channel approach
Be ready for regulation
Download now: “8 Industry Best Practices for a Successful Mobile First Strategy”.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-09-17 07:49:02 |
How to crash and restart an iPhone with a CSS-based web attack (lien direct) |
A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage.
Read more in my article on the Hot for Security blog.
|
|
|
★★★
|
|
2018-09-17 00:57:03 |
Amazon staff said to be taking bribes to leak data (lien direct) |
Often the biggest problem is not the threat of external hackers, but rather internal staff to whom you have granted access to sensitive data and who might be tempted to exploit it for financial gain.
|
Threat
|
|
|
|
2018-09-13 13:13:05 |
Prison for man who assisted scareware scheme that targeted newspaper website (lien direct) |
A man wanted for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website, who spent years on the run from the FBI, has finally been sent to prison.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-09-13 00:57:03 |
Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked (lien direct) |
Malicious script is being blamed for the British Airways hack, Trend Micro's apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort's daughter wants Twitter to remove a link.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.
|
|
|
|
|
2018-09-12 14:53:02 |
TV License website said it was secure. It wasn\'t (lien direct) |
The official UK TV licensing website was allowing license purchasers to submit their personal identifiable information and bank details in unsafe, unencrypted plaintext.
|
|
|
|
|
2018-09-11 11:09:03 |
Trend Micro apologises after Mac apps found scooping up users\' browser history (lien direct) |
Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users' browser history to its servers, and apologised to customers for any “concern they might have felt.”
But apparently it's the users' fault anyway for not reading the EULA.
|
|
|
|
|
2018-09-10 20:11:03 |
Law firm launches £500 million group action over British Airways hack (lien direct) |
Within hours of British Airways admitting that it had suffered a serious security breach, with hackers accessing customer data and the full details of 380,000 payment cards, a British law firm announced that it was launching a £500m group action against the airline.
|
Hack
|
|
|
|
2018-09-10 13:47:02 |
Apps that steal users\' browser histories kicked out of the Mac App store (lien direct) |
Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn't the only popular app stealing users' private information.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-09-10 09:17:02 |
Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics. Download free ebook sneak peek today (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support!
Coming this fall, Nehemiah is releasing their newest ebook, “Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics”. This introductory guide arms the modern day cybersecurity leader to put cyber risk into motion and transform cybersecurity operations into a business enabler.
Topics covered in this book include:
The end goal of cyber risk analytics
Where to gather the right data
Key stakeholders involved
What it takes to quantify cyber risks financially
Follow this link for a sneak peek into the content and to reserve your copy when the full book is released!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Guideline
|
|
|
|
2018-09-07 10:36:01 |
Teenage hacker admits making hoax bomb threats against schools and airlines (lien direct) |
British police have announced that they have arrested a 19-year-old man in connection with a series of hoax bomb threats and distributed denial-of-service (DDoS) attacks.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-09-06 19:02:00 |
British Airways hacked - customer data and details of 380,000 card payments stolen (lien direct) |
Hackers have stolen the personal and payment card information of hundreds of thousands of British AIrways passengers from its website.
|
|
|
|
|
2018-09-06 12:49:05 |
How to manipulate Apple\'s podcast charts, and get yourself a top-rated show (lien direct) |
Unpopular podcasts are manipulating Apple Podcasts to artificially inflate their ranking, and get themselves a coveted place towards the top of the charts.
|
|
|
|
|
2018-09-06 06:14:00 |
Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams (lien direct) |
What's the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show's hosts is going to admit to cheating in their exams?
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.
|
|
|
|
|
2018-09-05 16:14:01 |
Ran Levi interviews Graham Cluley on the Malicious Life podcast (lien direct) |
Ran Levi of “Malicious Life” interviewed me about the early days of the anti-virus industry, how my career started, how cybercrime has changed, and why I've got a very good personal reason to abhor Facebook.
|
|
|
|
|
2018-09-05 11:12:04 |
If an extension goes rogue, everything you do in your browser is compromised (lien direct) |
The official Chrome browser extension for Mega.nz was compromised with a malicious update, stealing passwords and private keys.
Keep your browser extensions to a minimum, and always be wary if they ask for elevated permissions.
|
|
|
|
|
2018-09-05 09:11:01 |
Premera Blue Cross victims accuse insurer of deliberately destroying hacking evidence (lien direct) |
A class-action lawsuit against a hacked health insurer is claiming that a crucial computer was wilfully destroyed, erasing critical evidence that could prove the severity of the security breach.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-09-03 23:29:00 |
Cryptomininers killing cryptominers to squeeze more out of your CPU (lien direct) |
30 years may have passed since the advent of the computer virus problem, but there is still malware fighting malware for control of your PC.
|
Malware
|
|
|
|
2018-09-03 12:29:00 |
Twitter testing new feature that reveals when you\'re online (lien direct) |
Good news for stalkers! Bad news for privacy. Twitter is working on a feature which will reveal when a user is currently online.
|
|
|
|
|
2018-09-03 10:15:04 |
Read OneSpan\'s 8-page report on the top six e-Signature use cases in banking (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
OneSpan has produced a free report on the top six e‑signature use cases in banking. With it you can learn the most common starting points for e‑signatures, plus the top targets for expanding across the enterprise.
E-signatures are being used in all areas of the bank, from customer-facing transactions to B2B and internal processes.
Some banks start by introducing e-signatures as part of a branch transformation initiative. Others begin in the online channel with high volume, self-serve transactions.
As digitalization efforts mature, it is becoming common for organizations such as U.S. Bank, BMO (Bank of Montreal), RBC (Royal Bank of Canada) and even non-bank lenders like OneMain Financial to expand e-signature capability across all channels, lines of business, mobile apps and more.
OneSpan's free paper offers guidance to banks of all sizes seeking to answer questions like:
What are the common challenges in going digital?
What are the latest e-signature adoption and technology trends in banking?
Where to start, and what is the best way to expand?
Download the OneSpan White Paper “Top e-Signature Use Cases in Banking” now.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-08-31 14:00:03 |
Air Canada admits app data breach included customers\' passport details (lien direct) |
All 1.7 million users of Air Canada's mobile app have had their passwords reset by the company following a security breach which saw hackers compromise up to 20,000 accounts last week.
Read more in my article on the Hot for Security blog.
|
Data Breach
|
|
|
|
2018-08-29 23:02:03 |
Smashing Security #093: Abandoned domains and dating app dangers (lien direct) |
How do fraudsters exploit abandoned domains to steal your company's secrets? How can you better protect your privacy when looking for love online? And who has the longest arms in the animal kingdom?
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
|
|
|
|
|
2018-08-28 23:52:03 |
Instagram finally supports third-party 2FA apps for greater account security (lien direct) |
Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy.
Please turn it on.
|
|
|
|
|
2018-08-28 17:27:04 |
OCR software firm ABBYY leaks 203,000 customer documents in MongoDB server snafu (lien direct) |
ABBYY, the developer of optical character recognition and text-scanning software, left a server containing 142GB of a customer's scanned documents exposed for anyone on the internet to access, no password required.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-08-27 13:32:03 |
Fortnite fury over how Google handled its security hole (lien direct) |
Epic Games isn't happy about how Google handled the disclosure of the serious security vulnerability in Fortnite.
|
Vulnerability
|
|
|
|
2018-08-24 10:32:02 |
Hackers have stolen details of two million T-Mobile US customers (lien direct) |
Telecoms provider T-Mobile has admitted that hackers gained access to some of its customer data this week.
No social security numbers, payment card data, or passwords included in the haul, but that doesn't mean you have nothing to worry about.
|
|
|
|
|
2018-08-23 15:31:04 |
Facebook pulls its VPN from the iOS App Store after data-harvesting accusations (lien direct) |
Facebook has withdrawn its Onavo Protect VPN app from the iOS App Store after Apple determined that it was breaking data-collection policies.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-08-23 14:51:02 |
Google warns businesses of government-backed phishing attacks (lien direct) |
If a government-backed hacking gang cannot extract the information it wants from a single person's Gmail account, they might instead target an organisation they work for or with whom they are affiliated.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2018-08-23 11:08:02 |
Smashing Security #092: Hacky sack hack hack (lien direct) |
Is your used car still connected to its old owner? Just how did Apple manage to identify the teenager hacker who stole 90GB of the firm's files? And why on earth would a firm of lawyers start producing pornographic videos? You'll be surprised by the answers!
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
|
Hack
|
|
|
|
2018-08-23 10:43:02 |
Unencrypted laptop exposes personal details of 37,000 Eir customers, faulty security update blamed (lien direct) |
Irish telecoms operator Eir is blaming a “faulty security update” for leaving unencrypted a staff member's laptop which was subsequently stolen outside of one of its offices.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-08-21 13:02:02 |
MadIoT: How an IoT botnet could launch a major attack on the power grid (lien direct) |
Academic researchers claim that hackers could exploit high wattage IoT appliances such as air conditioners, heaters, and cookers, to perform attacks on the power grid.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2018-08-20 14:12:02 |
Cybercrime isn\'t going away, but hacking prosecutions are falling (lien direct) |
The number of hacking prosecutions has fallen again, but that's no cause for celebration.
PC Plod can't catch criminals if they don't have the resources.
|
|
|
|
|
2018-08-20 13:06:05 |
Rotten EGGs spread ransomware in South Korea (lien direct) |
Researchers report that online criminals are spamming out ransomware to potential victims in South Korea disguised as.… .EGGs.
|
Ransomware
|
|
|
|
2018-08-20 12:03:00 |
Discover the State of Authentication and the Evolving Threat Landscape in this White Paper by OneSpan. Get your copy! (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
Banks and financial institutions find themselves trying to satisfy competing priorities.
Fraud continues to grow at an alarming pace and in sophistication year-over-year. Meanwhile, the consumer's patience for additional layers of unnecessary security dwindles.
Banks are forced to decide between alienating their customers and leaving them vulnerable to attack. Intelligent adaptive authentication is a new approach to combatting fraud that solves this problem and achieves the twin goals of reducing fraud and delighting the customer.
Read this free white paper from OneSpan to learn:
How to equip your bank to better combat fraud through real-time risk analytics
Top solution requirements to look for, including open architecture, AI/machine learning, and advanced rule sets
The importance of authentication orchestration, risk analytics and mobile app security in achieving a fully optimized digital banking experience
Download the free “Superior User Experience and Growth Through Intelligent Security” white paper now.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Threat
|
|
|