Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-11-15 00:12:03 |
Smashing Security #104: The world\'s most evil phishing test, and cyborgs in the workplace (lien direct) |
Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again…?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Scott Helme.
|
|
|
|
|
2018-11-14 14:44:00 |
Apple says nothing as Apple ID accounts mysteriously locked down (lien direct) |
Has someone been trying to hack into a large number of Apple ID accounts?
Read more in my article on the Hot for Security blog.
|
Hack
|
|
|
|
2018-11-13 14:35:05 |
Target and other high profile Twitter accounts exploited for cryptocurrency scams (lien direct) |
The latest high profile account to be abused by scammers to promote a cryptocurrency giveaway? US retail giant Target.
|
|
|
|
|
2018-11-13 11:46:03 |
FIDO2: The Passwordless web is coming, says OneSpan (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
Often, the first hurdle in customer engagement is the login password. Not only is creating and managing passwords a major annoyance, the login password is also notoriously vulnerable to data breaches.
FIDO authentication solves this problem by replacing the traditional password with strong authentication options ranging from biometrics to software and hardware tokens.
In essence, FIDO authentication offers an interoperable and standardized ecosystem of authenticators for use with mobile and online applications. It enables organizations to deploy strong authentication for login and transaction validation, without the incremental cost of in-house development.
Recently, the FIDO Alliance (Fast Identity Online) announced the availability of its FIDO2 protocol. Read more on the OneSpan blog and discover:
What FIDO2 is
How it impacts the traditional login and password
Why financial institutions (FIs) should pay attention
To learn more, make sure to check out the full article on the OneSpan blog.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-11-12 16:14:05 |
Unable to remember his password, man sent letter bomb to Bitcoin exchange (lien direct) |
A man has been jailed for six and a half years after sending a letter bomb to Bitcoin exchange Cryptopay. Why would anyone do such a horrendous thing? Police believe it was because he couldn't remember his password.
|
|
|
|
|
2018-11-09 14:37:01 |
Chinese headmaster fired after setting up his own secret cryptomining rig at school (lien direct) |
A Chinese headmaster has lost his job after it was discovered he was stealing the school's electricity to power a secret cryptocurrency-mining rig.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-11-08 17:08:00 |
When your Instagram account has been hacked, how do you get it back? (lien direct) |
Travel blogger Delaine Maria D'Costa had her account wiped after she failed to pay an extortionist $200.
That was bad enough, but then she had to try to convince Instagram to let her have it back again.
|
|
|
|
|
2018-11-08 14:09:04 |
Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw (lien direct) |
Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.
Read more in my article on the Tripwire State of Security blog.
|
Vulnerability
|
|
|
|
2018-11-08 12:20:02 |
Smashing Security #103: An Instagram nightmare, crazy iPhone deaths, and election hack claims (lien direct) |
One travel blogger finds you don't have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA are throwing around hacking accusations.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security's Mark Stockley.
|
Hack
|
|
|
|
2018-11-07 14:20:00 |
StatCounter web analytics script poisoned to steal Bitcoins (lien direct) |
Security researchers at ESET discovered that hackers managed to compromise StatCounter and change the analytics script used by hundreds of thousands of websites.
|
|
|
|
|
2018-11-07 11:24:02 |
Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals (lien direct) |
Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-11-06 11:26:02 |
On eve of US elections, Facebook blocked 115 accounts engaged in \'coordinated inauthentic behavior\' (lien direct) |
Just hours before the US mid-term elections opened, Facebook responded to a tip from law enforcement agencies and shut down 115 accounts that were behaving suspiciously, and potentially linked to a foreign entity.
|
|
|
|
|
2018-11-05 17:37:05 |
Another wave of Elon Musk bitcoin scams spread by verified Twitter accounts (lien direct) |
The cryptocurrency giveaway scammers are up to their tricks again on Twitter, and it seems that Twitter simply can't keep up with them.
My advice to Twitter? Make Login Verification compulsory for verified accounts.
|
|
|
|
|
2018-11-01 16:43:03 |
Radisson Hotel Group reveals breach of rewards site (lien direct) |
If you've stayed in one of the over 1400 hotels in 70 countries that make up the Radisson Hotel Group, you could be in for a rude awakening.
|
|
|
|
|
2018-11-01 15:39:05 |
Eurostar resets customers\' passwords after accounts breached (lien direct) |
If you're one of the millions of people who travels under the English Channel each year, then there's a good chance you may have to change your password for the Eurostar website.
|
|
|
|
|
2018-11-01 14:54:02 |
Smashing Security #102: Ethical dilemmas, Girl Scouts, and porn-loving US officials (lien direct) |
Who deserves to die in a driverless car crash? Who has been sniffing around the Girl Scouts' email account? And just how long would it take for a geologist to visit 9,000 adult web pages?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist and “Friends” fan Dan Raywood.
|
|
|
|
|
2018-10-31 12:06:01 |
Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe (lien direct) |
The latest iOS passcode bypass bug appears to have been introduced by Apple's new Group Facetime feature.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-10-30 14:00:01 |
Post-breach, Cathay Pacific hit by group action by UK law firm (lien direct) |
Fresh from launching a £500 million group action against British Airways after a serious security breach, a UK law firm has wasted no time responding to the announcement last week of a hack at Cathay Pacific which saw the personal data of 9.4 million Cathay Pacific passengers breached.
|
Hack
|
|
|
|
2018-10-29 21:52:02 |
Videos and MS Office documents - ingredients for a malware attack (lien direct) |
Security researchers say that they have uncovered a new way to serve up malware to computer users, by exploiting the way in which videos are embedded inside Microsoft Office documents.
And Microsoft has no plans to fix it.
|
Malware
|
|
|
|
2018-10-29 20:01:00 |
\'Recommendations To Enable PSD2-Compliant Transaction Monitoring\' white paper. Get your copy for free! (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
Did you know that under the Regulatory Technical Standards for PSD2 (also known as the Revised Payment Services Directive), transaction monitoring is now a requirement for all Payment Service Providers?
Download this new white paper from OneSpan, and discover recommendations to establish a compliant fraud prevention and risk analysis strategy. Topics covered include:
The specific requirements regarding mandatory transaction monitoring
Possible exemptions from Strong Customer Authentication requirements
Recommendations for a PSD2-compliant transaction monitoring solution
Download OneSpan's free white paper now to learn more.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-10-29 16:07:04 |
Search for Chrome on Bing, and you might get a nasty surprise (lien direct) |
It's 2018, and you can still end up with your computer compromised by searching for Google Chrome in Microsoft Bing.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-10-26 16:37:01 |
British Airways hack is worse than originally thought (lien direct) |
A deeper investigation has revealed that hackers were stealing information for much longer than initially thought, and an additional 185,000 British Airways customer payment cards were compromised.
|
Hack
|
|
|
|
2018-10-26 13:55:01 |
23-year-old woman charged with stealing $320,000 worth of cryptocurrency (lien direct) |
Police in Australia have arrested a 23-year-old woman in Melbourne, Australia, in connection with an email hack that resulted in a huge amount of virtual currency being stolen.
Read more in my article on the Hot for Security blog.
|
Hack
|
|
|
|
2018-10-25 10:20:00 |
Hackers steal personal data of up to 9.4 million Cathay Pacific passengers (lien direct) |
Most people in the world would describe it as a company “admitting they've been hacked.”
But if you're the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you're “announcing a data security event affecting customer data.”
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-10-25 08:32:01 |
Smashing Security #101: Rule 34, Twitter scams, and Facebook fails (lien direct) |
A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
Guideline
|
|
|
|
2018-10-24 19:11:01 |
Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee (lien direct) |
Morrisons didn't know it, but in 2014 it had a huge problem.
The UK's fourth largest supermarket chain, with over 500 stores, had a disgruntled member of staff who had access to sensitive data, such as the payroll information of 100,000 current and former employees.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2018-10-24 10:10:05 |
Twitter thought Elon Musk\'s bizarre tweets were evidence he\'d been hacked (lien direct) |
It's an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon's tweets.
|
|
|
|
|
2018-10-22 23:30:01 |
If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook? (lien direct) |
According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
|
|
|
|
|
2018-10-22 21:59:04 |
Watch how a Tesla Model S was stolen with just a tablet (lien direct) |
Criminals were able to dupe the Tesla's passive entry system into giving them access, and letting them drive away.
(But only after they struggled to unplug it.)
|
|
Tesla
|
|
|
2018-10-19 21:57:01 |
Facebook Portal isn\'t designed to be as private as you might hope (lien direct) |
Facebook has confirmed that its new Portal AI-powered video camera will collect data from you that could be used to target ads.
|
|
|
|
|
2018-10-19 15:23:05 |
Celebrating 100 episodes of the Smashing Security podcast (lien direct) |
To celebrate 100 episodes of the “Smashing Security” podcast I co-host with Carole Theriault each week, we asked listeners to let us know some of their favourite moments from the show.
|
|
|
|
|
2018-10-19 14:55:01 |
Manager who worked on Equifax\'s breach website sentenced for insider trading (lien direct) |
Sudhakar Reddy Bonthu wasn't told he was working on Equifax's breach notification website, but when he worked it out he used the information for his financial advantage.
Read more in my article on the Hot for Security blog.
|
|
Equifax
|
|
|
2018-10-18 11:59:04 |
RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoin (lien direct) |
A US court has sentenced a programmer to 30 months in a federal prison in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely manage computers, but was actually used by criminals to backdoor PCs and secretly spy on victims.
Read more in my article on the Tripwire State of Security blog.
|
Tool
|
|
|
|
2018-10-17 23:06:05 |
Smashing Security #100: One flippin\' hundred (lien direct) |
Yes, it's the 100th edition of the “Smashing Security” podcast.
There's a little celebration at both ends of this week's podcast - but the meat of the sandwich is our normal look at the security stories of the last week - including an alarming IoT failure and a dating app disaster for Donald Trump devotees.
|
|
|
|
|
2018-10-17 21:59:01 |
Naked celebrity photo hacker was former high school teacher (lien direct) |
A former high school teacher is to plead guilty to hacking into the online accounts of celebrities and stealing naked photographs and other private information.
|
Guideline
|
|
|
|
2018-10-16 11:06:05 |
Considering Electronic Document Signing? Try OneSpan Sign Free For 30 Days (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
In today's digital era, more and more organizations choose e-Signature technology as part of their digitization process.
OneSpan Sign is the white-labeled solution behind some of the most trusted brands and security-conscious organizations in the world. The last ten industry reports show that OneSpan Sign received the highest overall customer satisfaction score among e-signature products. 99% of users rated it four or five stars.
Try sending and e-signing documents now, free of charge, and discover how to:
Enhance user experience across all channels
Increase operational efficiency
Meet compliance challenges
Start e-signing in minutes on web and mobile, by signing-up for an Unlimited 30-Day Trial now!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-10-16 08:07:05 |
Pentagon data breach puts personal details of 30,000 staff at risk (lien direct) |
The Pentagon has admitted that up to 30,000 military workers and civilian personnel have had their personal information and credit card data exposed following a security breach.
Read more in my article on the Hot for Security blog.
|
Data Breach
|
|
|
|
2018-10-15 17:09:00 |
Did Jamal Khashoggi\'s Apple Watch record his murder at Saudi consulate? Probably not (lien direct) |
A Turkish newspaper claims that audio files of journalist's death were recorded on his Apple Watch. Such a claim, if true, would be rather convenient for the intelligence services in Turkey - who might not want to reveal their methods.
|
|
|
|
|
2018-10-15 13:21:00 |
Fake Adobe update really *does* update Flash (while also installing cryptominer) (lien direct) |
Online criminals are planting cryptomining code on victims' Windows computers, using the camouflage of an update to Adobe Flash Player.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-10-11 23:49:04 |
000000 is Kanye West\'s iPhone passcode (lien direct) |
You can bet mischievous hackers are right now trying to crack into Kanye West's online accounts with equally diabolical passwords.
|
|
|
|
|
2018-10-10 23:31:02 |
Smashing Security #099: Passwords - A Smashing Security splinter (replay) (lien direct) |
Passwords - everything you need to know about how to make them safer, and better secure your online accounts. In this replay of our podcast from February 2017, Graham Cluley, Carole Theriault and Vanja Švajcer discuss the perennial problem of passwords and offer some advice and tips for computer users.
|
|
|
|
|
2018-10-09 09:18:05 |
California\'s ban on weak default passwords isn\'t going to fix IoT security (lien direct) |
Getting rid of hardcoded default passwords is not enough. There is a long way to go before we can feel confident that IoT devices have become significantly safer.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2018-10-08 18:29:00 |
Google chose not to go public about bug that exposed Google Plus users\' data (lien direct) |
The really big news today is not that Google is shutting down Google Plus (who cares?), but rather that Google knew months ago that user data had been exposed and kept the fact quiet.
|
|
|
|
|
2018-10-08 16:31:04 |
Assassin\'s Creed Odyssey suffers DDoS attack at launch (lien direct) |
Assassin's Creed Odyssey, the action role-playing video game set in Ancient Greece, had its launch on Friday disrupted by crippling distributed denial-of-service attacks.
|
|
|
|
|
2018-10-08 15:23:01 |
Department of Homeland Security and GCHQ back Apple and Amazon\'s denials they were hacked by China (lien direct) |
The US Department of Homeland Security and UK's GCHQ have rallied behind the vigorous denials issued by Amazon and Apple, after Bloomberg BusinessWeek reported China had planted malicious computer chips on systems used by the tech giants.
|
|
|
|
|
2018-10-05 15:15:03 |
BEC-as-a-service offers hacked business accounts for as little as $150 (lien direct) |
New research has revealed that business email compromise is being made easier for any criminal to add to their arsenal. Is your company doing enough to protect itself?
Read more in my article on the Tripwire blog.
|
|
|
|
|
2018-10-05 00:13:02 |
China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards (lien direct) |
An extraordinary report released by Bloomberg BusinessWeek, which claims that China has been exploiting the supply-chain, planting a tiny microchip on servers which ended up in the server rooms of almost 30 companies, including the likes of Apple and Amazon.
|
|
|
|
|
2018-10-04 20:41:05 |
Smashing Security #098: A Facebook omnishambles (lien direct) |
Millions of Facebook user accounts put at risk after hack! The UK Conservative party's conference app causes a privacy omnishambles! And Facebook (again) has been doing something naughty with the phone numbers you give it for security reasons! Oh, and Maria gets very excited about something to do with Star Trek.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2018-10-02 13:29:05 |
Even with the latest iOS 12 update, your iPhone\'s lockscreen is unsafe (lien direct) |
Once again, a way of bypassing the iPhone's passcode lock to expose users' photos and contacts has been discovered.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-10-01 11:09:05 |
Two reasons to reconsider your Facebook membership (lien direct) |
It's been a bad week for Facebook and its two billion-plus users.
Not only was it revealed that millions of users had their accounts exposed by a vulnerability, but the site has been up to dirty tricks with mobile phone numbers you gave them to supposedly enhance your security.
|
|
|
|