Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-03-03 09:07:06 |
132 Android apps found in the Google Play Store exploiting malicious iFrames (lien direct) |
More than one hundred Android apps on Google's Play Store have been found to exploit hidden iFrames in an attempt to pull code from malicious domains.
David Bisson reports.
|
|
|
|
|
2017-03-02 11:20:56 |
Smashing Security #010: The dolls must be destroyed (lien direct) |
A creepy teddybear leaks two million voicemail messages, Windows 10 pushes you into only installing vetted apps, and Boeing warns 36,000 employees their personal information could have been exposed after a worker sends a spreadsheet to his wife.
All this and more is discussed in the latest podcast by computer security veterans Graham Cluley, Vanja Svajcer and Carole Theriault. Give it a listen.
|
|
|
|
|
2017-03-02 01:45:51 |
Slack only took five hours to fix bug that could have allowed hackers to hijack your account (lien direct) |
A researcher uncovered a serious vulnerability that could have helped hackers to seize control of users' Slack accounts.
The good news is that Slack fixed the issue impressively quickly and clearly.
|
|
|
|
|
2017-03-02 00:46:06 |
Yahoo CEO Marissa Mayer will miss out on cash bonus after security breaches (lien direct) |
Also it is revealed that hackers accessed 32 million Yahoo user accounts in the last two years using forged cookies.
|
|
Yahoo
|
|
|
2017-03-01 23:48:57 |
Come see me speaking about security at The Shard in London (lien direct) |
If you're in London on Thursday 9 March, there's an opportunity to attend an event where I will be giving a keynote speech about the state of computer security, and the serious threats that businesses are facing.
|
|
|
|
|
2017-03-01 09:27:20 |
How to recover from the FileCoder ransomware on your Mac (lien direct) |
Buggy ransomware didn't offer a method of recovery even if you paid the extortionists. Until now.
|
|
|
|
|
2017-03-01 08:13:48 |
Gatekeeper-like feature for Windows 10 only allows apps to be installed from the Microsoft Store (lien direct) |
A new feature could see Windows 10 behaving like Apple's Gatekeeper by blocking app installations that occur outside the Microsoft Store.
David Bisson reports.
|
|
|
|
|
2017-02-28 12:57:37 |
Over 800,000 user account details stolen from vulnerable forums running vBulletin (lien direct) |
If you're a member of an online forum, there's a good chance that the site is running a piece of software called vBulletin.
And, depending on how well it has been patched, that may not be good news.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-02-28 09:24:22 |
1500 companies in over 100 countries hit by malicious Adwind backdoor RAT (lien direct) |
Malware-as-a-service platform mooches off infected computers to steal confidential business data.
David Bisson reports.
|
|
|
|
|
2017-02-27 16:35:42 |
Google tells world how to crash Microsoft Internet Explorer and Edge browsers (lien direct) |
Google's Project Zero vulnerability research team has published details of a flaw in the Microsoft Windows 10 Edge and Internet Explorer 11 browsers that allow them to be remotely crashed - without waiting for a fix to be released.
|
|
|
★★★
|
|
2017-02-26 18:08:53 |
Movie night? Nope. It\'s a fake iTunes receipt from phishers targeting Apple users (lien direct) |
Beware fake iTunes receipts for movies you haven't purchased. When you try to dispute the purchase, you might find you're handing online criminals your personal information.
David Bisson reports.
|
|
|
|
|
2017-02-24 13:44:06 |
It\'s raining. It\'s pouring. This fake weather app is stealing your credentials (lien direct) |
A new Android banking trojan posed as a legitimate weather forecast app in an effort to steal users' banking credentials.
David Bisson reports.
|
|
|
|
|
2017-02-23 16:19:45 |
Barely 1% of Android users are running Nougat, as Apple shows how to update devices properly (lien direct) |
In a world where we are increasingly using our smartphones to do business, make purchases and communicate with our friends and family it's important to recognise that sensible security doesn't start and end on your desk - it begins in your pocket.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-02-23 14:30:47 |
Smashing Security #009: False flags and hacker clues (lien direct) |
The Lazarus malware attempts to trick you into believing it was written by Russians, second-hand connected cars may be easier to steal, and is your child a malicious hacker?
All this and more is discussed in the latest podcast by computer security veterans Graham Cluley, Vanja Svajcer and Carole Theriault.
Oh, and Carole gets Graham and Vanja to apologise for mistakes of their past...
|
|
APT 38
|
|
|
2017-02-23 10:14:31 |
\'Zombie script\' deluges Internet Explorer 11 with pop-up alerts until user closes tab (lien direct) |
A 'zombie script' could allow attackers to deluge Internet Explorer 11 users with pop-up alerts until they close the tab.
David Bisson reports.
|
|
|
|
|
2017-02-22 16:45:55 |
Gordon Ramsay\'s father-in-law charged with hacking celebrity chef\'s email (lien direct) |
Potty-mouthed celebrity chef's father-in-law and children charged with conspiracy to hack computer.
|
|
|
|
|
2017-02-22 16:15:56 |
Good news and bad news on the Microsoft patch front (lien direct) |
Microsoft belatedly patches some vulnerabilities in Adobe Flash Player, but some zero-days in other software remain untouched for now.
|
|
|
|
|
2017-02-22 15:13:50 |
Operation BugDrop - hackers steal gigabytes of data from organisations, record conversations (lien direct) |
Victims of the secret surveillance operation have included a manufacturer of industrial control system monitoring equipment, a human rights institution, and a scientific research institute.
David Bisson reports.
|
|
|
|
|
2017-02-22 00:26:56 |
Smashing Security podcast: Macs and malware (lien direct) |
Check out the latest special "splinter" episode of the "Smashing Security" podcast - where Vanja Svajcer, Carole Theriault and I discuss Mac malware. Take a listen, and let me know what you think.
|
|
|
|
|
2017-02-21 14:37:51 |
Prison for former sysadmin who hacked industrial facility and caused a million dollars worth of damage (lien direct) |
Are you a sysadmin who left your last job under a cloud?
My advice is don't try and seek revenge by hacking into the company that fired you. You might end up with a lengthy prison sentence.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-02-21 13:45:25 |
How to protect your Microsoft account with two-step verification (2SV) (lien direct) |
Ensure that you have properly hardened your Microsoft account from hackers, by following David Bisson's advice.
|
|
|
|
|
2017-02-20 18:18:06 |
Hacker defaces Donald Trump fundraising site via subdomain takeover attack (lien direct) |
A hacker defaced a presidential campaign fundraising website for Donald Trump with a little help from a DNS misconfiguration issue.
David Bisson reports.
|
|
|
|
|
2017-02-20 02:22:43 |
Google goes public about unpatched Windows vulnerability (lien direct) |
Google security engineers have once again made details of a vulnerability in Microsoft's software public, before Microsoft has been able to roll out a patch.
|
|
|
|
|
2017-02-20 01:43:15 |
German parents urged to destroy data-collecting toy doll (lien direct) |
A German privacy watchdog is urging parents to destroy My Friend Cayla, a doll which has a knack for collecting private information about its young owners.
David Bisson reports.
|
|
|
|
|
2017-02-17 09:39:59 |
Graham Cluley named most entertaining security blog (lien direct) |
Graham Cluley Security News was awarded the title of "Most Entertaining Security blog" against some tough competition. Thanks to everyone for your support!
|
|
|
|
|
2017-02-16 17:16:42 |
Smashing Security podcast #008: \'I\'ll give you my Android when you pry it from my cold, dead paws\' (lien direct) |
Handbags at dawn for CrowdStrike and NSS Labs! Donald Trump's insecure Android phone! File-less malware - is that so new? And StalkScan makes it easier to reveal what Facebook users have been carelessly sharing...
Check out our latest "Smashing Security" podcast.
|
|
|
|
|
2017-02-16 15:34:42 |
Magento stores targeted by self-healing malware that steals credit card details (lien direct) |
A newly discovered malware attack manages to restore itself in its ongoing campaign against Magento-powered online stores.
David Bisson reports.
|
|
|
|
|
2017-02-15 20:55:14 |
Cerber ransomware takes special care not to encrypt security product files (lien direct) |
Cerber's developers want to infect your computer with ransomware. But they also don't want to trigger a security alert that could interfere with their attempt to extort money from you.
David Bisson reports.
|
|
|
|
|
2017-02-14 16:02:07 |
Sage 2.0 ransomware wants to be just like Cerber when it grows up (lien direct) |
The Sage 2.0 ransomware has adopted several techniques employed by the notorious Cerber malware, so much so that you can't help but wonder if the two are somehow related.
David Bisson reports.
|
|
|
|
|
2017-02-14 15:38:31 |
65% of IT professionals feel Shadow IT is compromising cloud security (lien direct) |
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-02-14 13:00:41 |
Google search results are falling foul of scammers spoofing well-known sites (lien direct) |
Online fraudsters managed to waltz past Google's vetting and successfully plant a rogue ad for the world's most searched for retail store: Amazon.
Read my latest article on the Hot for Security blog.
|
|
|
|
|
2017-02-14 08:12:54 |
Senators raise concerns over Donald Trump\'s smartphone security (lien direct) |
Is Donald Trump really using an insecure Android phone?
If it that was true, it would probably be the most widely-prized device on the internet for hackers - and top of the target list for intelligence agencies around the world.
|
|
|
|
|
2017-02-13 21:20:35 |
Smashing Security podcast: Using public Wi-Fi (lien direct) |
Do you trust that Wi-Fi hotspot? What steps can you take to better protect yourself when you connect to the net away from your office or home?
The Smashing Security podcast team tackle the tricky problem of public Wi-Fi, and have some tips for you. Listen in and tell us what you think.
|
|
|
|
|
2017-02-13 20:39:54 |
Lazarus mob possibly behind malware attacks against Polish banks (lien direct) |
A hacking gang known as the Lazarus Group might be responsible for malware attacks that have targeted Polish banks and other financial organizations.
David Bisson reports.
|
Medical
|
APT 38
|
|
|
2017-02-10 16:20:47 |
How to better protect your WhatsApp account with two-step verification (2SV) (lien direct) |
If you're a WhatsApp user you should enable its new 2-step verification security feature.
David Bisson explains why and how.
|
|
|
|
|
2017-02-10 14:42:17 |
Apple iCloud didn\'t wipe \'deleted\' browser histories for over a year (lien direct) |
Researchers discovered it was possible to extract users' Safari browsing history over a year after the user believed that they had deleted their browsing history.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-02-10 12:49:40 |
Crossing border security? Here\'s how you protect your data (lien direct) |
iOS security expert Jonathan Zdziarski has put together a timely guide to help people protect their devices and privacy when they pass through border controls.
|
|
|
|
|
2017-02-09 17:04:26 |
Smashing Security podcast #007: \'ASCII art attack\' (lien direct) |
Printers start churning out ASCII art after a vigilante hacker hijacks 160,000 devices, a researcher reveals how you can get Donald Trump to tweet an embarrassing spoof video of himself, and has your smart TV been snooping on you?
Check out our latest "Smashing Security" podcast.
|
|
|
|
|
2017-02-09 16:10:38 |
Tried-and-true Triada supplants Hummingbad as top mobile malware (lien direct) |
Hummingbad is no longer the web's "most wanted mobile malware." That dubious honor goes to Triada according to a new report issued by security researchers.
David Bisson reports.
|
|
|
|
|
2017-02-09 13:41:32 |
How to create a robust data backup plan (and make sure it works) (lien direct) |
With ransomware running amok, backups have never been more important.
David Bisson describes a strategy for safely backing up your data, and testing that your backup works.
|
|
|
|
|
2017-02-08 21:23:36 |
Pony credential stealer trampling users via Microsoft Publisher documents (lien direct) |
The credential-stealing Pony malware is masquerading as Microsoft Publisher documents in an effort to infect unsuspecting users.
David Bisson reports.
|
|
|
|
|
2017-02-08 17:05:57 |
Smashing Security podcast: Email attachment malware (lien direct) |
Email attachment malware is the thorny topic tackled by computer security veterans Graham Cluley, Carole Theriault and Vanja Svajcer in this special "splinter" episode from the Smashing Security podcast team.
|
|
|
|
|
2017-02-08 12:26:53 |
Ex-FireEye intern escapes prison sentence after creating and selling Dendroid malware (lien direct) |
Morgan Culbertson, the ex-FireEye intern who created and sold Android spyware, says he's very sorry.
|
|
|
|
|
2017-02-08 01:34:15 |
Smashing Security podcast: Passwords (lien direct) |
The Smashing Security team tackle the thorny topic of passwords and offer some advice and tips for computer users.
Take a listen and let us know what you think.
|
|
|
|
|
2017-02-07 16:58:36 |
Polish banks hit by malware seemingly spread by government website (lien direct) |
Several Polish financial institutions came down with a case of undocumented malware after their employees visited the website of the government's regulatory authority.
David Bisson reports.
|
|
|
|
|
2017-02-07 13:20:05 |
76 popular iPhone apps found wide open to data interception attacks (lien direct) |
New research has discovered scores of buggy iOS apps that do a lousy job of securing users' information, opening opportunities for man-in-the-middle attacks.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-02-06 15:39:48 |
Anonymous hacker took down 10,000+ dark web sites, including child abuse content (lien direct) |
An Anonymous hacker claims they took down more than 10,000 dark web sites because they were hosting child abuse material and other harmful content.
David Bisson reports.
|
|
|
|
|
2017-02-06 15:21:04 |
Hacker blackmails David Beckham following email leak (lien direct) |
David Beckham has reportedly refused to pay an extortionist £1 million after a cache of private messages were stolen from his publicist's email system.
|
|
|
|
|
2017-02-06 13:40:08 |
Security firms need to stop exaggerating hacker\'s abilities to hype their products (lien direct) |
Dr Ian Levy, technical director of the UK's National Cyber Security Centre, has criticised security companies for "massively" exaggerating hackers' abilities in order to scare businesses.
|
|
|
|
|
2017-02-03 16:47:37 |
Scammers target firms with W-2 phishing/CEO fraud blend (lien direct) |
The IRS is warning organizations to be on the lookout for scammers that blend CEO fraud with W-2 phishing.
David Bisson reports.
|
|
|
|