Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2016-12-05 11:33:21 |
Take care copy-and-pasting that code from Stack Overflow (lien direct) |
Copy-and-pasting code without thinking can do a lot of harm.
|
|
|
|
|
2016-12-03 18:14:44 |
(Déjà vu) Hackers stole $31 million from Russian banks in 2016, as FSB warns of foreign plot (lien direct) |
As Russia's central bank reveals hackers stole millions from accounts, the FSB warns of a foreign plot to destabilise the banking system.
|
|
|
|
|
2016-12-03 18:14:44 |
(Déjà vu) Hackers steal $31 million from Russia\'s central bank, as FSB warns of foreign plot (lien direct) |
As Russia's central bank reveals hackers stole a fortune from its accounts, the FSB warns of a foreign plot to destabilise the banking system.
|
|
|
|
|
2016-12-03 13:54:31 |
Fry all the things! USB Kill zaps tons of computing devices (lien direct) |
A modified thumb drive called USB Kill is capable of frying all kinds of devices such as gaming consoles, smartphones, and a car's dashboard.
David Bisson reports.
|
|
|
|
|
2016-12-03 13:35:39 |
iPhone security is so good that police had to \'mug\' a suspect to get his data (lien direct) |
British police have found a primitive, but effective, way to get around the security measures built into Apple iPhones.
|
|
|
|
|
2016-12-02 09:41:20 |
TalkTalk and Post Office customers lose internet access as routers hijacked (lien direct) |
Thousands of TalkTalk and Post Office customers in the UK have been cut off from the internet for days.
The reason? A malicious attack against poorly-protected broadband routers.
|
|
|
|
|
2016-12-01 16:01:57 |
Gooligan hooligans have compromised at least one million Google accounts (lien direct) |
Over one Google accounts have been put at risk by a new Android malware campaign called Gooligan.
David Bisson reports.
|
|
|
|
|
2016-12-01 10:25:14 |
Tor users at risk of having their anonymity stripped via attacks exploiting Firefox zero-day (lien direct) |
Attackers are currently exploiting a zero-day vulnerability in the Firefox web browser to strip anonymity from privacy-loving Tor users.
David Bisson reports.
|
|
|
|
|
2016-12-01 08:19:15 |
From the \'everybody should have an off-site backup\' department... (lien direct) |
The Internet Archive, which stores copies of billions of webpages, is planning to backup its data to Canada... just in case.
|
|
|
|
|
2016-11-30 18:44:41 |
I love how San Francisco\'s metro system responded to its ransomware attacker (lien direct) |
Backups make sense. Sensible people make backups.
Check out my latest video.
|
|
|
|
|
2016-11-30 16:31:47 |
Real threats for business: Mischief, extortion and million-dollar frauds (lien direct) |
Check out this keynote speech by Graham Cluley about how online criminals are targeting businesses just like yours.
|
|
|
|
|
2016-11-30 10:27:24 |
Hackers access National Lottery accounts - do you have your fingers crossed? (lien direct) |
Camelot, operators of the UK's National Lottery, has issued a warning that tens of thousands of players' accounts have been accessed by hackers.
|
|
|
|
|
2016-11-30 09:50:19 |
Spam campaign tiptoes via Tor to deliver Cerber ransomware (lien direct) |
A malicious spam campaign is using a Tor2Web proxy service in an attempt to infect users with Cerber ransomware without raising any red flags.
David Bisson reports.
|
|
|
|
|
2016-11-29 11:55:45 |
Free VASCO white paper: PSD2 - Which strong authentication and transaction monitoring solutions comply? (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
In this VASCO white paper on PSD2, the revised directive on payment services, you will discover:
The proposal for draft Regulatory Technical Standards (RTS) for strong customer authentication (SCA) which have been published in August 2016 by the European Banking Authority (EBA).
Background information about the draft RTS.
Common authentication solutions that are used by many online banking and mobile banking applications today.
The actual requirements from the draft RTS.
To which extend current authentication solutions meet the requirements in the draft RTS.
Interested in learning more? Download VASCO's white paper: PSD2 - Which strong authentication and transaction monitoring solutions comply?
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2016-11-28 21:01:42 |
No, I won\'t help you blackmail the company you just hacked (lien direct) |
Thanks for the offer, but I'd rather not be an accessory to online blackmail.
Check out my latest video to learn more.
|
|
|
|
|
2016-11-28 17:46:15 |
Hackers threaten to leak bank customers\' account info unless they pay up (lien direct) |
Extortionists are threatening to publish the account information of a hacked banks' customers unless they hand over cash.
David Bisson reports.
|
|
|
|
|
2016-11-28 17:24:52 |
FBI offers some poor password advice for online shoppers (lien direct) |
Changing your passwords regularly isn't the best advice for online shoppers, despite what the FBI says.
|
|
|
|
|
2016-11-25 20:46:34 |
Watching a video can crash and freeze any iPhone (lien direct) |
Pranksters are distributing a link to an online video, that has the power to freeze your iPhone.
Read more in my article on the Bitdefender blog.
|
|
|
|
|
2016-11-25 11:50:53 |
In a world where Donald Trump is President, encryption is becoming more popular (lien direct) |
Secure messaging app Signal has recorded a 400% rise in growth since the election of Donald Trump.
Coincidence?
|
|
|
|
|
2016-11-25 09:24:29 |
Lock down your Twitter: take care that rogue third-party apps don\'t hijack your account (lien direct) |
Have you linked third-party apps to your Twitter account? Maybe it's time you did an audit of whether you still want them to have access to your Twitter followers and messages.
The recent Twitter Counter hack proves that even legitimate third-party services can run rogue, causing Twitter accounts to start sending spam.
Yasin Soliman reports.
|
|
|
|
|
2016-11-24 14:57:03 |
Are your headphones spying on you? (lien direct) |
An Israeli research team have discovered that they can exploit your plugged-in headphones to listen in to you, while you work at your PC.
David Bisson reports.
|
|
|
|
|
2016-11-24 14:15:18 |
So, just how were those MailChimp accounts hacked? (lien direct) |
A database containing over 2,000 MailChimp passwords has been found online.
MailChimp wasn't hacked. Instead, the password-stealing Vawtrak malware might be to blame.
|
|
|
|
|
2016-11-24 01:52:55 |
Vicinity of obscurity! Fareit trojan spread via uncommon file type (lien direct) |
The Fareit trojan is using .mht files as a disguise as it spreads via phishing and other spam mail campaigns.
David Bisson reports.
|
|
|
|
|
2016-11-23 14:46:31 |
Ask toolbar updates hijacked by attackers to install suspicious code (lien direct) |
Researchers have discovered that an unknown attacker hijacked the update mechanism employed by Ask Partner Network (APN) to download suspicious code onto unsuspecting users' PCs.
David Bisson reports.
|
|
|
|
|
2016-11-22 17:26:00 |
Cash-spitting ATM malware blamed on Cobalt hacking gang (lien direct) |
Cobalt is thought to be the hacking gang behind a series of attacks that compromised ATMs across Europe.
David Bisson reports.
|
|
|
|
|
2016-11-22 14:11:13 |
Has Office Depot claimed your PC had a malware infection when it didn\'t? (lien direct) |
US retail giant Office Depot has been accused of intentionally tricking its customers by selling costly computer fixes for malware problems that simply don't exist.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2016-11-22 11:08:13 |
Siemens-branded CCTV cameras vulnerable to hacking, require urgent firmware patch (lien direct) |
Your business's CCTV camera could be coughing up your admin passwords. Patch now, or regret later.
Read more in my article on the We Live Security blog.
|
|
|
|
|
2016-11-21 18:41:05 |
Anti-virus away! Android banking trojan blocks security apps to evade detection (lien direct) |
An Android banking trojan pops-up fake login forms in front of legitimate banking apps in order to steal credentials.
David Bisson reports.
|
|
|
|
|
2016-11-21 15:24:27 |
AdultFriendFinder waits a week before warning users of security breach (lien direct) |
It has taken until now for parent company Friend Finder Network Inc to warn users that their personal details were exposed, potentially giving online criminals a good head start.
|
|
|
|
|
2016-11-21 14:29:30 |
Were your grandparents hacking in 1963? (lien direct) |
More than 50 years ago, on November 20, 1963, MIT's campus newspaper published what is believed to be the first ever mention of computer hacking.
|
|
|
|
|
2016-11-19 21:51:48 |
More details emerge regarding the Three data breach (lien direct) |
Kudos to British mobile phone company Three, which has shared more details regarding its recent data breach.
|
|
|
|
|
2016-11-18 18:58:03 |
Why your password is still important - even if you use multi-factor authentication (lien direct) |
Just because you have two factor authentication doesn't mean you can afford to be sloppy with password security, explains guest contributor Bob Covello.
|
|
|
|
|
2016-11-18 18:16:10 |
Gorilla Glue finds itself in sticky situation after hackers steal data (lien direct) |
The Dark Overlord hacking gang claims to have made off with 500 GB of Gorilla Glue's data including R&D materials and access to personal email accounts of staff.
David Bisson reports.
|
|
|
★★★★
|
|
2016-11-18 13:24:09 |
Android banking malware remains active when infected devices sleep to save power (lien direct) |
A new Android banking trojan can stay connected with its command & control servers, even after infected devices have gone dormant.
David Bisson reports.
|
|
|
|
|
2016-11-18 09:45:52 |
Data breach at Three, millions of customer details potentially exposed (lien direct) |
Customers of the UK's Three mobile network may have had personal details exposed (names, phone numbers, addresses and dates of birth) after the company's upgrade database was breached.
|
|
|
|
|
2016-11-17 15:07:47 |
Once again, Siri helps attackers bypass your iPhone\'s passcode (lien direct) |
It would be nice to think that as we're now up to iOS 10 that Apple would have prevented such bypasses from working once and for all. But no such luck - for users who have left Siri enabled from the lockscreen at least.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2016-11-17 08:21:50 |
Holding down the Enter key can smash through Linux\'s defenses (lien direct) |
An attacker can abuse a vulnerability to launch a shell with root privileges on most Linux machines... just by holding down the 'Enter' key for 70 seconds.
David Bisson reports.
|
|
|
|
|
2016-11-16 12:28:02 |
Shazam for Mac keeps listening, even after you\'ve switched it off (lien direct) |
If an app gives you the option of turning off its access to your microphone I expect it to do precisely that - not to keep pulling audio from the built-in mic regardless.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2016-11-16 12:12:57 |
Backdoor in some Android phones caught secretly sending data to China (lien direct) |
Bought a cheap Android phone on Amazon?
Surprise! It's secretly sending your text messages (and more) to a server in Shanghai.
|
|
|
|
|
2016-11-15 22:36:19 |
Bad karma! Ransomware piggybacks on free software downloads (lien direct) |
The Karma ransomware has been spread disguised as free software downloads in its mission of encrypting the data of unsuspecting users.
David Bisson reports.
|
|
|
|
|
2016-11-15 17:04:23 |
As teenager admits hack, let\'s not forget TalkTalk\'s shameful security (lien direct) |
TalkTalk would love the world to think that it suffered a highly sophisticated and sustained attack.
But if you watch my video you'll find the true story is somewhat different.
|
|
|
|
|
2016-11-15 12:54:15 |
FBI says FIFA Ultimate Team console game hackers stole millions in virtual currency (lien direct) |
Theft, even if virtual, is still theft.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2016-11-14 18:11:39 |
More than a million Android users have downloaded this trojan on Google Play (lien direct) |
The Android.MulDrop.924 trojan likes to disguise itself as games and other apps on Google Play Store and other app marketplaces.
David Bisson reports.
|
|
|
|
|
2016-11-14 16:36:18 |
A brief technology primer for Donald Trump (lien direct) |
Guest contributor Bob Covello shares some advice with the US President-Elect.
|
|
|
★★★
|
|
2016-11-14 15:44:27 |
The NHS suffered a massive email storm today (lien direct) |
A simple human error saw email at the UK's National Health Service brought to a standstill.
Find out more in my latest video.
|
|
|
★★
|
|
2016-11-14 10:05:28 |
Google Pixel, Safari, and Microsoft Edge all pwned at PwnFest 2016 (lien direct) |
Vulnerability researchers broke the Google Pixel, Apple's Safari browser, and the Microsoft Edge browser running on Windows 10 at PwnFest 2016.
David Bisson reports.
|
|
|
|
|
2016-11-12 12:59:09 |
Did Facebook tell your friends that you had died? (lien direct) |
Facebook has made a "terrible error."
What is it this time? Oh, only that they've been telling folks that their friends and loved ones have died...
|
|
|
|
|
2016-11-11 21:07:32 |
Encrypted email service ProtonMail says new users up 100% since Trump victory (lien direct) |
Whether you're pleased or not that Donald Trump has won the keys to the White House, you might still have problems with government mass surveillance.
|
|
|
|
|
2016-11-11 14:18:27 |
Graham Cluley on Jenny Radcliffe\'s new podcast, \'The Human Factor\' (lien direct) |
I'm honoured to be a guest on the inaugural episode of Jenny Radcliffe's brand new podcast "The Human Factor." Check it out!
|
|
|
|
|
2016-11-11 13:44:14 |
Pawn Storm used Microsoft zero-day in spear-phishing attacks before patch (lien direct) |
The notorious Pawn Storm group exploited a Microsoft zero-day vulnerability in a number of spear-phishing campaigns before the tech giant had a chance to release a patch.
David Bisson reports.
|
|
APT 28
|
|