Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-10-05 16:18:03 |
Sonic publicly confirms payment card breach at drive-in locations (lien direct) |
American fast food restaurant chain Sonic has publicly confirmed a payment card breach affecting some of its Drive-In locations.
|
|
|
|
|
2017-10-05 12:51:40 |
Smashing Security podcast #046: Good beard bad beard (lien direct) |
Bearded man entangled in dark web drugs market bust, Google researches how to make browser security warnings less confusing, and "bedroom entertainment systems" (ahem) probed for security holes.
|
|
|
|
|
2017-10-05 12:34:23 |
How a missing smiley foiled a $70,000 email fraud (lien direct) |
When hackers sent an email designed to steal thousands of dollars, they failed to make their message entirely convincing...
|
|
|
|
|
2017-10-05 07:16:29 |
Chinese Bitcoin exchange denies hacking rumors after theft of $2.5M (lien direct) |
OKex, a Chinese Bitcoin trading exchange, has denied rumors that it suffered a hacking attack after its users mysteriously lost a total of $2.5 million in Bitcoins.
|
|
|
|
|
2017-10-04 00:17:57 |
The biggest hack in history is actually three times bigger than we feared (lien direct) |
|
|
Yahoo
|
|
|
2017-10-03 14:50:22 |
\'Critical\' zero-day bug found in three popular WordPress plugins (lien direct) |
Outdated versions of three popular WordPress plugins suffer from a "critical" zero-day vulnerability that enables an attacker to take over a website.
|
|
|
|
|
2017-10-03 13:36:33 |
How does Behavioral Biometrics help financial institutions manage fraud risk? Download VASCO\'s white paper now (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
Before the internet, customers who wanted to perform a bank transaction had only one option - a visit to their local branch for a face-to-face transaction.
Now, in the "mobile age," customers expect that their bank provide secure and easy access to the full suite of banking services via their mobile device. The availability of transparent, risk-based online authentication tools, such as behavioral biometrics, then, comes at a critical time.
By downloading this free white paper, you'll learn:
The critical challenges financial institutions face when authenticating an increasingly mobile customer base
How to establish a risk-based approach to online security
How behavioral biometrics helps financial institutions manage fraud risk, improve the user experience, increase customer
loyalty, satisfy regulatory requirements, and deliver a frictionless, cross-channel user experience
Interested in learning more? Download VASCO's white paper: Behavioral Biometrics: Improve Security and the Customer Experience
|
|
|
|
|
2017-10-03 11:20:21 |
\'I don\'t need to understand how encryption works,\' admits UK Home Secretary (lien direct) |
|
|
|
|
|
2017-10-02 23:17:53 |
Android keyboard app misled 200 million users about how it was collecting data (lien direct) |
A popular keyboard app for Android offered conflicting statements about its data collection policies to its more than 200 million users.
|
|
|
|
|
2017-10-01 21:30:49 |
\'Phish for the Future\' spearphishing campaign set digital civil liberty activists in its sights (lien direct) |
One attack masqueraded as a YouTube comment to a legitimate video uploaded by the targe. Another posed as the target's husband under the pretense of sharing family photos.
|
|
|
|
|
2017-10-01 21:03:17 |
Taboola ads exploited to serve up tech support scams (lien direct) |
Criminals are exploiting users' natural sense of curiosity with native advertisements to serve up tech support scam pages.
|
|
|
|
|
2017-10-01 20:33:27 |
Banking trojan campaign uses commercial packers to target Brazilian users (lien direct) |
A banking trojan campaign is using commercial packing platforms to evade analysis and thereby successfully infect unsuspecting users.
|
|
|
|
|
2017-09-28 14:30:13 |
Woman says hacker spied on her through the baby monitor (lien direct) |
A woman claims that she and her family were spied upon after an unknown party hacked their way into a "smart" baby monitor.
|
|
|
|
|
2017-09-28 13:35:17 |
Internet Explorer bug can reveal the contents of your address bar (lien direct) |
If you're one of the many people still using Microsoft Internet Explorer to surf the internet, you have just been given another good reason to upgrade to a more modern browser.
|
|
|
|
|
2017-09-28 10:47:39 |
Smashing Security podcast #045: Deloitte fail, CCleaner, and dotards on Twitter (lien direct) |
Deloitte suffers an embarrassing hack, CCleaner spreads malware, and Twitter explains why it isn't planning to ban Donald Trump from Twitter anytime soon.
|
|
CCleaner
Deloitte
|
|
|
2017-09-28 10:46:44 |
Europol warns ransomware has taken cybercrime \'to another level\' (lien direct) |
Europol, the European Union's police agency, has warned of the significantly rising threat posed by ransomware.
|
|
|
|
|
2017-09-27 17:39:37 |
Facebook-hijacking Faceliker malware is on the rise (lien direct) |
Researchers have reported an increase in activity for a Facebook-hijacking threat known as Faceliker.
|
|
|
★★★★
|
|
2017-09-27 10:22:53 |
Heads-up teenage hoodlums! Don\'t SWAT Brian Krebs or else... (lien direct) |
If you're going to get your kicks SWATting others, my recommendation is not to target investigative cybercrime blogger Brian Krebs.
|
|
|
★★
|
|
2017-09-26 17:42:00 |
Keychain-busting zero-day disclosed hours before release of macOS High Sierra (lien direct) |
A security researcher has disclosed a password exfiltration zero-day that affects macOS version 10.13 (aka "High Sierra") and earlier.
|
|
|
|
|
2017-09-26 12:48:27 |
(Déjà vu) Adobe\'s security team reveals its private PGP key (lien direct) |
|
|
|
|
|
2017-09-25 12:49:03 |
For eight years, hackers have been able to exploit this password-stealing flaw in Joomla (lien direct) |
For the last eight years a critical vulnerability has lurked within the code of the Joomla CMS which could have allowed malicious hackers to steal every user's login credentials - including those belonging to administrators.
|
|
|
|
|
2017-09-21 16:58:48 |
McAfee joins the anti-Kaspersky witch hunt in shitty attempt to sell a few boxes (lien direct) |
|
|
|
|
|
2017-09-21 14:55:03 |
SEC reveals hackers might have used stolen data for insider trading (lien direct) |
The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.
|
|
|
|
|
2017-09-20 23:20:48 |
Smashing Security podcast #043: Backups - a necessary evil? (lien direct) |
When did you last backup your data? How and what should you backup? And where should you store them?
|
|
|
|
|
2017-09-20 19:03:11 |
More than three dozen schools call off classes after \'cyber terrorist\' threat (lien direct) |
More than three dozen public schools and other educational institutions canceled classes after receiving threats from a "cyber terrorist."
|
|
|
|
|
2017-09-20 18:31:19 |
Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more (lien direct) |
Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.
|
|
|
|
|
2017-09-20 10:13:39 |
First ever crypto-mining Chrome extension discovered (lien direct) |
A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users' computers by secretly mining for virtual cash.
|
|
|
|
|
2017-09-19 11:33:58 |
Misleading headlines about Equifax\'s *earlier* hack (lien direct) |
|
Guideline
|
Equifax
|
|
|
2017-09-19 09:13:03 |
Heads roll, as it\'s revealed Equifax\'s IT team knew it hadn\'t patched web app vulnerability (lien direct) |
|
|
Equifax
|
|
|
2017-09-18 13:16:38 |
The Pirate Bay website quietly runs a cryptocurrency miner on visitors\' PCs, gobbling up CPU cycles (lien direct) |
The Pirate Bay surprised many of its users when it quietly added a JavaScript-based cryptocurrency miner to its website.
|
|
|
|
|
2017-09-18 09:58:25 |
(Déjà vu) CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor (lien direct) |
|
|
CCleaner
|
|
|
2017-09-16 21:33:09 |
Guess what happened after VEVO told its hackers to \'f**k off\'... (lien direct) |
A hacking gang posted 3.12 terabytes of VEVO's internal files online, after it discovered the company was being reckless with its security.
David Bisson reports.
|
|
|
|
|
2017-09-14 14:30:50 |
Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites (lien direct) |
As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims' sites via a backdoor. Watch out for supply chain attacks that could impact your website...
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-09-14 14:27:04 |
Firm offers up to $1 million for Tor zero-day exploits - but who will they sell them to? (lien direct) |
A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser.
David Bisson reports.
|
|
|
|
|
2017-09-14 08:48:43 |
Smashing Security podcast #042: Equifax, BlueBorne, and the iPhone X (lien direct) |
Equifax's shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple's iPhone X comes with Face ID.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.
|
|
Equifax
|
|
|
2017-09-13 13:35:54 |
BlueBorne threatens almost every connected device with Bluetooth-based attacks (lien direct) |
Researchers have discovered a new attack vector they've named "BlueBorne" that enables bad actors to compromise nearly every connected device via Bluetooth.
David Bisson reports.
|
|
|
|
|
2017-09-13 10:50:18 |
Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now! (lien direct) |
Microsoft has once again released a batch of essential security updates for users of its software. What are you waiting for?
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-09-12 15:38:13 |
\'Secure\' BlackBerry Priv smartphone isn\'t getting any Android updates (lien direct) |
BlackBerry's so-called 'secure' Android smartphone is never going to receive operating system updates.
|
|
|
|
|
2017-09-12 13:58:58 |
How to protect yourself in the wake of the Equifax data breach (lien direct) |
David Bisson describes some of the ways you can protect yourself against identity thieves following the hack of Equifax.
|
|
Equifax
|
|
|
2017-09-12 09:11:05 |
Up to 44 million UK consumers may have had their identity put at risk after Equifax hack (lien direct) |
And don't imagine for a second that because you may have never heard of Equifax, or done no business with them, that you have somehow escaped from being affected by this breach.
Read more in my article on the Hot for Security blog.
|
|
Equifax
|
|
|
2017-09-11 17:36:10 |
Earn up to $200K finding bugs in Samsung smartphones (lien direct) |
Samsung has announced a new bug bounty program that offers rewards of up to $200,000 for qualifying vulnerability reports.
David Bisson reports.
|
|
|
|
|
2017-09-11 12:33:35 |
Hacked sex robots could kill you, warn British tabloids (lien direct) |
Surprise! British tabloid warn about the threats posed by robots.
Less of a surprise - they take a sex angle.
|
|
|
|
|
2017-09-09 09:22:35 |
Three Equifax execs sold $1.8 million of stock days after breach discovery (lien direct) |
Three Equifax executives sold a combined $1.8 million worth of shares just days after the credit reporting agency discovered a massive data breach.
But before it was made public.
David Bisson reports.
|
|
Equifax
|
|
|
2017-09-08 08:27:53 |
Budding malware author uses same Skype ID across job applications and IoT botnet ads (lien direct) |
A young malware developer is using the same Skype ID for applying to jobs and advertising their Internet of Things (IoT) botnet.
David Bisson reports.
|
|
|
|
|
2017-09-08 00:35:20 |
(Déjà vu) 62 days after discovering data leak, Equifax warns that 143 million US consumers could be at risk (lien direct) |
Equifax has announced that it has been hacked, and approximately 143 million US consumers may have had their names, social security numbers, dates of birth, addresses accessed by criminals. In some instances, driver license numbers have also been accessed.
143 million? That's just under half the population of the United States.
|
|
Equifax
|
★★
|
|
2017-09-08 00:35:20 |
(Déjà vu) 40 days after discovering data leak, Equifax warns that 143 million US consumers could be at risk (lien direct) |
Equifax has announced that it has been hacked, and approximately 143 million US consumers may have had their names, social security numbers, dates of birth, addresses accessed by criminals. In some instances, driver license numbers have also been accessed.
143 million? That's just under half the population of the United States.
|
|
Equifax
|
|
|
2017-09-07 11:09:43 |
How hackers could send secret commands to speech recognition systems with ultrasound (lien direct) |
Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa or Google Home using ultrasound.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-09-07 07:54:16 |
Smashing Security #41: Hacking Instagram, facial failures, and spying bosses (lien direct) |
It's easy to phone up a celebrity on Instagram following security breach, facial recognition at Notting Hill Carnival can't tell the girls from the boys, and companies are spying on their workers' activities.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest David Bisson.
|
|
|
|
|
2017-09-07 07:32:15 |
Learn a lesson from Nissan - own your brand\'s website domain, or else… (lien direct) |
The very last thing you want to happen is for potential customers to be told anything off-message as you undertake a major launch of your product.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-09-07 00:49:47 |
Apple Developer site goes down and some users are fearing a hack (lien direct) |
Some Apple developers claim their profiles have been updated to display an address in Russia.
|
|
|
|