Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-04-17 12:51:05 |
Extortion emails a go-go (lien direct) |
Recent months seem to have seen a rise in extortion emails, designed to scare users into handing over their money.
|
|
|
|
|
2019-04-17 12:22:03 |
It doesn\'t matter if you don\'t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability (lien direct) |
Even if you don't use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.
Read more in my article on the Hot for Security blog.
|
Vulnerability
|
|
|
|
2019-04-15 15:41:01 |
High school election hacked by candidate who exploited weak passwords (lien direct) |
When Berkeley High School in California held its first ever elections for student government last month, things went about as well you probably expected…
|
|
|
|
|
2019-04-15 13:44:04 |
Hackers could read users\' Outlook, Hotmail, and MSN email via compromised Microsoft support account (lien direct) |
Microsoft says that it had identified that one of its support agents had had their username and password stolen, which allowed hackers to access information stored within users' email accounts.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-04-12 13:39:01 |
Bayrob malware gang convicted of infecting over 400,000 computers worldwide, stealing millions through online auction fraud (lien direct) |
A US court has convicted two Romanian hackers belonging to the Bayrob malware gang after they infected over 400,000 computers around the world, and stole millions of dollars.
Read more in my article on the Hot for Security blog.
|
Malware
|
|
|
|
2019-04-12 11:55:05 |
Hear me speak about how to make a billion dollars through cybercrime (lien direct) |
How did a cybercrime gang steal a billion dollars from banks and financial instituions.
Come to the talk I'm giving in London, and find out.
|
|
|
|
|
2019-04-11 14:31:00 |
(Déjà vu) High-rolling hacker jailed after launching malware attacks via porn websites (lien direct) |
A British man has been jailed for over six years after exploiting ad networks on pornographic websites to spread malware onto innocent users' computers.
Read more in my article on the Tripwire State of Security blog.
|
Malware
|
|
|
|
2019-04-10 23:03:00 |
(Déjà vu) Smashing Security #123: Backups - a necessary evil? (lien direct) |
With Graham incapacitated, we drag an episode out from the archives. In this special “splinter” episode of the “Smashing Security” podcast from September 2017 we tackle the tricky subject of backups - when did you last backup your data? how and what should you backup? and where should you store them?
Lots of questions and Graham gets to do his Tina Turner impression.
All this and more is discussed in this edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2019-04-10 22:38:05 |
The Samsung Galaxy S10\'s ultrasonic fingerprint scanner is hacked (lien direct) |
As hacker claims the entire process can be completed in just three minutes, you would be wise to remember that fingerprints are not the same as passwords.
|
|
|
|
|
2019-04-10 21:43:00 |
The scourge of stalkerware (lien direct) |
Stalkerware. Software that allows someone else to spy upon every SMS text message you send or receive, who you're speaking to on your smartphone phone, the pictures in your photo library, every social media post you make, your current location, and where you go and when.
The EFF's Eva Galperin calls on the security industry to take stalkerware more seriously.
|
|
|
|
|
2019-04-07 22:50:03 |
How CISOs should respond to the cybersecurity crisis (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at CloudShare. Thanks to the great team there for their support!
As cyber hacks, ransomware, and other breaches continue to rise, companies are quickly realizing the need for increasing their cybersecurity staff. Current data however indicates that the cybersecurity manpower shortage continues to grow, with over 1,000,000 cybersecurity positions unfilled in the U.S. alone.
The relationship between this shortage of cyber security skills and hacking exposure can't be ignored, with many companies feeling that their lack of employees with cybersecurity skills make for more desirable targets for cyber criminals. It's imperative therefore that these employees are sufficiently trained to receive the promised benefits from products and solutions, and able to sell and support them as well.
The challenges facing the cyber industry today can be overcome in a variety of ways such as:
Replicating complicated products with complex networking features.
Running complex training scenarios (for example, injecting scripts).
Providing templates of complex related structures.
Offering timed environments.
Creating replication of complex environments in seconds.
Securing the enterprise is a people problem that needs immediate attention!
Download the free eBook “Under Attack!”, and get a comprehensive examination of the skill-building strategies needed to strengthen lines of defense across the organization including:
An examination of today's urgent cybersecurity skills crisis
The top ten actions organizations can take to become more cyber resilient
Insights into the most effective cybersecurity training options
Tips for creating a corporate cybersecurity culture
“People impact security outcomes much more than any technology, policy or process.”
Joanna G. Huisman, Analyst at Gartner
Since 2007, CloudShare has been the leading supplier of virtual IT labs in the cloud, with specialized solutions designed to meet a wide variety of business needs – including training, sales enablement, and sandboxing for testing and support.
CloudShare customers include leading software and cybersecurity companies, such as Palo Alto Networks, Atlassian, ForgeRock, Sophos, Fortinet and Check Point Software Technologies.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Guideline
|
|
|
|
2019-04-05 14:07:03 |
Unpatched D-Link routers targeted in malicious DNS hijacking campaign (lien direct) |
Cybercriminals have been hacking into home routers for the last three months, meddling with DNS settings to redirect users surfing the web towards malicious websites.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2019-04-05 13:52:04 |
Ticketmaster is hit by a £5 million legal action after online payment card theft (lien direct) |
A British firm of solicitors, which specialises in helping victims of cybercrime claim compensation, has launched a £5 million (US $6.5 million) legal action against Ticketmaster.
|
|
|
|
|
2019-04-04 13:32:01 |
Unsecured databases found leaking half a billion resumes onto the net, no password required (lien direct) |
A staggering 590,497 million resumes have leaked from poorly-secured Chinese companies in just the last three months.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-04-04 08:05:03 |
Smashing Security #122: The big fat con at Office Depot (lien direct) |
Office Depot and OfficeMax are fined millions for tricking customers into thinking their computers were infected with malware, car alarms can make your vehicle less secure, and facial recognition in apartment blocks comes under the microscope.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
|
|
|
|
|
2019-04-03 20:54:04 |
(Déjà vu) 540 million Facebook records left exposed due to sloppy third-party developer security (lien direct) |
Security researchers have discovered a huge amount of data containing information about tens of thousands of Facebook users, left available for anyone to access - no password required.
The culprits? Third-party developers.
|
|
|
|
|
2019-04-03 20:54:04 |
(Déjà vu) 540 million Facebook users left exposed due to sloppy third-party developer security (lien direct) |
Security researchers have discovered a huge amount of data containing information about millions of Facebook users, left available for anyone to access - no password required.
The culprits? Third-party developers.
|
|
|
|
|
2019-04-03 17:57:05 |
In its ransomware response, Norsk Hydro is an example for us all (lien direct) |
It's been over two weeks now since Norsk Hydro, one of the world's largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.
And they're handling things really rather well…
|
Ransomware
|
|
|
|
2019-04-01 10:04:02 |
Don\'t be foolish when it comes to data security (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at SafeToGo Solutions. Thanks to the great team there for their support!
It doesn't matter how big or small your business, or what industry you operate in, data breaches pose a real threat to all of us. In addition to monetary fines, a data breach can result in long-term reputational damage, business disruption, staff and customer churn.
Whilst businesses are busy investing huge amounts of money in the latest high-tech information security products, we shouldn't forget the importance of bolstering internal security through staff training and security measures such as encryption and access management. After all the second largest contributor to data breaches globally is human error.
Find out now how SafeToGo Solutions can help businesses of all sizes reduce the risk of a data breach due to human error, with their range of data security products.
Find out more now!
Better SafeToGo than Sorry.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Data Breach
Threat
|
|
|
|
2019-03-29 15:05:04 |
(Déjà vu) Terrorist\'s mainfesto used to spread disk-wiping malware (lien direct) |
Following mass-shooting in New Zealand, someone has taken a copy of the terrorist's Word document and weaponised it to download malicious code from the internet.
|
Malware
|
|
|
|
2019-03-29 15:05:04 |
(Déjà vu) New Zealand shooter\'s manifesto used to spread disk-wiping malware (lien direct) |
Someone has taken a copy of the shooter's Word document and weaponised it to download malicious code from the internet.
|
Malware
|
|
|
|
2019-03-28 14:05:04 |
Office Depot fined millions for tricking customers into believing their PCs were infected with malware (lien direct) |
Office Depot, and its partner Support.com, have been fined $35 million for using the PC Health Check tune-up service to dupe people into buying unnecessary computer repair and technical services.
Read more in my article on the Hot for Security blog.
|
Malware
|
|
|
|
2019-03-27 15:24:02 |
(Déjà vu) Asus pushes out urgent security update after its own automatic Live Update tool was hacked (lien direct) |
Taiwan-based technology giant Asus is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using Asus's own Live Update software tool.
Read more in my article on the Tripwire State of Security blog.
|
Malware
Tool
|
|
|
|
2019-03-27 12:37:03 |
A PSA for twits on Twitter (lien direct) |
Twitter users have been warned not to fall for a prank that claimed their user interface would change colour if they told the service they were born in 2007, after a wave of users locked themselves out of their accounts for being underage.
|
|
|
|
|
2019-03-26 11:03:01 |
Hackers poison Asus software updates, may have infected one million PCs (lien direct) |
Hundreds of thousands of Asus PCs may have been infected with malware installed by Asus's own automatic Live Update tool.
|
Malware
|
|
|
|
2019-03-25 17:07:03 |
DLA Piper and its insurers clash over multi-million NotPetya payout (lien direct) |
Multinational law firm was hit in the crossfire as Russia-backed ransomware spread, and Hiscox is reportedly declining to pay up citing an “act of war”.
|
Ransomware
|
NotPetya
|
|
|
2019-03-25 15:35:01 |
Popular family tracking app exposed real-time location data onto the internet – no password required (lien direct) |
More than 238,000 individuals users have had their family's real-time location exposed for weeks on end after an app developer left sensitive data exposed on the internet, without a password.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-21 17:16:04 |
Some 2000 Facebook staff had access to millions of Facebook users\' passwords… stored in plaintext (lien direct) |
Stretching back as far as 2012, Facebook has been storing the passwords of hundreds of millions of users unencrypted, in plaintext.
And those passwords were searchable by Facebook staff…
|
|
|
|
|
2019-03-21 13:30:00 |
Google and Facebook scammed out of $123 million by man posing as hardware vendor (lien direct) |
Even the most tech savvy companies in the world can fall for business email compromise.
A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.
Read more in my article on the Tripwire State of Security blog.
|
Guideline
|
|
|
|
2019-03-21 12:05:04 |
Smashing Security #120: Silk Road with Deliveroo (lien direct) |
Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
|
|
|
|
|
2019-03-20 11:21:03 |
Hydro working hard to recover following ransomware attack (lien direct) |
You can't help but get the feeling that this was a highly-organised extortion attempt against Norsk Hydro.
|
Ransomware
|
|
|
|
2019-03-19 13:06:05 |
Aluminium plants hit by cyber-attack, global company turns to manual operations (lien direct) |
Norsk Hydro, one of the world's largest producers of aluminium, says that it is battling an “extensive cyber-attack” that first hit its systems on Monday evening and then escalated overnight.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-18 16:09:00 |
Google Play is flooded with hundreds of unsafe Android anti-virus products (lien direct) |
A new study has closely examined whether 250 security products for Android smartphones are capable of protecting users at all.
The results are in… and disturbing.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-18 11:21:05 |
53% of Britain\'s most frequent porn watchers aren\'t aware that they\'re about to be blocked (lien direct) |
A new survey has revealed that the majority of Brits are blissfully unaware that next month the UK Government will be requiring porn websites to verify that their users have obtained a “porn passport.”
|
|
|
|
|
2019-03-18 10:21:03 |
Myspace has lost all the music users uploaded between 2003 and 2015 (lien direct) |
You cannot trust the likes of Myspace to look after your data securely. Use internet services to archive your content if you wish, but you'd be wise to have your own backup too.
|
|
|
★★
|
|
2019-03-15 18:53:00 |
Zillow sued for $60 million after mansion listing hijacked (lien direct) |
A hacker knocked millions off the listed price of an incredibly expensive home, and its owners aren't at all happy…
|
|
|
|
|
2019-03-14 15:19:02 |
Online training site says it is spamming insecure printers with adverts (lien direct) |
Online training site Skillbox says that it has come up with an imaginative way to reach out to potential clients, and invite them to change their careers from being accountants and become graphical designers instead.
The Russian firm's idea? To send a spam message to thousands of printers left open to the internet.
Is this really happening again?
|
Spam
|
|
|
|
2019-03-14 12:40:05 |
US Senators say it shouldn\'t be a secret when they\'ve been hacked (lien direct) |
Federal agencies and companies are required by law to disclose breaches, but Congress is under no such obligation - meaning that the public may have no idea that their political representatives have been hit.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2019-03-14 00:23:04 |
Smashing Security #119: Hijacked homes, porn passports, and ransomware regret (lien direct) |
A $150 million mansion is hijacked online, Brits will soon have to scan their passport to watch internet porn, and are organisations right to pay up when hit by ransomware?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland.
|
Ransomware
|
|
|
|
2019-03-13 13:34:03 |
Online safety cartoons for young kids (lien direct) |
A series of cartoons are aiming to educate children as young as four about how to stay safe online.
|
|
|
|
|
2019-03-13 12:04:01 |
Man arrested for selling one million Netflix, Spotify, Hulu passwords (lien direct) |
The WickedGen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted “access to thousands of premium accounts across a huge range of services.”
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-11 16:35:04 |
Citrix hackers may have stolen six terabytes worth of files (lien direct) |
The FBI suspects that the hackers used a technique known as “password spraying”.
|
|
|
|
|
2019-03-11 13:52:03 |
Facebook sues quiz app developers who allegedly stole users\' private data through browser plugins (lien direct) |
Facebook is taking a stand against a pair of Ukrainian app developers who it claims scraped personal information from users' profiles.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-08 13:53:03 |
Hackable car alarms leave three million cars at risk of hijack (lien direct) |
Millions of car owners were left at risk of having their vehicles stolen, because of the poor security of third-party app-connected car alarms.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2019-03-08 11:34:05 |
Facebook Messenger bug made it possible for hackers to see who you have been chatting with (lien direct) |
A security researcher has revealed details of a flaw in Facebook Messenger that made it possible for “any website to expose who you have been messaging with.”
|
|
|
|
|
2019-03-07 11:51:03 |
Thousands of patients impacted by ransomware attack at medical billing company (lien direct) |
Following a ransomware attack at a medical billing company, thousands of patients are being warned that their highly sensitive medical information and personal details were amongst the data that was breached.
Read more in my article on the Tripwire State of Security blog.
|
Ransomware
|
|
|
|
2019-03-07 08:36:04 |
FBI boss warns businesses of Chinese hackers stealing their intellectual property (lien direct) |
What's the biggest cybersecurity threat for US businesses?
If FBI chief Christopher Wray is to be believed, it's China.
Read more in my article on the Bitdefender Business Insights blog.
|
Threat
|
|
|
|
2019-03-07 00:08:04 |
Smashing Security #118: The \'s\' in IoT stands for security (lien direct) |
Twerking robot assistants, an app from Saudi Arabia that lets men track women, and a gnarly skiing security snarl-up!
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
|
|
|
|
|
2019-03-05 10:42:02 |
Find QuadrigaCX\'s missing $190 million, and you could win a $100,000 bounty (lien direct) |
There has been another twist in the curious case of QuadrigaCX, a Canadian cryptocurrency exchange whose CEO unexpectedly and suddenly died without telling anyone else his password.
And it sounds like more troubling news for investors.
|
|
|
|
|
2019-03-04 17:24:02 |
Facebook isn\'t letting you opt-out of having people search for you by your phone number (lien direct) |
If you really must use Facebook, don't give it your phone number - not even for 2FA.
|
|
|
|