What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-28 15:53:02 | Coinhive, the in-browser cryptomining service beloved by hackers, is dead (lien direct) |  “To be completely honest, it isn't economically viable anymore,” says Coinhive.
Read more in my article on the Tripwire State of Security blog.
|
|||
|
2019-02-28 15:50:03 | A video about cybersecurity threats that doesn\'t feature any computers (lien direct) |  Check out this engaging and entertaining cybersecurity ad that doesn't include a single hoodie or (even more remarkably) any furtive keyboard typing in a darkened room.
|
|||
|
2019-02-28 11:11:02 | Businesses warned of malware spread via LinkedIn job offers (lien direct) |  Online criminals are using the temptation of a new job in a new malware campaign launched via LinkedIn.
Read more in my article on the Bitdefender Business Insights blog.
|
Malware | ||
|
2019-02-28 08:23:03 | Smashing Security #117: SWATs on a plane (lien direct) |  Why is Tampa's mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?
All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Plus, after last week's discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.
|
|||
|
2019-02-26 12:07:03 | Two weeks after hackers tried to steal 13 million euros, Bank of Valletta goes offline again (lien direct) |  The Maltese Bank of Valletta went down two weeks ago as hackers tried to steal 13 million Euros.
And now its systems have gone down again…
|
|||
|
2019-02-25 15:42:01 | Russian creator of NeverQuest banking trojan pleads guilty in American court (lien direct) |  Arrested as he returned his rental car at Barcelona's airport, a 33-year-old Russian faces up to five years in jail after admitting to being the mastermind behind the sophisticated NeverQuest banking trojan.
Read more in my article on the Hot for Security blog.
|
Guideline | ||
|
2019-02-25 13:06:03 | Your $350 Nike self-lacing sneakers aren\'t as smart as you hoped (lien direct) |  Owners of Nike's “smart” sneakers are up in arms that their $350 footwear had been bricked by a faulty Android app update.
Sometimes simple is better than “smart”.
|
|||
|
2019-02-21 10:10:05 | 139 US bars, restaurants and coffeeshops infected by credit-card stealing malware (lien direct) |  North Country Business Products (NCBP), a provider of point-of-sales systems, has revealed that 139 of its clients have been hit by a malware infection that stole the payment card details of consumers.
Read more in my article on the Hot for Security blog.
|
Malware | ||
|
2019-02-21 00:01:00 | Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag (lien direct) |  How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.
|
Malware | NotPetya | |
|
2019-02-20 14:41:02 | Join me to learn more about Magecart attacks - and how to defend against them (lien direct) |  Attacks that can silently skim payment data as it is entered on websites have become a huge problem.
Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.
|
|||
|
2019-02-20 14:07:05 | Google in hot water after not revealing it had hidden a secret microphone in home alarm product (lien direct) |  As if some folks weren't concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside its Nest Secure product.
Read more in my article on the Hot for Security blog.
|
|||
|
2019-02-20 10:22:05 | The man suing Apple over two-factor authentication has \'previous\' (lien direct) |  Many have been baffled by Jay Brodsky's legal action against Apple, including his claim that it takes between two and five minutes for him to pass the 2FA security check.
But things began to fall a little more into place when you discover it's not the first time he has sued Apple.
|
|||
|
2019-02-19 11:07:03 | (Déjà vu) Why real-time intelligence matters for managing third-party risk (lien direct) |  Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
As leading companies in every industry today are undergoing digital transformation, the lines are blurring between any one organization and its partners, suppliers, vendors, and other third parties.
In this new report, ESG examines how these business relationships can introduce new risks that need to be identified and managed “as if these third parties were part of the enterprise itself.”
Download your copy now of “Third-Party Risk: Why Real-Time Intelligence Matters”
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data.
Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. |
Threat Guideline | ||
|
2019-02-19 08:29:05 | 450,000 usernames and passwords stolen from Coinmama cryptocurrency broker (lien direct) |  Coinmama, a site that is supposed to “make it fast, safe and fun” to buy Bitcoins and Etherium with a credit card, has suffered a data breach that has resulted in almost half a million customers having their personal details breached.
Read more in my article on the Hot for Security blog.
|
Data Breach | ||
|
2019-02-18 16:23:01 | Apple sued over death blamed on faulty iPad battery (lien direct) |  Was iPad's Lithium-ion battery to blame for apartment fire that killed 64-year-old man two years ago?
|
|||
|
2019-02-18 16:16:03 | Apple sued because two-factor authentication… oh, I give up (lien direct) |  An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.
|
|||
|
2019-02-14 13:34:03 | Hacker arrested for wave of fake bomb and shooting threats against schools (lien direct) |  FBI agents have arrested a 20-year-old man alleged to have been part of a hacking gang which not only launched distributed denial-of-service (DDoS) attacks, but also launched a wave of chilling bomb and shooting threats against thousands of schools in the United States and United Kingdom.
Read more in my article on the Tripwire State of Security blog.
|
|||
|
2019-02-14 11:47:05 | Electric scooters can be hijacked remotely – no password required (lien direct) |  Security researchers have demonstrated that it's possible to remotely hijack control of popular electric scooters, forcing them to dangerously brake suddenly or accelerate.
Read more in my article on the Bitdefender Box blog.
|
|||
|
2019-02-14 10:27:03 | Smashing Security #115: Love, Nests, and is 2FA destroying the world? (lien direct) |  Is two factor authentication such a pain in the rear end that it's costing the economy millions? Do you feel safe having a Google Nest in your home? And don't get caught by a catfisher this Valentine's Day.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.
|
|||
|
2019-02-12 19:40:03 | VFEmail suffers \'catastrophic\' attack, as hacker wipes email service\'s primary and backup data (lien direct) |  There will be many angry customers of VFEmail who will be distraught at the thought that years' worth of irreplaceable personal and business correspondence may have been wiped out. It's understandable that some might turn their fury towards VFEmail.
But VFEmail is a victim too.
|
|||
|
2019-02-11 14:53:04 | Automatic 4K/HD for YouTube extension pulled from Chrome Store for pop-up ad abuse (lien direct) |  A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.
Read more in my article on the Hot for Security blog.
|
|||
|
2019-02-11 10:51:02 | Some OkCupid users have their accounts compromised. Why don\'t more dating apps use 2FA? (lien direct) |  It's easy to imagine the harm that could result from a hacker reading users' private communications on a dating app. So it's a disgrace that more don't offer a higher level of security to help prevent accounts from being hijacked.
|
|||
|
2019-02-10 14:33:00 | Botched Mumsnet update allowed users to see details of strangers\' accounts (lien direct) |  Popular British parenting site Mumsnet apologises after software update allows users to log into strangers' accounts.
|
|||
|
2019-02-08 13:02:04 | Update your iOS devices now against the FaceTime eavesdropping bug (lien direct) |  Apple has finally issued an update to iOS, iOS 12.1.4, which fixes the high profile problem which allowed FaceTime callers to listen and even see you *before* you answered an incoming call.
Read more in my article on the Hot for Security blog.
|
|||
|
2019-02-07 12:17:01 | Google Chrome extension warns if your password has been leaked (lien direct) |  Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.
Read more in my article on the Tripwire State of Security blog.
|
|||
|
2019-02-07 00:32:04 | Smashing Security #114: Darknet Diaries, death, and beauty apps (lien direct) |  Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how 'beauty camera' apps are redirecting users to phishing websites and stealing their selfies.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.
|
|||
|
2019-02-06 15:41:04 | Patch your Android now against critical .PNG image bug (lien direct) |  Android users are being reminded to be careful about the files they open on their smartphones, after the discovery that harmless-looking image files could be harbouring malicious code.
|
|||
|
2019-02-06 11:58:05 | Every day should be Safer Internet Day (lien direct) |  To celebrate the day after Safer Internet Day, here are my top five tips for staying safe online.
|
|||
|
2019-02-04 14:17:03 | Donald Trump\'s \'Executive Time\' leak - journalists retype documents to protect White House source (lien direct) |  Such a leak is likely to anger Trump and the White House, of course, and so Axios had to be careful not to throw their source under the bus.
|
|||
|
2019-02-01 06:45:03 | Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere (lien direct) |  ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following an unfollowing large numbers of other accounts - a tactic frequently employed by Twitter spammers.
Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.
|
|||
|
2019-01-31 05:55:02 | Smashing Security #113: FaceTime, Facebook, faceplant (lien direct) |  FaceTime bug allows callers to see and hear you *before* you answer the phone, Facebook's Nick Clegg tries to convince us the social network is changing its ways, and IoT hacking is big in Japan.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.
|
|||
|
2019-01-30 13:07:02 | Exposed! Facebook pays teenagers to install app that harvests personal data (lien direct) |  Since 2016 Facebook has been paying users aged 13-35 up to $20 per month to install an app which has almost unlimited limitless access to their smartphones and most sensitive data.
|
★★★ | ||
|
2019-01-29 04:49:01 | Apple races to fix FaceTime bug that lets you spy on someone *before* they pick up your call (lien direct) |  Don't panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation - and even see through your iPhone's front-facing camera - before you answer an incoming call.
|
|||
|
2019-01-28 13:50:04 | User of the world\'s biggest DDoS-for-hire website? Police say they\'re coming after you (lien direct) |  When police shut down the notorious DDoS-for-hire website webstresser.org last year and arrested its administrators, a clear message was sent to the site's 151,000 users: you're next.
Read more in my article on the Hot for Security blog.
|
|||
|
2019-01-28 11:07:01 | Thousands of taxpayers tell HMRC to delete voiceprint data it stored without consent (lien direct) |  The UK tax authority continues to store a huge database of millions of voice IDs which were collected without permission.
|
|||
|
2019-01-25 14:04:00 | Colorado police encrypt *all* their radio communications, frustrating journalists (lien direct) |  The police's use of encryption is apparently making life harder for journalists in Colorado.
Good! Encryption is a good thing, not a bad thing.
|
|||
|
2019-01-25 13:18:00 | B&Q data leak exposes information on 70,000 thefts from its stores, including names of suspected offenders (lien direct) |  A database of 70,000 offender and incident logs was only supposed to be accessible internally within UK hardware store B&Q, but was instead exposed for anyone to access - no password required.
So you'd expect B&Q to fix this pretty quickly after being told about the problem, right?
|
|||
|
2019-01-25 09:18:00 | Business payroll compromise – a new way for criminals to steal from your company (lien direct) |  Firms are being warned about a threat which evolves traditional business email compromise scams into a whole new way of extracting money from unwary companies.
Read more in my article on the Bitdefender Business Insights blog.
|
Threat | ||
|
2019-01-24 16:31:02 | Passwords at risk for users who fall for Eileen\'s cousin\'s voicemail (lien direct) |  Security researchers are warning of a new wave of phishing emails which are using an unusual disguise in their attempt to both bypass scanners at email gateways and dupe unsuspecting users.
Read more in my article on the Tripwire State of Security blog.
|
|||
|
2019-01-24 00:06:04 | 8-year-old \'scared to death\' after hacked Nest security camera warns of missile attack (lien direct) |  A California family has described the 'sheer terror' it experienced after its smart security camera began broadcasting a bogus warning that three North Korean missiles were heading to the United States.
Read more in my article on the Bitdefender BOX blog.
|
|||
|
2019-01-24 00:03:00 | Smashing Security #112: Payroll scams, gold coin heists, web giants spanked (lien direct) |  Business email compromise evolves to target your company's payroll, how the world's largest gold coin was stolen from a Berlin museum, and are internet giants feeling the heat yet over data security?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by people hacker Jenny Radcliffe.
|
|||
|
2019-01-23 17:49:05 | Poisoned PEAR. PHP extension repository download infected for up to six months (lien direct) |  The administrators of the PEAR package manager website have taken the site offline, having discovered that hackers breached the site, and apparently planted malicious code into the software.
|
|||
|
2019-01-23 17:20:02 | Got a Nest security camera? Enable two-step verification now (lien direct) |  2SV combined with a unique password makes it harder for a hacker to see what you're doing in your home.
|
|||
|
2019-01-21 21:48:01 | Twitter exposed some Android users\' protected tweets, and didn\'t notice for over four years (lien direct) |  Twitter has owned up to a privacy goof that exposed some Android users' private tweets.
|
★★★★★ | ||
|
2019-01-21 15:50:02 | Angry ex-employee blamed for hack of WordPress plugin developer, and email to customers warning of security hole (lien direct) |  Users of the popular WordPress translation plugin WPML (also known as WordPress MultiLingual) received an email from a hacker claiming to expose serious security vulnerabilities in the software that allegedly put the customers' own websites at risk.
Read more in my article on the Hot for Security blog.
|
Hack | ||
|
2019-01-21 12:48:04 | Learn how Starbucks combats credential stuffing & account takeover (ATO) (lien direct) |  Graham Cluley Security News is sponsored this week by the folks at Shape Security. Thanks to the great team there for their support!
“These are not kids in mom's basement attacking us.”
Nearly five million people around the globe buy Starbucks coffee from their mobile app every single day. Forty percent of those purchases are paid using Starbucks' gift card/stored value system, making the app a ripe target for account takeover (ATO).
Starbucks was one of the first enterprises to identify the growing threat of credential stuffing and mass ATO attacks. The security team tried using WAFs and CDN-provided bot solutions, but found those methods were no match for ever-evolving attackers.
Watch Shape's discussion with Starbucks to learn how the two companies partnered to help combat ATO and hear answers to questions including:
How have attackers evolved at Starbucks over the past three years?
How can we leverage a collective defense to turn the tide on attackers?
How does Starbucks balance security with user friction?
Shape Security is defining a new future in which excellent cybersecurity not only stops attackers, but also reduces friction for good customers. Shape disrupts the economics of cybercrime by making it too expensive for attackers to commit online fraud, while also enabling enterprises to more easily transact with genuine customers.
The Shape platform, covered by 55 patents, stops the most dangerous application attacks enabled by bots and cybercriminal tools, including credential stuffing (account takeover), fake account creation, and unauthorized aggregation.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. |
Threat | ||
|
2019-01-18 19:26:02 | Ingenious! The Android malware which only triggers if you\'re moving (lien direct) |  Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim's device or being analysed by a security team.
|
Malware | ||
|
2019-01-17 15:04:01 | The Collection #1 data breach - what you need to do about it (lien direct) |  A huge collection of email addresses and passwords, which can be used in attempts to break into online accounts, has been discovered.
If you are one of the affected users, what should you do about it?
|
Data Breach | ||
|
2019-01-17 00:02:05 | Smashing Security #111: When rivals hack, and \'extreme\' baby monitors (lien direct) |  Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Zoë Rose.
|
|||
|
2019-01-15 14:10:02 | Huge prizes up for grabs for anyone who can hack a Tesla (lien direct) |  This year, for the first time ever, a popular car will be amongst the products hackers will be trying to exploit at the Pwn2Own contest.
Read more in my article on the Hot for Security blog.
|
Hack | Tesla |
To see everything:
Our RSS (filtrered)
