Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-08-17 13:06:01 |
SuperProf private tutor site massively fails password test, makes accounts super easy to hack (lien direct) |
Superprof, which claims to be “the world's largest tutoring network”, has made its newest members' passwords utterly predictable… leaving them wide open to hackers.
|
Hack
|
|
★★★★
|
|
2018-08-17 11:21:04 |
Apple hacked by 16-year-old who “dreamed” of working for firm (lien direct) |
An Australian teenager has admitted hacking into Apple's internal network and stealing 90 GB worth of files. The 16-year-old has pleaded guilty to breaking into Apple's systems on multiple occasions over the course of a year, from his parent's home in Melbourne's suburbs.
Read more in my article on the Hot for Security blog.
|
Guideline
|
|
★★★
|
|
2018-08-15 13:11:04 |
Sex extortion emails now quoting part of their victim\'s phone number (lien direct) |
Some computer users are reporting that they have received a new type of extortion email in their inbox, which - in an attempt to scare them into giving in to demands for money - quotes part of their phone number.
But where are the blackmailers getting the phone number from?
|
|
|
★★★★
|
|
2018-08-14 20:30:04 |
Bad news conspiracy theorists. QAnon codes are just a guy mashing his keyboard (lien direct) |
The codes in Q's posts aren't actual codes, but instead “just random typing by someone who might play an instrument and uses a qwerty keyboard,” says password expert.
|
|
|
★★
|
|
2018-08-14 10:20:05 |
Pausing \'Location history\' doesn\'t stop Google tracking your location. Here\'s how to stop it (lien direct) |
You would think that telling Google that you didn't want your location be tracked by disabling an option called “Location History” would stop the internet giant from errr.. storing data about your location.
Think again.
|
|
|
|
|
2018-08-13 11:40:05 |
Security breach in the White House\'s Situation Room (lien direct) |
A former reality TV star was able to sneak in her smartphone and record secret conversations in the Situation Room, supposedly the most secure place in the White House.
|
|
|
|
|
2018-08-10 15:35:05 |
Hackers phish Butlin\'s holiday camp chain, access customers\' personal data (lien direct) |
Fabled British holiday camp chain Bultin's has admitted that it has suffered a data breach that may have exposed details of 34,000 guests.
Read more in my article on the Hot for Security blog.
|
Data Breach
|
|
|
|
2018-08-09 11:17:05 |
26.5 million Comcast Xfinity customers had their partial home addresses and SSNs exposed by sloppy security (lien direct) |
Poor security measures have reportedly put the personal details of over 26.5 million Comcast Xfinity customers at risk, a researcher has revealed.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-08-08 23:17:05 |
Smashing Security #090: Fortnite for Android, and the FCC\'s DDoS BS (lien direct) |
Fortnite players are told they'll have to disable a security setting on Android, the FCC finally admits that it wasn't hit by a DDoS attack, and Verizon's VPN smallprint raises privacy concerns.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.
|
|
|
|
|
2018-08-08 13:44:01 |
Snapchat\'s source code leaked out, and was published on GitHub (lien direct) |
Snap, the parent company of SnapChat, has revealed that an update earlier this year to the social media app accidentally exposed some of its source code.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-08-08 11:01:03 |
Twitter CEO says they\'re taking no action against InfoWars and Alex Jones (lien direct) |
It's the same content that Facebook, YouTube, Spotify, and Apple banned. But Twitter isn't doing anything.
|
|
|
|
|
2018-08-07 10:33:04 |
No, Michael J Fox isn\'t dead (lien direct) |
Calm down. Michael J Fox isn't dead.
A rumour spread across social media that the star of sitcom “Family Ties” and the “Back to the Future” movie trilogy had carked it at the age of 57.
|
|
|
|
|
2018-08-06 14:20:04 |
Making millions out of prisoners\' email (lien direct) |
Big business turns a blind eye to the human cost of exploiting US prisoners and their loved ones.
|
|
|
|
|
2018-08-05 18:00:03 |
Free eBook: If your friend was put in charge of a cyber budget, what advice would you give them? (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support!
If your friend was put in charge of measuring cyber risk at a large company, what advice would you give them?
Nehemiah Security created this guide to advance the risk management conversation amongst cyber professionals.
Many would claim they are able to pinpoint technical cyber risks. But few would profess a high level of confidence that they always deploy their resources to the biggest risks facing the company. Fewer still would say they effectively communicate this to their board.
This eBook will change the way you approach and frame cyber risk conversations within your business.
Download the eBook today!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2018-08-02 14:19:00 |
Reddit hacked - but don\'t give up on 2FA just yet (lien direct) |
Yes, SMS-based 2FA can be intercepted by someone determined to hack into your account.
But it's also better than not having any multi-factor authentication in place at all.
Read more in my article on the Hot for Security blog.
|
Hack
|
|
|
|
2018-08-02 10:14:02 |
Smashing Security #089: Data breaches, ransomware, Bitcoin robberies, and typewriters (lien direct) |
Ransomware rears its head again, Dixons Carphone reveals its data breach was almost 1000% worse than they previously thought, a man is accused of stealing five million dollars worth of cryptocurrency through hijacking mobile phones, and a Canadian guy called Norman is rushing to get the typewriters out of storage.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist Geoff White.
|
Data Breach
|
|
|
|
2018-08-01 14:09:05 |
Android apps infected with umm… *Windows* malware (lien direct) |
Security researchers at Palo Alto Networks recently discovered 145 apps in the official Google Play Android store that were “infected by malicious Microsoft Windows executable files.”
Yes, you read that correctly. Android apps carrying malicious Windows executables.
|
Malware
|
|
|
|
2018-08-01 13:10:05 |
Phone scam exploits Russian hacking fears (lien direct) |
Guest contributor Bob Covello describes an unexpected phone call he received out of the blue.
|
|
|
|
|
2018-07-31 11:10:04 |
Steam game Abstractism pulled after cryptomining accusations (lien direct) |
Valve has pulled a game from its online Steam store after allegations were made that it was exploiting players' computer resources to mine for cryptocurrency.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-07-31 08:54:02 |
Dixons Carphone admits hack far bigger than originally thought (lien direct) |
Company now says approximately 10 million personal records could have been accessed in security breach.
|
Hack
|
|
|
|
2018-07-30 15:05:04 |
New York Times profiles one of its own security experts (lien direct) |
Last week, the New York Times published a brief profile of privacy and security researcher Runa Sandvik.
Well known in the security community, Sandvik has been working at the New York Times since March 2016, boosting the security and privacy of journalists, anonymous sources, and indeed subscribers.
|
|
|
|
|
2018-07-30 14:45:02 |
Prison inmates hacked tablets to earn $225,000 in credits (lien direct) |
364 inmates in five of Idaho's state prisons have exploited vulnerabilities in the JPay tablets they use to read email and access video games in order to boost their credit balances.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-07-30 12:34:03 |
1.4 million online fashion shoppers exposed after data breach at UK ecommerce provider (lien direct) |
Up to 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing.
|
Data Breach
|
|
|
|
2018-07-26 12:47:01 |
Senator calls on US Government to start killing Flash now (lien direct) |
For some companies eradicating Adobe Flash Player is going to be a significant job. And it may be an even bigger challenge for very large organisations, such as the US Government.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-07-25 23:17:05 |
Smashing Security #088: PayPal\'s Venmo app even makes your drug purchases public (lien direct) |
Websites still using HTTP are marked as “not secure” by Chrome, 85,000 Google employees haven't been phished for a year, and if you're buying drugs via PayPal's Venom app you should say goodbye to privacy.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Scott Helme.
|
|
|
★★
|
|
2018-07-25 14:18:04 |
Mind your company\'s old Twitter accounts, rather than allowing them to be hijacked by hackers (lien direct) |
There were only 13 episodes of the science fiction TV show “Almost Human” aired before it was pulled from the schedules in 2014.
But its Twitter account lives on, under the control of cryptocurrency giveaway scammers.
|
|
|
|
|
2018-07-25 10:34:04 |
Here\'s why Twitter will lock your account if you change your display name to Elon Musk (lien direct) |
There's bad news if your name really is “Elon Musk”.
You're going to have to jump over some additional hurdles to convince Twitter that you should be allowed to change your display name to the one you share with the boss of Tesla and SpaceX.
Read more in my article on the Hot for Security blog.
|
|
Tesla
|
|
|
2018-07-24 11:09:05 |
UK university domains spoofed in massive fraud campaign targeting suppliers (lien direct) |
Be on your guard if your company has received an order which appears to come from a UK university email address.
That's the advice of Action Fraud, the UK's national reporting service for fraud and financially-motivated cybercrime, after it saw a marked rise in the number of domains being registered that look very similar to genuine universities.
Read more in my article on the Hot for Security blog.
|
|
|
★★★★★
|
|
2018-07-23 18:42:00 |
Google Chrome users met with \'Not secure\' warnings from Tuesday (lien direct) |
If you're still running a website that is using insecure HTTP then it's probably too late.
Some of your website's visitors are going to be greeted with a message that tells them that they can't trust your website to be secure.
|
|
|
|
|
2018-07-23 13:23:02 |
Robotics supplier\'s sloppy security leaks ten years\' worth of data from major car manufacturers (lien direct) |
Security researchers have discovered 157 gigabytes of sensitive data from over 100 manufacturing companies left exposed online for anyone to access.
|
|
|
|
|
2018-07-19 15:15:00 |
Hackers automate the laundering of money via Clash of Clans (lien direct) |
Popular smartphone games such as “Clash of Clans” are being used to launder hundreds of thousands of dollars on behalf of credit card thieves.
Read more in my article on the Tripwire State of Security blog.
|
|
|
★★★★★
|
|
2018-07-19 09:10:04 |
Smashing Security #087: How Russia hacked the US election (lien direct) |
Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name of surveillance.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
|
|
|
|
|
2018-07-18 12:56:03 |
£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder (lien direct) |
The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.
|
|
|
|
|
2018-07-18 11:49:03 |
Elon Musk retracts vile Twitter accusation against cave rescuer (lien direct) |
Tesla chief Elon Musk retracts his unfounded allegations against man who helped boys escape from a Thai cave, but scammers are given another opportunity to strike.
|
|
Tesla
|
|
|
2018-07-18 08:25:02 |
Business email compromise scams have netted $12.5 billion, says FBI (lien direct) |
The FBI is warning businesses of the serious dangers posed by business email compromise (BEC) scams, saying that losses globally have risen by 136% since December 2016.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2018-07-16 23:30:02 |
21-year-old woman charged with hacking Selena Gomez (lien direct) |
Popstar Selena Gomez's alleged hacker has been charged.
Are your secret password reset questions easy to answer with public information?
|
|
|
|
|
2018-07-16 15:54:01 |
IoT search engine exposes passwords of over 30,000 vulnerable DVRs (lien direct) |
A researcher has discovered that it's easier than ever before to hack at least one brand of internet-enabled DVR, as an IoT search engine has cached their passwords within search results.
Read more in my article on the Bitdefender BOX blog.
|
Hack
|
|
|
|
2018-07-12 15:06:04 |
Timehop data breach is worse than they initially said (lien direct) |
'Time capsule' app Timehop has revealed that it made a boo-boo when it initially shared details over the weekend of a data breach involving millions of users' names, email addresses, and phone numbers.
|
Data Breach
|
|
|
|
2018-07-12 14:46:03 |
Average cost of a data breach exceeds $3.8 million, claims report (lien direct) |
Data breaches are getting more expensive.
That's one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach.
Read more in my article on the Tripwire State of Security blog.
|
Data Breach
|
|
|
|
2018-07-12 12:09:03 |
Smashing Security #086: Elon Musk submarine scams and 2FA bypass (lien direct) |
Crypto scamming Thai cave scoundrels! $25 million to make anti-fake news videos! TimeHop data breach! Phone number port out scams!
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.
|
|
|
|
|
2018-07-12 11:28:00 |
Facebook doesn\'t want to eradicate fake news. If it did they\'d kick out InfoWars (lien direct) |
Facebook would like you to believe that it's serious about ridding its platform of fake news. So how come InfoWars, one of the most notorious outlets of sick conspiracy theories, is allowed to maintain a page on the social network?
|
|
|
|
|
2018-07-11 13:28:05 |
Facebook fined a paltry £500,000 (8 minutes\' revenue) over Cambridge Analytica scandal (lien direct) |
Facebook will be fined £500,000 - the maximum amount possible - for two breaches of the UK's Data Protection Act 1998 in connection with the Cambridge Analytica scandal.
But under new European legislation, the fine could have been as high as £1.2 billion.
|
|
|
|
|
2018-07-10 14:04:03 |
New iOS security feature can be defeated by a $39 adapter… sold by Apple (lien direct) |
A one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory - giving law enforcement plenty of opportunity to crack your passcode with specialist tools.
|
|
|
★★★★
|
|
2018-07-10 11:20:05 |
Crypto scammers on Twitter exploiting Thai Cave rescue (lien direct) |
Time and time again, crypto scammers are creating accounts in the names of known Twitter users and using devious tricks to fool their followers into believing they are reading a genuine message from the likes of Elon Musk.
|
|
|
|
|
2018-07-09 15:26:00 |
Poor security at Thomas Cook airlines leads to simple extraction of fliers\' personal data (lien direct) |
Thousands of holidaymakers relying upon Thomas Cook Airlines to get them to their vacation may have had their personal information put at risk due to sloppy security.
|
Guideline
|
|
|
|
2018-07-08 21:22:00 |
Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support!
Nehemiah Security's “CyberTangent” is a podcast focused on topics like Security Risk Management, Cyber Risk Analytics, Malware Hunting, and more.
This specific episode of “CyberTangent” features our favorite guest, Graham Cluley himself! In this episode, we get to know Graham a little better, starting with how he got into the cybersecurity space and ending with his “love language.”
Start listening now to “CyberTangent”!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
Malware
|
|
|
|
2018-07-06 14:42:01 |
The Pirate Bay is cryptomining for Monero with your CPU again (lien direct) |
The Pirate Bay is in hot water again after being discovered running a cryptocurrency miner on its website.
Make sure you always read the <small> print.
|
|
|
|
|
2018-07-06 13:03:00 |
Disgruntled programmer accused of trying to sell his firm\'s iPhone spyware for $50 million (lien direct) |
Your company doesn't have to work in the field of high-tech surveillance and spyware to find itself at risk from insiders.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-07-04 23:03:00 |
Smashing Security #085: Doctor Who, Facebook patents, and Bob\'s Burgers (lien direct) |
Doctor Who's TARDIS has sprung a data leak, Facebook's creepy patents are unmasked, and an app to keep women safe on dates has surprising origins.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2018-07-04 17:08:01 |
Carole Cadwalladr takes us behind the scenes of the Cambridge Analytica investigation (lien direct) |
Carole Cadwalladr, the investigative journalist who revealed how the personal data of millions of Facebook users was used to influence the US election, speaks about what went on behind the headlines.
|
|
|
|