Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-03-15 00:02:05 |
Facebook bans anti-Islamic group Britain First (lien direct) |
Facebook takes action - banning anti-Islamic Britain First from its network.
|
|
|
|
|
2018-03-14 17:16:03 |
(Déjà vu) Ex-Equifax exec charged with insider trading after selling $1 million worth of stock before data breach disclosure (lien direct) |
A former Equifax executive, who sold nearly $1 million worth of shares before the company's massive data breach was made public, has been charged with insider trading.
|
|
Equifax
|
|
|
2018-03-13 16:55:03 |
Calendar 2 app pulled from Mac App Store after cryptomining controversy (lien direct) |
Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.
Shame then that it wasn't unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.
|
|
|
|
|
2018-03-13 08:40:03 |
Know who hacked the Binance cryptocurrency exchange? Earn $250,000 (lien direct) |
Binance, one of the world's biggest cryptocurrency exchanges by trading volume, has offered a reward equivalent to $250,000 to anyone providing information that leads to the arrest of hackers who attacked the platform last week.
Read more in my article on the Hot for Security blog.
|
Data Breach
Guideline
|
|
|
|
2018-03-12 14:28:02 |
Controversial age checks to access online porn delayed in UK (lien direct) |
Just two weeks before the British government was due to introduce a compulsory order that pornographic websites verify their visitors' ages, the controversial regulation has been pulled.
|
General Information
|
|
|
|
2018-03-12 13:56:03 |
Join SC Media for their 12th annual cybersecurity conference, RiskSec, in New York! (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at SC Media. Thanks to the great team there for their support!
SC Media's 12th annual security conference, RiskSec (previously branded as SC Congress) will be held May 31 in New York City. This event will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day.
Features include:
Interactive learning sessions
Demos from 25 prominent tech companies
30+ industry-leading speakers
Ability to earn up to 9 CPE credits
Breakfast and lunch from executive chef
Cocktail reception
In 2017, there was a record number of massive data breaches that compromised millions of users' data and cost senior-level executives their jobs. This event is a great opportunity to collaborate and continue to improve defense techniques.
Use discount code CLULEY for $100 off admission.
RiskSec is a selective event for senior security professionals. Space is limited and the event will sell out.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
General Information
Guideline
|
|
★★
|
|
2018-03-09 09:43:04 |
Windows 10 flaw allowed attackers to open malicious websites… even if your PC was locked (lien direct) |
You may think your Windows 10 computer is locked, but is it really?
Israeli researchers have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious hackers… and potentially install malware.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-03-08 12:00:04 |
Hope Hicks hacked (lien direct) |
So-called “Trump Whisperer” Hope Hicks claims that she has fallen victim to email hackers, and so cannot provide emails requested by the House Intelligence Committee.
|
|
|
|
|
2018-03-08 11:14:00 |
MoviePass removes \'unused\' location feature that tracked cinema-goers\' movements (lien direct) |
MoviePass updates its app after taking some well-deserved heat after the company's CEO revealed that it was tracking users' movements a little too closely.
|
|
|
|
|
2018-03-08 00:16:01 |
Smashing Security #068: Malware from outer space! (lien direct) |
If aliens did contact us would it be safe to open the email? Why would MoviePass track film lovers after they leave the cinema? Would you know how to get around Malaysia when your car rental website lets you down? And will Graham *please* stop talking about text adventure games?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest journalist (and possible spy) James Thomson.
|
|
|
|
|
2018-03-06 15:30:04 |
World record broken again! DDoS attack exceeds 1.7 terabits per second (lien direct) |
Just days after it was revealed that a distributed denial-of-service (DDoS) attack on GitHub had been measured at a record-breaking peak of 1.35 terabits per second, another attack has raced past, and claimed the world record at a mind-blowing 1.7 Tbps.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-03-05 15:18:02 |
GitHub was hit by the most powerful DDoS attack in history (lien direct) |
Last week GitHub was the victim of the largest distributed denial-of-service (DDoS) attack in history.
|
|
|
|
|
2018-03-05 12:08:02 |
Signal and Telegram messaging services offline for some hours (lien direct) |
Users of the popular encrypted messaging services Signal and Telegram have been reporting problems accessing the services.
|
|
|
|
|
2018-03-04 22:23:02 |
Biohacking your body can be really painful... and not hugely useful (lien direct) |
Turns out that the outcome of hacking your body by implanting technology is not necessarily all positive.
|
|
|
|
|
2018-03-02 14:31:00 |
Chi*a ce*sors the letter \'N\' from the i*ter*et for a day (lien direct) |
China issued a temporary ban on some words and phrases being posted to the popular Sina Weibo microblogging site. Amongst them? The letter "N".
|
|
|
|
|
2018-03-02 12:03:03 |
Apple issues advice on how to spot App Store and iTunes phishing scams (lien direct) |
Apple has responded to a spate of legitimate-looking App Store and iTunes phishing emails by releasing a new support document, outlining how customers can better protect themselves.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-03-01 17:26:03 |
Smashing Security #067: Cyber stalking and gun control (lien direct) |
Incognito mode on your browser not as private as you think, consumer spyware companies get hacked, Graham is accused of "multitasking" in his hotel room, and Carole champions the students of Parkland, Florida.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast with computer security veterans Graham Cluley and Carole Theriault.
|
|
|
|
|
2018-03-01 12:45:02 |
1 in 50 publicly readable Amazon buckets are also writable - and that\'s a data disaster waiting to happen (lien direct) |
Don't dilly-dally. If you haven't already properly secured the Amazon Web Services S3 servers (known as “buckets”) storing your sensitive data in the cloud then your business has no time to lose.
|
|
|
|
|
2018-02-28 00:03:03 |
Phone-cracking firm advertises that it can unlock any iPhone (lien direct) |
Israeli security firm Cellebrite claims it can now even unlock iPhones running the very latest version of iOS.
|
|
|
|
|
2018-02-26 15:27:04 |
NanoCore\'s author didn\'t hack anyone, but he was imprisoned anyway (lien direct) |
33 months in prison for man found guilty of aiding and abetting online criminals by creating and selling the NanoCore RAT.
|
|
|
|
|
2018-02-26 15:18:02 |
Form W-2 data thefts are rocketing, warns FBI (lien direct) |
Businesses beware! Online criminals have ramped up their attempts to steal W-2 information from the finance and human resources departments of organisations, according to a warning issued by the FBI.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-02-23 15:22:00 |
Hacking these IoT baby monitors is child\'s play, researchers reveal (lien direct) |
Austrian security researchers have this week warned about the latest baby monitor affected by critical security vulnerabilities which raise very real privacy concerns.
Read more in my article on the Bitdefender Box blog.
|
|
|
|
|
2018-02-22 18:11:01 |
How to protect your browser from Unicode domain phishing attacks (lien direct) |
Phishers and other online crooks are taking advantage of Unicode domain names in their pursuit of your passwords and other sensitive information. Here's a simple way to protect yourself.
|
|
|
|
|
2018-02-22 00:38:05 |
Smashing Security #066: Passwords, pirates, and postcards (lien direct) |
Flight simulators packed with password-grabbing malware, Facebook fighting Russian trolls, and how vulnerability researchers fear being sued.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Dave Bittner from The CyberWire podcast.
|
|
|
|
|
2018-02-20 13:51:03 |
Facebook SMS spam risks spoiling adoption of 2FA (lien direct) |
It's hard enough getting people to turn on 2FA without sites using it to send non-security notifications.
|
|
|
|
|
2018-02-20 13:00:05 |
Apple fixes \'killer text bomb\' vulnerability with new update for iOS, macOS, watchOS, and tvOS (lien direct) |
Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.
|
|
|
|
|
2018-02-19 14:59:05 |
\'Killer text bomb\' crashes iPhones, iPads, Macs, and Apple Watches (lien direct) |
Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-02-15 17:13:00 |
How a Bitcoin phishing gang made $50 million with the help of Google AdWords (lien direct) |
A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2018-02-15 15:06:02 |
Smashing Security #065: Cryptominomania, Poppy, and your Amazon Alexa (lien direct) |
Cryptomining goes nuclear, YouTube for Kids gets scary, and TV ads have been given the green light to mess with your Amazon Alexa.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
|
|
|
|
|
2018-02-13 17:10:05 |
Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies (lien direct) |
If you don't want to disable your ad blocker, maybe you'll feel comfortable letting Salon.com run code from Coinhive which will gobble up your computer's resources to mine some Monero cryptocurrency.
|
|
|
★★★
|
|
2018-02-13 15:27:05 |
UK Government announces tool to detect and block extremist videos (lien direct) |
A UK company has received £600,000 of taxpayer's money to develop detection software, trained with thousands of hours worth of video content posted by Islamic State.
|
|
|
★★★
|
|
2018-02-12 13:10:04 |
Uh-oh. How just inserting a USB drive can pwn a Linux box (lien direct) |
Give a USB drive a volume name like this, hand it to a friend who runs KDE Plasma on their Linux box, and they won't be your friend much longer.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2018-02-12 11:20:04 |
(Déjà vu) All HTTP websites to soon be marked as \'not secure\' by Google Chrome (lien direct) |
If you're still running a website that is using insecure HTTP then it's time to wake up and drink the coffee.
Because unless you take action soon, you're going to find many of your visitors are going to distrust your website.
Read more in my article on the We Live Security blog.
|
|
|
|
|
2018-02-12 00:47:11 |
Government websites hijacked by cryptomining plugin (lien direct) |
|
|
|
|
|
2018-02-09 20:19:50 |
Russian nuclear scientists arrested for allegedly hijacking supercomputer to mine Bitcoins (lien direct) |
|
|
|
|
|
2018-02-09 13:53:27 |
Apple\'s iOS source code leak - what you need to know (lien direct) |
Earlier this week someone anonymously published a key piece of Apple's iOS source code onto GitHub.
Something you wouldn't want to fall into the wrong hands...
|
|
|
|
|
2018-02-08 12:07:24 |
12 Common Threat Intelligence Use Cases (lien direct) |
Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.
Recorded Future provides the only complete threat intelligence solution powered by patented machine learning to help security teams defend against cyberattacks.
Are you using threat intelligence to its full potential?
The term “threat intelligence†is often misunderstood and with so many security options out there, organizations struggle to find the right solution to meet their needs. The Gartner "Market Guide for Security Threat Intelligence Products and Services†explains the different use cases and how to best leverage threat intelligence in your organization.
You will learn how to:
Identify 12 common threat intelligence use cases.
Align these use cases to your specific requirements.
Implement strategies for getting value from threat intelligence.
Evaluate vendors based on your business needs.
Download this report to get clarity on threat intelligence definitions and learn how to make the right decisions for your organization today.
|
|
|
|
|
2018-02-08 00:11:09 |
Smashing Security #064: So just a \'teeny tiny\' security issue then? (lien direct) |
A Namecheap vulnerability allows strangers to make subdomains for your website, Troy Hunt examines password length, and ex-Google and Facebook employees are fighting to protect kids from social media addiction.
|
|
|
|
|
2018-02-07 15:39:43 |
WordPress update stopped WordPress automatic updates from working. So update now (lien direct) |
|
|
|
|
|
2018-02-06 15:24:51 |
One year later, the UK\'s Active Cyber Defence is seeing good results (lien direct) |
|
|
|
|
|
2018-02-06 14:47:31 |
(Déjà vu) Security hole meant Grammarly would fix your typos, but let snoopers read your private writings (lien direct) |
A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.
|
|
|
|
|
2018-02-06 14:47:31 |
Security hole meant Grammarly would fix your typos, but let snoopers read your every word (lien direct) |
A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.
|
|
|
|
|
2018-02-05 16:00:51 |
Lauri Love won\'t be extradited to the United States to face hacking charges (lien direct) |
|
|
|
|
|
2018-02-05 12:25:27 |
It\'s time to say \'Welcome to dumpsville Adobe Flash\', as new unpatched flaw exploited by criminals (lien direct) |
|
|
|
|
|
2018-02-01 15:39:27 |
Smominru! Half a million PCs hit by cryptomining botnet (lien direct) |
Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?
|
|
|
|
|
2018-02-01 14:04:13 |
Smashing Security #063: Carole\'s back! (lien direct) |
Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.
|
|
|
|
|
2018-01-31 08:20:35 |
Bitcoin hijack steals from both ransomware authors AND their victims (lien direct) |
If you use a Tor-to-web proxy service you you are putting an enormous amount of trust in their hands that they are not meddling with the information you are seeing - or indeed the data that you are sending.
|
|
|
|
|
2018-01-30 17:19:45 |
A real-life armed robbery of an online Bitcoin exchange (lien direct) |
|
|
|
|
|
2018-01-30 13:48:35 |
Stop dilly-dallying. Block all ads on YouTube (lien direct) |
|
|
|
|
|
2018-01-26 14:55:12 |
Keylogger found on thousands of WordPress-based sites, stealing every keypress as you type (lien direct) |
While the website's front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users' login credentials.
|
|
|
|