Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-09-06 10:18:46 |
Lenovo\'s Superfish security fiasco ends in a slap on the wrist (lien direct) |
Computer manufacturer barely notices $3.5 million fine after customers' privacy and security was put at risk.
|
|
|
|
|
2017-09-05 16:51:46 |
Instagram breach deepens with dark web \'Doxagram\' domain (lien direct) |
Attackers have set up a dark web domain for their "Doxagram" site that offers for sale the email addresses and phone numbers of high-profile Instagram users.
David Bisson reports.
|
|
|
|
|
2017-09-04 21:11:16 |
Want to write Android ransomware but don\'t know how to code? No problem (lien direct) |
You don't need to know how to write a single line of code to write Android ransomware.
|
|
|
|
|
2017-09-04 18:36:35 |
Despite appearances, WikiLeaks wasn\'t hacked (lien direct) |
If you own a website, take advantage of the security features that your DNS registrar offers you or risk suffering the kind of attack OurMine wrought against WikiLeaks.
|
|
|
|
|
2017-09-01 17:26:52 |
Massive Locky ransomware campaign sends out 23 million emails in 24 hours (lien direct) |
Security researchers have spotted a massive malware campaign that sent out 23 million messages laden with Locky ransomware in the span of 24 hours.
David Bisson reports.
|
|
|
|
|
2017-09-01 12:57:54 |
Insecure Office 365 setups could be a ticking time bomb for your business (lien direct) |
Messages your customers receive from a hacker who has already compromised your email system are going to look much more convincing, and could result in your clients transferring large sums of money into a scammer's bank account and you losing customer trust and future business.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-09-01 12:53:58 |
Blonde girlfriend\'s passport let dark-haired man fly from London to Germany (lien direct) |
It's a huge failure by airport security, but hardly the first time it has happened...
David Bisson reports.
|
|
|
|
|
2017-08-31 13:41:44 |
Instagram confirms hack against high-profile users\' account info (lien direct) |
Instagram has confirmed a hacking attack that targeted several high-profile users of the photo sharing application.
Make sure you have a strong, unique password and two-step verification in place to better protect your accounts.
David Bisson reports.
|
|
|
|
|
2017-08-31 09:30:29 |
No razzle-dazzle here! Hackers target Zazzle with run-of-the-mill brute-force attack (lien direct) |
Digital attackers have pulled off a tried-and-true password brute-force attack against American online marketplace Zazzle.
David Bisson reports.
|
|
|
|
|
2017-08-31 08:03:20 |
Smashing Security #040: The show that cost Troy Hunt 14 dollars (lien direct) |
Are public figures lying about being hacked? What were online criminals doing with 711 million email addresses? And how could scammers profit from Hurricane Harvey?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by HaveIBeenPwned's Troy Hunt.
|
|
|
|
|
2017-08-30 13:23:44 |
711 MILLION email accounts weaponized by Onliner for spam campaigns (lien direct) |
The Onliner spambot weaponized a whopping 711 million email accounts to distribute spam emails laden with malware.
David Bisson reports.
|
|
|
|
|
2017-08-30 09:33:20 |
CeX data breach impacts two million UK accounts, customers told to change passwords ASAP (lien direct) |
Second-hand electronics dealer CeX is warning that it has suffered a data breach that has exposed the personal information of up to two million customers.
|
|
|
|
|
2017-08-29 20:21:08 |
Trump appointee says for the \'past several years\' he has been the victim of \'multiple cyber attacks\' (lien direct) |
Apparently it wasn't him who said those nasty things about Barack Obama's mom.
|
|
|
|
|
2017-08-29 14:44:47 |
Spyware deployed in state-sponsored attacks against India and Pakistan (lien direct) |
Security researchers have detected a state-sponsored spyware campaign that's leveraging the Ehdoor backdoor to target entities in India and Pakistan.
David Bisson reports.
|
|
|
|
|
2017-08-29 10:44:01 |
Selena Gomez - please tell your 125 million fans to enable two-step verification (lien direct) |
Hackers seized control of the American singer and actress's Instagram account and posted revealing snaps of her ex-boyfriend Justin Bieber.
|
|
|
|
|
2017-08-28 13:29:10 |
(Déjà vu) Open Banking APIs under PSD2: What are the security threats and solutions? Download VASCO\'s white paper now (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
The Revised Payment Services Directive, also known as PSD2, requires European banks to provide communication interfaces to Third Party Providers (TPPs).
These interfaces, generally referred to as APIs, will allow TPPs to build innovative financial services on top of the services of the banks. The requirements for these interfaces are defined in the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC), of which the European Banking Authority (EBA) published a draft version in February 2017.
In this whitepaper VASCO analyzes the requirements for the communication interface as defined in the draft RTS, with a special emphasis on security requirements. VASCO identifies the most important security threats against these interfaces, and discuss various solutions that can help banks to protect against them.
By downloading this free white paper, you'll discover:
the PSD2 requirements for open banking APIs
the security and privacy threats against the APIs of banks
how to protect APIs against security threats
VASCO's solution suite for PSD2 compliance
Interested in learning more? Download VASCO's white paper: Open Banking APIs under PSD2: What are the security threats and solutions?
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-08-25 22:37:17 |
Oops! Aetna exposed 12,000 customers\' HIV statuses through envelope window (lien direct) |
American managed health care company Aetna is in hot water for accidentally exposing the HIV statuses of 12,000 of its patients.
David Bisson reports.
|
|
|
|
|
2017-08-25 16:13:38 |
HIDS4U customers warned of free gift email attack after customer database leaks (lien direct) |
A firm which sells Xenon HID headlight conversion kits, reversing cameras, parking sensors and other high-tech gear for motorists, has warned customers to be wary after a security breach.
|
|
|
|
|
2017-08-25 15:53:40 |
It took 14 years for this Massachusetts hospital to detect a data breach (lien direct) |
It took a Massachusetts hospital 14 years to detect a data breach. To make matters worse, even after all that time - it wasn't the medical center itself that discovered the incident.
David Bisson reports.
|
|
|
|
|
2017-08-24 07:32:15 |
Smashing Security #039: Woah - are we talking to a cyborg? (lien direct) |
Hackers could change emails in your inbox *after* they are delivered, the web is getting more and more encrypted, and hacked robots can be commanded to umm... stab you.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cyborg Scott Helme.
|
|
|
|
|
2017-08-24 02:06:39 |
BankBot trojan tries to sneak apps onto your Android smartphone without permission (lien direct) |
The BankBot malware family is abusing Android's accessibility services to try to install additional apps without users' permission.
David Bisson reports.
|
|
|
|
|
2017-08-23 13:51:32 |
Sometimes hacks can be more about mischief than malice (lien direct) |
Once again, FC Barcelona has had its social media accounts hacked.
Maybe they want to think a little bit more about improving their defence?
|
|
|
|
|
2017-08-22 16:45:18 |
Anonymous hacker says they stole 1.2 million NHS patients\' data (lien direct) |
A member of the Anonymous hacking collective claims to have stolen data belonging to 1.2 million patients of the United Kingdom's National Health Service (NHS).
David Bisson reports.
|
|
|
|
|
2017-08-22 12:41:13 |
Nude photos of Anne Hathaway leaked online by hackers (lien direct) |
Hollywood actress Anne Hathaway is just the latest in a long line of celebrities who have found their intimate snaps exposed online by hackers.
|
|
|
|
|
2017-08-22 10:52:52 |
The FBI is briefing US companies against using Kaspersky products, claims report (lien direct) |
According to media reports, the FBI has been quietly meeting with companies to warn them of the threat posed by Russian security firm Kaspersky.
|
|
|
|
|
2017-08-21 15:56:11 |
Two zero-day vulnerabilities disclosed after Foxit refuses to patch PDF Reader (lien direct) |
Researchers have disclosed two zero-day vulnerabilities affecting Foxit's PDF Reader after the vendor revealed it has no plans to fix the security flaws.
David Bisson reports.
|
|
|
|
|
2017-08-21 13:51:28 |
Sony social media accounts hijacked as hackers claims to have stolen PSN database (lien direct) |
The OurMine hacking group claimed yet another corporate scalp this weekend - seizing control over the Twitter and Facebook accounts of Sony's PlayStation Network (PSN).
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-21 12:05:51 |
GCHQ knew FBI was planning to arrest WannaCry\'s \'accidental hero\' before he travelled to the USA (lien direct) |
The US authorities saved themselves an awful lot of paperwork and legal expense arresting their suspect on their own soil rather than trying to extradite him from the UK.
|
|
Wannacry
|
|
|
2017-08-19 20:54:55 |
Sonar-based attack could help hackers infer when you\'re having sex (lien direct) |
Hackers could use a sonar-based attack to infer information about what a target is doing, including when they might be engaging in sexual activity.
David Bisson reports.
|
|
|
|
|
2017-08-17 14:43:48 |
Vendor-neutral smart car bug has \'dangerous\' and \'even fatal\' consequences (lien direct) |
"You could disable the air bags, the anti-lock brakes, or the door locks, and steal the car," says researcher.
David Bisson reports.
|
|
|
|
|
2017-08-17 12:45:25 |
Lessons to learn after hackers hijack HBO\'s Facebook and Twitter accounts (lien direct) |
It's never a dull day if you're working in HBO's IT security team.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-08-17 08:42:28 |
Smashing Security #038: Gents! Stop airdropping your pics! (lien direct) |
WannaCry hero Marcus Hutchins (aka MalwareTech) pleads not guilty to malware charges, the Scottish parliament is hit by a brute force attack, IoT smart locks aren't so smart, and.. ahem.. someone is sending intimate pics via AirDrop to unsuspecting commuters.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.
|
Guideline
|
Wannacry
|
|
|
2017-08-16 18:01:03 |
Supply chain attack inserted backdoor into popular server management software (lien direct) |
A supply chain attack is believed to have been responsible for surreptitiously inserting a backdoor into widely used server management software.
David Bisson reports.
|
|
|
|
|
2017-08-16 09:17:01 |
Four people arrested in connection with Game of Thrones episode leak (lien direct) |
Indian police have arrested four people following the online leaking of an episode of the hit HBO TV series "Game of Thrones".
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-16 08:42:59 |
Hackers try to break into Scottish parliament email accounts weeks after Westminster attack (lien direct) |
Is your email hardened against brute force attacks?
|
|
|
|
|
2017-08-15 14:07:21 |
Friendly neighborhood hacker helps family regain access to locked car (lien direct) |
A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key.
David Bisson reports.
|
|
|
|
|
2017-08-15 14:05:06 |
(Déjà vu) Open Banking APIs under PSD2: Security Threats and Solutions. Download this free white paper (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
The Revised Payment Services Directive, also known as PSD2, requires European banks to provide communication interfaces to Third Party Providers (TPPs).
These interfaces, generally referred to as APIs, will allow TPPs to build innovative financial services on top of the services of the banks. The requirements for these interfaces are defined in the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC), of which the European Banking Authority (EBA) published a draft version in February 2017.
In this whitepaper VASCO analyzes the requirements for the communication interface as defined in the draft RTS, with a special emphasis on security requirements. VASCO identifies the most important security threats against these interfaces, and discuss various solutions that can help banks to protect against them.
By downloading this free white paper, you'll discover:
the PSD2 requirements for open banking APIs
the security and privacy threats against the APIs of banks
how to protect APIs against security threats
VASCO's solution suite for PSD2 compliance
Interested in learning more? Download VASCO's white paper: Open Banking APIs under PSD2: Security Threats and Solutions
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-08-15 08:34:37 |
US Govt demands details of 1.3 million internet users who visited Trump resistance website (lien direct) |
Visited a website protesting against the current US President? Law enforcement wants to know who you are...
|
|
|
|
|
2017-08-15 08:12:30 |
MalwareTech is back online, as he pleads not guilty to Kronos malware charges (lien direct) |
British security researcher Marcus Hutchins pleads not guilty to malware charges in a US court, and returns to Twitter.
|
Guideline
|
|
|
|
2017-08-14 18:06:59 |
Hundreds of \'smart\' locks bricked by flubbed remote update (lien direct) |
A fouled-up over-the-air firmware update rendered hundreds of a smart lock vendor's products unopenable.
Whoops.
David Bisson reports.
|
|
|
|
|
2017-08-14 12:13:59 |
HBO offered its hackers $250,000 after attack, leaked email claims (lien direct) |
The fallout from the HBO hack, which has already seen episodes of “Games of Thrones†scripts and episodes leaked online, the distribution of stars' email addresses and personal phone numbers, and million-dollar demands for an alleged haul of 1.5 terabytes of TV shows and corporate information, continues to get worse.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-13 15:15:32 |
Over a thousand spyware-infected Android apps discovered (lien direct) |
A family of Android spyware has infected more than 1,000 apps, including some which infiltrated Google's Play Store.
David Bisson reports.
|
|
|
|
|
2017-08-11 11:37:18 |
TalkTalk fined £100,000 after carelessly exposing customer data. Again. (lien direct) |
UK telecoms operator TalkTalk has been fined £100,000 for failing to protect the personal information of consumers, after the details of 21,000 customers were leaked.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-10 22:51:06 |
SMS touch a security and privacy nightmare for iOS users (lien direct) |
Plaintext data transmissions make $1.99 app a spoofer's delight...
David Bisson reports.
|
|
|
|
|
2017-08-10 12:20:35 |
Amber Rudd tricked by email prankster who duped White House officials (lien direct) |
British Home Secretary Amber Rudd has been duped into sharing her personal email address with a prankster who has previously embarrassed the likes of Donald Trump Jr and various White House officials.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-08-10 09:46:58 |
Smashing Security #037: Boobs, dragons and data breaches (lien direct) |
Hackers are holding HBO to ransom after a massive data breach, and have leaked the phone numbers and email addresses of "Game of Thrones" cast members. Has security firm Carbon Black been leaking customers's sensitive files while trying to scan them? And Disney's mobile apps are accused of spying on kids...
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
|
|
|
|
|
2017-08-10 07:48:26 |
At last! Firefox puts another nail in Flash\'s coffin (lien direct) |
There has been another welcome step along the road to Adobe Flash's funeral, with the release this week of a new version of the Firefox browser.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-09 23:22:45 |
Hotspot Shield VPN accused of logging user data, selling it to advertisers (lien direct) |
Privacy researchers have accused Hotspot Shield VPN of logging user data and selling it to advertisers, despite claims to the contrary.
David Bisson reports.
|
|
|
|
|
2017-08-08 20:01:44 |
N3v$r M1^d password rules. Get a password manager to generate and remember your passwords instead (lien direct) |
Struggling with passwords? The easiest thing to do is get a decent password manager.
|
|
|
|
|
2017-08-08 13:59:36 |
Engineer sentenced to 18 months in the slammer for accessing former employer\'s networks (lien direct) |
An engineer has been sent to prison for 18 months after accessing his former employer's networks without proper authorization.
David Bisson reports.
|
|
|
|