Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-08-08 12:27:37 |
Attack on Ireland\'s state-owned power provider blamed on state-sponsored hackers (lien direct) |
EirGrid, which provides electricity to homes and businesses across Ireland and Northern Ireland, reportedly suffered a security breach earlier this year at the hands of state-sponsored hackers.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-08-08 11:07:36 |
Disney slammed with class-action complaint for unlawfully exfiltrating kids\' personal data (lien direct) |
A class-action lawsuit has been filed against The Walt Disney Company for wrongfully exfiltrating children's personally identifying information through the Disney Princess Palace Pets mobile app.
David Bisson reports.
|
|
|
|
|
2017-08-08 10:10:46 |
We all have a natural human tendency to trust... Be prepared! Download VASCO\'s "Social Engineering" eBook (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
Social engineering is certainly not a new problem, but it's a persistent one that continues to grow, and with seemingly no end in sight.
Social engineering preys on a natural human tendency to trust. Hackers are expert at manipulating the human factor and exploiting trust to steal valuable information. They accomplish this by convincing their victims to divulge confidential information or participate unknowingly in fraudulent transactions.
While most financial institutions have taken significant steps to combat social engineering through user education and additional controls for their customers, they still find themselves struggling to identify new attack methods and mitigate the damage.
Traditional phishing schemes are increasing in frequency and more targeted spear phishing attacks are as well. As customers migrate to additional channels, hackers are following them with threats such as voice phishing (Vishing) and SMS phishing (SMishing).
Education and enhanced security are the best defenses against hackers and social engineering attacks. To arm you for the battle, download VASCO's "Social Engineering" eBook and you'll discover:
The latest social engineering attack methods
The transaction authorization weaknesses
How to minimize the risk of social engineering attacks
Industry best practices and use cases
Get your free copy of VASCO's "Social Engineering" eBook now!
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-08-07 08:15:34 |
Game of Thrones Season 7 Episode 4 leaked online (lien direct) |
Hit TV show "Game of Thrones" was hit by hackers at the end of last month, who claimed to have stolen 1.5 terabytes of data from HBO. And now an actual episode has leaked online too.
|
|
|
|
|
2017-08-06 10:58:17 |
Attackers could shut down power grids by abusing solar panel flaws (lien direct) |
An attacker could exploit vulnerabilities found in solar panel components to shut down large parts of a power grid, claims a security researcher.
David Bisson reports.
|
|
|
★★★★★
|
|
2017-08-04 14:41:20 |
Invisible Man malware lifts banking credentials by abusing Android accessibility services (lien direct) |
A family of malware known as "Invisible Man" abuses Android OS accessibility services in order to steal users' banking credentials.
David Bisson reports.
|
|
|
★★
|
|
2017-08-03 23:01:53 |
FBI arrests WannaCry\'s \'accidental hero\' in connection with Kronos banking trojan (lien direct) |
Marcus Hutchins, aka MalwareTech, the British security researcher who was credited with stopping the hard-hitting WannaCry ransomware worm that hit the UK's NHS hard earlier this year, has been arrested in Las Vegas.
|
|
Wannacry
|
|
|
2017-08-03 22:55:07 |
Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak (lien direct) |
The developers of the notorious Carbanak banking trojan have added a new JavaScript backdoor to their tool set, targeting US restaurant chains.
David Bisson reports.
|
|
|
|
|
2017-08-03 12:50:43 |
Hackers hijack popular Chrome extension to inject code into web developers\' browsers (lien direct) |
Criminals hacked into a developer's account, and modified a Chrome browser extension used by over a million people to push unwanted adverts.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-08-03 02:47:19 |
Smashing Security #036: Flash? Clunk flush... and hacking security researchers (lien direct) |
A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images...
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
|
|
|
|
|
2017-08-02 13:00:24 |
Hackers hijack central Cardiff billboard to display swastikas and more... (lien direct) |
Someone managed to seize control of a large digital advertising billboard on Cardiff's main shopping street, forcing it to display a series of swastikas and far-right images.
|
|
|
|
|
2017-08-01 19:25:43 |
Email prankster tricks White House officials (lien direct) |
You won't be surprised to hear it's easy to create a webmail account in the name of Donald Trump Jr, Anthony Scaramucci or Jared Kushner.
And, of course, there are always people who will trust emails from such accounts all too quickly...
|
|
|
★★
|
|
2017-08-01 14:52:50 |
Hackers could install malware on your Amazon Echo to secretly \'wiretap\' you (lien direct) |
Security researchers have discovered that the Amazon Echo is vulnerable to attacks that could allow a hacker to install malware capable of secretly spying on the device's microphone to hear what is being said in its vicinity.
Read more in my article on the Bitdefender BOX blog.
|
|
|
★★
|
|
2017-08-01 14:43:08 |
Trojan found pre-installed on Android phones being sold on Amazon (lien direct) |
Security researchers have discovered the malicious Triada trojan horse implanted into the firmware of several Android devices.
David Bisson reports.
|
|
|
|
|
2017-08-01 10:47:14 |
\'Real people\' do not want secure communications, claims UK Home Secretary Amber Rudd (lien direct) |
UK Home Secretary Amber Rudd argues that "real people" would be happy with imperfect, breakable security.
|
|
|
|
|
2017-08-01 10:25:54 |
How are you going to protect the next generation of your Mobile Applications? (lien direct) |
Many thanks to the great folks at VASCO, who are sponsoring my writing for this week.
Today business growth means providing more services to more customers anytime and anywhere they choose.
This is driving an explosive growth in mobile apps. Of course, criminals are hard at work crafting malware to steal data and money from unsuspecting users.
The best way to protect your app's users is to integrate VASCO's RASP (Runtime Application Self-Protection) security technology.
Learn more, watch a video explanation, and download VASCO's free white paper where you will discover:
Which intrusions RASP can detect and prevent
How natively integrated RASP technology strengthens mobile applications
How RASP bridges the divide between infrastructure and app server owners
Why applications secured with RASP result in a lower cost, higher benefit ratio
Runtime application self-protection is critical for next generation app security, so learn more now, watch the video and download VASCO's free white paper.
If you're interested in exclusively sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-07-31 17:56:31 |
DEF CON attendees make short work of electronic voting machines (lien direct) |
Attendees to the DEF CON hacking conference in Las Vegas discovered weak spots in electronic voting machines that attackers could abuse in future compromises.
David Bisson reports.
|
|
|
★★
|
|
2017-07-31 17:15:30 |
Hackers steal information on 400,000 customers of Italy\'s biggest bank (lien direct) |
Italy's largest lender, UniCredit, has blamed an unnamed “third-party provider†for two security breaches where hackers have managed to steal information related to the personal loans of some 400,000 customers.
Read more in my article on the Hot for Security blog.
|
|
|
★★★★
|
|
2017-07-29 01:40:38 |
Car wash security flaws let hackers \'physically attack\' people (lien direct) |
Hackers can exploit security flaws affecting popular car wash rigs to damage customers' vehicles and "physically attack" people.
David Bisson reports.
|
|
|
|
|
2017-07-28 06:31:06 |
11 arrested in Chinese Fireball malware investigation (lien direct) |
Beijing police officers have arrested 11 individuals in connection with the Fireball malware that has infected hundreds of millions of computers.
David Bisson reports.
|
|
|
|
|
2017-07-26 23:12:35 |
Smashing Security #035: Up the Roomba with mandatory Chinese spyware (lien direct) |
China is forcing people to install smartphone spyware, young cyberoffenders are offered rehab, and robot vacuum cleaners want to sell maps of the inside of your house to tech firms.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dan Ring.
|
|
|
|
|
2017-07-26 16:11:18 |
EVERY app offered by alternative Android app market redirected to malware (lien direct) |
Remember to never ever agree to download Adobe Flash Player onto your Android phone.
David Bisson reports.
|
|
|
|
|
2017-07-26 15:52:48 |
FruitFly Mac malware - FBI investigating hundreds of infections, say researchers (lien direct) |
The FBI is thought to be currently investigating hundreds of infections tied to the mysterious FruitFly family of Mac-based malware.
David Bisson reports.
|
|
|
|
|
2017-07-25 02:02:29 |
18-year-old arrested after reporting dumb bug in public transport e-ticket system (lien direct) |
More than 45,000 users have voiced their disapproval on social media for Hungary's public transport system after police arrested an 18-year-old man for reporting a flaw in its new e-ticket system.
David Bisson reports.
|
|
|
|
|
2017-07-23 22:21:15 |
Online criminals clone UK university\'s website to phish for cash (lien direct) |
Criminals have cloned a UK university's website in an attempt to phish for unsuspecting students' cash and personal information.
David Bisson reports.
|
|
|
|
|
2017-07-20 13:55:49 |
Segway MiniPro patched to stop hackers hijacking remote control from hoverboard riders (lien direct) |
Security holes could have seen attackers seize remote control of a hoverboard and potentially injure riders by suddenly disabling the motor.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-07-20 13:53:09 |
Hacker steals $30M worth of Ethereum by abusing Parity wallet flaw (lien direct) |
Crikey - this isn't the first Ethereum heist we've seen...THIS WEEK!
David Bisson reports.
|
|
|
|
|
2017-07-20 09:30:03 |
Smashing Security 034: The pen is mightier than the password (lien direct) |
The UK government wants you to give your credit card details to porn sites, Ashley Madison offers compensation to the people whose lives it ruined, and an adult website wants you to pass its unorthodox and below-the-belt biometric identity check... gulp!
All this and Myspace, Google Glass, Fleabag, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
|
|
|
★★
|
|
2017-07-20 01:48:15 |
Publication of NukeBot trojan\'s source code leads to new \'operational\' samples (lien direct) |
New "operational" samples of the NukeBot banking trojan have emerged months after its original creator published its source code.
David Bisson reports.
|
Guideline
|
|
|
|
2017-07-19 19:30:48 |
Millions of IoT devices at hacking risk due to flaw in open source software library (lien direct) |
Once again questions are being asked about IOT security after it was revealed that a buggy software library is being used in millions of devices connected to the internet around the world.
Read more in my article on the Bitdefender BOX blog.
|
|
|
|
|
2017-07-19 13:50:11 |
Texting is no laughing matter (lien direct) |
When you start watching this video from Western Cape Government in South Africa, you think it's a bit of a giggle.
And then...
|
|
|
|
|
2017-07-18 17:38:20 |
Myspace fixes account security hole - but delete your account anyway (lien direct) |
If something *that* bad can be present on Myspace, I wonder what other problems might lurk there?
|
|
|
|
|
2017-07-18 14:59:24 |
Didn\'t get your Oreo cookie shipment? Last month\'s global cyber attack may be to blame (lien direct) |
More and more details are emerging of the financial impact that last month's malware attack has had on major businesses.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-07-18 14:30:41 |
Spyware abuses Telegram messaging app to target Iranian Android users (lien direct) |
Unsuspecting Iranian users of the Telegram app, best watch out - or they could find themselves the target of Android spyware.
David Bisson reports.
|
|
|
|
|
2017-07-18 13:25:34 |
It\'s a trap! Marcher banking trojan masquerades as Adobe Flash Player for Android (lien direct) |
Never let a suspicious program coerce you into allowing Android app installations from unknown sources.
David Bisson reports.
|
|
|
|
|
2017-07-17 15:14:01 |
Want to a hack a Myspace account? They\'ve made it shockingly easy (lien direct) |
All you need to hijack a Myspace account is the user's name, username, and date of birth.
David Bisson reports.
|
|
|
|
|
2017-07-16 20:07:37 |
Malware installs Signal as part of scheme to steal Mac users\' banking credentials (lien direct) |
The new OSX/Dok Mac malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials.
David Bisson reports.
|
|
|
|
|
2017-07-14 15:55:36 |
LockPos, the new point-of-sale malware being distributed by a once-dormant command and control server (lien direct) |
A criminal gang's new malware threatens to steal credit card information from poisoned payment terminals.
David Bisson reports.
|
|
|
|
|
2017-07-13 12:59:07 |
Are you looking at me? Welcome to the world of facial recognition (lien direct) |
As new technologies develop, it's worth reminding ourselves that just because we can do something doesn't mean that we should. Often a new technology can bring plenty of new opportunities to do amazing things, but that doesn't mean that it cannot also be ripe for abuse.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-07-13 09:37:44 |
The Magala trojan makes its money dishonestly by clicking on ads in your browser (lien direct) |
Every click, a few cents are made...
David Bisson reports.
|
|
|
|
|
2017-07-13 07:02:34 |
Smashing Security #033: 1Password, net neutrality, and spatchcock chicken (lien direct) |
Is password manager 1Password treating its customers unfairly? Are autonomous cars driving us around the bend? And what is this Net Neutrality thing anyway?
All this and more is discussed in the latest edition of the "Smashing Security" podcast.
|
|
|
|
|
2017-07-12 12:17:03 |
Firms that didn\'t patch and enabled local admin rights continue to suffer post cyber-attack (lien direct) |
Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn't mean your troubles are over. Many firms can continue to suffer long afterwards.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-07-12 09:39:01 |
Trump Hotels customers hit by credit-card stealing hackers. Again. (lien direct) |
It's always important to take any potential hacking incident seriously and bring in the feds to properly investigate.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-07-11 22:37:47 |
Microsoft issues critical security patches. Have you updated yet? (lien direct) |
Yep, we've finally reached the point where people are having to update their augmented reality headsets with security patches.
But for those of us with their feet firmly planted in the real world, there are plenty of fixes for Internet Explorer, Edge, Windows Explorer, Microsoft Office and more.
|
|
|
|
|
2017-07-11 14:49:40 |
Smartphone spyware targets investigators hunting for missing Mexican students (lien direct) |
19 people investigating the mysterious disappearance in 2014 of 43 Mexican students have been targeted by sophisticated smartphone spyware known as "Pegasus."
David Bisson reports.
|
|
|
|
|
2017-07-10 17:20:08 |
LeakerLocker ransomware threatens to dox Android users as extortion (lien direct) |
Mobile ransomware known as LeakerLocker threatens to dox Android users with whom it comes into contact as a means of extortion.
David Bisson reports.
|
|
|
|
|
2017-07-10 16:51:38 |
Jayden K Smith\'s Facebook friendship request - not a hacker, it\'s a hoax (lien direct) |
Another hoax warning spreads quickly on Facebook. Will people ever learn?
|
|
|
|
|
2017-07-10 11:56:30 |
Three million wrestling fans at risk after WWE leaves database unprotected (lien direct) |
The WWE has just been caught with its spandex leotard down...
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-07-10 08:06:37 |
Petya ransomware developer releases master decryption key, giving hope for victims (lien direct) |
The original developer of the Petya ransomware has released a master decryption key that works for all prevision versions of its enciphering creation.
But before you get too excited, it doesn't work for NotPetya...
David Bisson reports.
|
|
NotPetya
|
|
|
2017-07-07 22:31:01 |
AA apologises, and confirms customers\' partial credit card data *was* exposed (lien direct) |
"We're sorry", says the AA as it finally coughs up to data breach which exposed partial credit card information.
|
|
|
|