Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-05-11 00:23:47 |
Smashing Security #020: Phishing for Donald Trump (lien direct) |
Gizmodo's attempt to reveal Donald Trump's administration ineptitude when it comes to cybersecurity fails to impress. Mac users are warned that the HandBrake DVD-ripping app has been compromised by malware. And will the US Army insist IT security professionals spend months ironing their bedsheets..?
Computer security veterans Graham Cluley and Carole Theriault are joined on the podcast this week by special guest Paul Ducklin.
|
|
|
|
|
2017-05-10 23:57:15 |
(Déjà vu) How to clear the cache, cookies, and browsing data in Chrome (lien direct) |
David Bisson explains how Firefox users can clear their caches, browsing history, and cookies for better privacy.
|
|
|
|
|
2017-05-10 13:36:02 |
Gizmodo security test proves everyone (even Donald Trump\'s team) can get phished (lien direct) |
Gizmodo's controversial "security preparedness test" that targeted members of the Trump administration illustrates how everyone and anyone can fall for a phish.
David Bisson reports.
|
|
|
|
|
2017-05-09 14:24:25 |
Game of Thrones actress reveals cast forced to embrace two-step verification, and so should you (lien direct) |
Two-step verification makes it much harder for hackers to break their way into email accounts.
|
|
|
|
|
2017-05-09 13:15:16 |
Elementary vulnerability exposed sensitive medical records on healthcare data website (lien direct) |
A vulnerability allowed users of a healthcare data portal to access other users' medical records and thereby view their sensitive information.
David Bisson reports.
|
|
|
|
|
2017-05-09 09:41:31 |
Emergency patch released for critical security hole in Microsoft\'s malware scanner (lien direct) |
You know a security hole is serious if Microsoft issues a patch for it just hours before the company is scheduled to release its regular bundle of Patch Tuesday updates.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-05-08 21:39:13 |
FCC blames DDoS, not net neutrality comedy sketch, for website downtime (lien direct) |
Net neutrality. The only two words that promise more boredom in the English language are... 'Featuring Sting'
|
|
|
|
|
2017-05-08 20:47:53 |
Online daters at Guardian Soulmates targeted with sexually explicit spam after data left exposed (lien direct) |
It's the perfect place for the left-leaning urban intellectual to meet the quinoa quiche-eating, open-toed sandal-wearing partner of their dreams.
But now Guardian Soulmates has suffered a security breach.
|
|
|
|
|
2017-05-08 19:22:34 |
A \'great security tool\' that encrypts files? Think again! It\'s ransomware (lien direct) |
The authors of FrozrLock, a new ransomware-as-a-service (RaaS), are marketing their platform on the dark web as a "great security tool."
David Bisson reports.
|
|
|
|
|
2017-05-05 21:55:59 |
Debenhams warns flower-buying customers after website hacked for over six weeks (lien direct) |
British high street retailer Debenhams has warned that its flower delivery website has been hacked, potentially exposing the passwords and payment card details of 26,000 customers.
|
|
|
|
|
2017-05-05 21:22:21 |
No stalking spyware vendor, HackerOne won\'t run your bug bounty program (lien direct) |
HackerOne has refused to host a bug bounty program for spyware seller FlexiSPY on the grounds that the organization is operating illegally and unethically.
David Bisson reports.
|
|
|
|
|
2017-05-05 00:19:27 |
Bank robbers exploited SS7 weaknesses to drain 2SV-protected accounts (lien direct) |
A group of thieves exploited weaknesses in Signaling System 7 (SS7) to drain users' bank accounts, including those protected by two-step verification (2SV).
David Bisson reports.
|
|
|
|
|
2017-05-04 10:15:07 |
\'Google Docs\' worm ransacks Gmail users\' contact lists – what you need to know (lien direct) |
You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-05-03 23:05:49 |
Smashing Security #019: The Love Bug virus (lien direct) |
On May 4th 2000, the Love Bug virus (also known as ILOVEYOU or LoveLetter) rapidly spread around the world, clogging up email systems.
Computer security veterans Graham Cluley and Carole Theriault are joined on the podcast this week by special guest John Hawes for a trip down memory lane.
|
|
|
|
|
2017-05-03 22:47:14 |
Travel tech company Sabre confirms breach affected reservations system (lien direct) |
Sabre, a global travel technology company, has confirmed a breach has affected at least some of the many bookings that passed through its reservations system.
David Bisson reports.
|
|
|
|
|
2017-05-03 12:49:55 |
Critical Android security patches released - but will your phone ever see them? (lien direct) |
The most critical of the patched vulnerabilities address security flaws in Android's troubled Mediaserver component, that could be exploited by a malicious hacker to execute code remotely on targeted devices.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-05-03 08:09:00 |
Intel patches remote hijack bug that hid in chips for seven years (lien direct) |
Intel has patched a privileged escalation bug in its chips' remote management feature that could be exploited by an attacker to breach networks.
David Bisson reports.
|
|
|
|
|
2017-05-02 14:46:19 |
Email hackers cost couple their new home (lien direct) |
A group of email hackers set off a chain of events that cost a couple the contract on their new home.
David Bisson reports.
|
|
|
|
|
2017-05-02 12:56:37 |
IBM has been shipping malware-infected USB sticks (lien direct) |
We tend to trust companies like IBM to take greater care over what they ship to their customers and assume it to be uncompromised and squeaky-clean. Clearly that trust is sometimes misplaced.
|
|
|
|
|
2017-05-02 11:18:46 |
Ciphr blames rival company for partial data dump of its users (lien direct) |
Ciphr, a company which offers encryption services for smartphone users, claims that a rival firm are behind a data dump of its customers' email addresses and IMEI numbers.
David Bisson reports.
|
|
|
|
|
2017-05-02 08:50:00 |
The phishing swindle that conned $100 million out of Google and Facebook (lien direct) |
A 48-year-old man allegedly managed to trick Facebook and Google into wiring him over $100 million, after impersonating a genuine Taiwanese electronics manufacturer.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-04-28 13:02:13 |
Sonia disowns Rahul video virus? It\'s a hoax (lien direct) |
Earlier today my wife received a message warning of a virus that supposedly "formats your mobile" by accepting a video called "Sonia disowns Rahul".
It's amazing what some people believe...
|
|
|
|
|
2017-04-28 11:41:34 |
Amazon Echo Look: Super or Scary? (lien direct) |
My reaction when I heard that Amazon had added a camera to the next generation of its Alexa-powered Echo device was a mixture of revulsion and head-shaking inevitability.
But what do you think? Take our poll and share your thoughts.
|
|
|
|
|
2017-04-27 13:32:46 |
(Déjà vu) ISP brought down by warring malware families (lien direct) |
A battle between two rival families of malware is being blamed for the downtime that a Californian ISP suffered earlier this month.
Read more in my article on the Tripwire State of Security blog.
|
|
|
|
|
2017-04-27 09:05:01 |
Nomx? No thank you (lien direct) |
Nomx describes itself as "the only secure email communications device compatible with legacy email systems." But security researcher Scott Helme is less than impressed.
|
|
|
|
|
2017-04-27 08:14:43 |
Smashing Security #018: Windows is a virus. True or False? (lien direct) |
Security firm Webroot drops a clanger when it declared Windows was malicious and borked customers' PCs, millennials are streaming a lot of movies illegally, and blackmailers are targeting members of the Ashley Madison cheating site again.
All this and more is discussed in the latest edition of the "Smashing Security" podcast.
|
|
|
|
|
2017-04-26 21:44:02 |
Almost two million Androids infected by FalseGuide malware, masquerading as game guides (lien direct) |
A malware family known as FalseGuide masqueraded as game guides on Google Play to infect nearly two million Android devices.
David Bisson reports.
|
|
|
|
|
2017-04-26 17:53:21 |
Stealth Bomber maker admits hackers stole workers\' W-2 tax forms (lien direct) |
US military contractor Northrop Grumman has admitted that hackers managed to infiltrate its systems, and gained access to sensitive employee records.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-04-26 13:59:42 |
Flawed Hyundai app could have helped hackers break into cars (lien direct) |
Hyundai tells customers to update their Blue Link smartphone app to protect against hackers targeting their cars.
David Bisson reports.
|
|
|
|
|
2017-04-25 14:49:37 |
Webroot causes massive headaches after falsely flagging Windows files as malicious (lien direct) |
It's 2017, and anti-virus products still goof up like this...
David Bisson reports.
|
|
|
|
|
2017-04-25 13:22:02 |
Ashley Madison blackmailers threaten to create Cheater\'s Gallery exposing members who don\'t pay up (lien direct) |
Blackmailers are once again trying to make money out of the notorious Ashley Madison hack.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-04-25 13:05:11 |
(Déjà vu) Strong customer authentication and risk analysis under PSD2: how to comply? Download VASCO\'s white paper (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support!
More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
On Thursday February 23rd, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2).
In this VASCO white paper on Strong Customer Authentication and Risk Analysis under PSD2 you will discover:
Background information about the history of the final draft RTS
Common authentication solutions that are used by many online banking and mobile banking applications today
The most important requirements from the final draft RTS
Which authentication solutions are most likely to meet the requirements of the final draft RTS
Interested in learning more? Download VASCO's white paper: Strong customer authentication and risk analysis under PSD2: how to comply?
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-04-24 19:55:25 |
Got one of these 20+ models of Linksys Smart Wi-Fi routers? Bad news. 10 security holesdiscovered (lien direct) |
Linksys is working on a firmware update for 10 security vulnerabilities affecting its "Smart" Wi-Fi series of routers.
David Bisson reports.
|
|
|
|
|
2017-04-24 15:36:18 |
Businesses falling short when it comes to cybersecurity, says Government report (lien direct) |
A "sizable proportion" of businesses have still not put in place basic protection and policies to protect themselves from attack.
Is that true of your company?
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-04-24 13:40:46 |
How to clear the cache, cookies, and browsing history in Firefox (lien direct) |
David Bisson explains how Firefox users can clear their caches, browsing history, and cookies for better privacy.
|
|
|
|
|
2017-04-22 10:26:03 |
MilkyDoor malware turns Androids into backdoors to attack enterprise networks (lien direct) |
A new Android malware family is able to blend in with normal network traffic and avoid detection by encrypting its payloads, in order to access internal networks.
David Bisson reports.
|
|
|
|
|
2017-04-21 14:58:17 |
Want to watch HSBC\'s security awareness videos? You\'d best have Flash installed... (lien direct) |
If you don't give your customers a different way to consume your content, they're going to feel forced to (shudder...) install Adobe Flash.
|
|
|
|
|
2017-04-21 14:26:42 |
Donald Trump\'s review of America\'s cybersecurity misses its deadline (lien direct) |
A planned review of America's cybersecurity efforts has failed to materialise.
Good job there's no hacking going on, eh?
|
|
|
|
|
2017-04-20 14:00:19 |
Fake Android system update *really* wants to know your location (lien direct) |
Android spyware masqueraded as a fake system update on the Google Play store in an attempt to log unsuspecting users' location data.
David Bisson reports.
|
|
|
|
|
2017-04-20 09:53:36 |
Smashing Security #017: Data breaches, zero day exploits, and toenail clippings (lien direct) |
Hotel malware has been stealing guests' payment card details... again, should businesses relay delay rolling out vulnerability patches, and Burger King's Whopper TV ad campaign tries to take advantage of viewers' Google Home devices with predictable results.
All this and more is discussed in the latest edition of the "Smashing Security" podcast.
|
|
|
|
|
2017-04-19 15:10:46 |
The Hajime IoT worm fights the Mirai botnet for control of your devices (lien direct) |
The Hajime malware is worming its way through DVRs, CCTV systems, and other poorly-protected Internet of Things (IoT) devices.
David Bisson reports.
|
|
|
|
|
2017-04-19 11:20:04 |
Been to one of these 1170 hotels? Your credit card details may have been stolen by malware (lien direct) |
When a company starts a statement to customers with words describing how it "understands the important of protecting payment card data" you know that you're about to hear some bad news...
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-04-19 09:11:29 |
Foodie social network Allrecipes warns that someone stole users\' email addresses and passwords (lien direct) |
Allrecipes, the self-described "food-focused social network", has sent an email out to some of its users warning that their email addresses and passwords may have been intercepted by an unknown third-party.
Yuck!
|
|
|
|
|
2017-04-18 16:26:52 |
Beware bogus emails from LinkedIn asking for your CV! (lien direct) |
LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trick job seekers into sharing their personal details.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-04-18 15:31:28 |
Tracking pixels can conduct surveillance for targeted attacks (lien direct) |
Malicious hackers can use tracking pixels to help them gather intelligence for attack campaigns, both mass and targeted in scope say researchers.
David Bisson reports.
|
|
|
|
|
2017-04-18 11:56:05 |
A computer security tip for those campaigning in the UK general election (lien direct) |
There are lessons that British politicians can learn from the security snafus of the US presidential election.
|
|
|
|
|
2017-04-06 16:24:36 |
Triada Android spyware evades anti-virus detection by using DroidPlugin sandbox (lien direct) |
The Triada family of Android spyware is using the DroidPlugin open-source sandbox to evade detection by anti-virus software installed on infected devices.
David Bisson reports.
|
|
|
|
|
2017-04-06 01:02:40 |
Smashing Security #015: Bad vibrations (lien direct) |
Don't let an internet-enabled sex toy make your most private moments oh-so-public. Samsung's wannabe-Android-killer is found lacking. And did you hear about the firm that is micro-chipping its employees?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest John Hawes.
|
|
|
|
|
2017-04-06 00:11:46 |
Leave a bad review? This IoT garage door opener maker may brick your device (lien direct) |
The maker of an Internet of Things (IoT) garage door opener bricked a customer's device after they posted a negative review on the product's forum board.
David Bisson reports.
|
|
|
|
|
2017-04-04 15:26:16 |
Smart sex toy\'s security flaws fulfil every hacker\'s fantasy (lien direct) |
A connectable dildo suffers from numerous vulnerabilities that make it trivial for attackers to steal users'... well, "private" data.
David Bisson reports.
|
|
|
|