Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-02-03 13:54:38 |
Critical Cisco security hole could lead to hackers seizing control of thousands of home routers (lien direct) |
If you are a company running Cisco Prime Home to control your customers' devices – update it now.
Read more in my article on the Bitdefender Box blog.
|
Guideline
|
|
|
|
2017-02-03 02:03:54 |
(Déjà vu) Smashing Security podcast #006: \'A romantic ransomware hotel break\' (lien direct) |
Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.
Were hotel guests really trapped in their rooms by ransomware? Does anti-virus increase your attack surface so much that it's not worth running at all? And 11% of people on the internet are running ad blockers, says company which blocks ad blockers.
Oh, and we have a new theme tune...
|
|
|
|
|
2017-02-03 01:46:02 |
Buggy Pentagon systems a dream come true to attackers, says researcher (lien direct) |
Vulnerable servers owned by the Department of Defense could allow hackers to launch digital attacks via the Pentagon's systems, says a researcher.
David Bisson reports.
|
|
|
|
|
2017-02-01 21:15:41 |
Cerber eclipsed all other ransomware over holiday season, says Microsoft (lien direct) |
Microsoft detected more enterprise PCs infected by Cerber than any other ransomware family over the 2016-17 holiday season.
David Bisson reports.
|
|
|
|
|
2017-02-01 02:04:47 |
GitLab down after it deletes wrong directory and backups stumble (lien direct) |
GitLab, which provides a source code version control repository for software developers, has come a cropper after an employee accidentally deleted a directory on the wrong server.
|
|
|
|
|
2017-01-31 15:05:55 |
Telemarketing firm leaks 17,000 recorded calls, many containing credit card details (lien direct) |
Audio recordings of telemarketing calls include customers' names, physical addresses, phone number, credit card number, CV numbers, and more.
David Bisson reports.
|
|
|
|
|
2017-01-30 18:12:46 |
Ransomware attack impacted 70% of Washington DC police surveillance cameras (lien direct) |
Officials found 123 of 187 network video recorders capturing CCTV footage had fallen victim to two strains of ransomware.
David Bisson reports.
|
|
|
|
|
2017-01-30 16:04:59 |
How a single SMS can break your Samsung Galaxy Android phone (lien direct) |
It's hard to believe that it's 2017, and we're still talking about Android phones being compromised by boobytrapped SMS text messages.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-01-30 14:42:48 |
Barclays warns customers of the risks of business email compromise (lien direct) |
Business email compromise, also known as "whaling" or "CEO fraud", is one the biggest threats facing businesses today. So it's good to see banks like Barclays doing their bit to raise awareness.
|
|
|
|
|
2017-01-30 03:03:44 |
Hotel guests locked in their rooms by ransomware? It doesn\'t make sense (lien direct) |
It's a great story, but it's almost certainly not true.
|
|
|
|
|
2017-01-27 19:07:13 |
LeakedSource data breach website goes offline following alleged police raid (lien direct) |
The data breach aggregator and lookup service LeakedSource has gone offline following what appears to have been a police raid.
David Bisson reports.
|
|
|
|
|
2017-01-27 12:56:09 |
No, disabling your anti-virus software does not make security sense (lien direct) |
"Antivirus software vendors are terrible; don't buy antivirus software, and uninstall it if you already have it."
Seriously??
|
|
|
|
|
2017-01-27 02:10:46 |
(Déjà vu) The security of President Trump\'s Android smartphone (lien direct) |
The New York Times reports that US President Donald Trump is still using an old, poorly-secured Android smartphone.
|
|
|
|
|
2017-01-26 17:37:59 |
Firefox flags Web of Trust add-on as suspicious, blocks by default (lien direct) |
Firefox blocks WOT completely, in an attempt to protect users against malicious activity.
David Bisson reports.
|
|
|
|
|
2017-01-26 12:53:36 |
Smashing Security #005: \'Upskirt insecurity\' (lien direct) |
Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.
This week: An alleged hacker finds the downside to car rental, a New York Times Twitter account announces Vladimir Putin is planning to launch a missile attack against the United States, and an "upskirt" website leaks its user data.
Oh, and Vanja forces Graham to share an embarrassing privacy-breaching lavatory anecdote.
|
|
|
|
|
2017-01-25 17:38:30 |
218,000 private unencrypted AlphaBay dark web messages exposed (lien direct) |
Someone has exploited a vulnerability to view 218,000 private unencrypted messages exchanged by users of the AlphaBay dark web marketplace.
David Bisson reports.
|
|
|
|
|
2017-01-25 13:51:10 |
Corporations at risk of malware attack via Cisco\'s WebEx Chrome extension (lien direct) |
A warning has been issued that companies who have installed the popular Cisco WebEx extension on Chrome could have opened themselves up to malicious attacks.
Read more in my article on the Bitdefender Business Insights blog.
|
|
|
|
|
2017-01-25 02:56:51 |
Graham Cluley nominated for most entertaining security blog. Please vote! (lien direct) |
The Security Blogger Awards are open for the public to vote - so please do vote for your favourite blogs (even if it's not this one!) and show your support.
|
|
|
|
|
2017-01-25 00:12:34 |
Internet gang claims it caused Lloyds Bank outage via a DDoS attack (lien direct) |
An internet gang claims it used a distributed denial-of-service (DDoS) attack to interrupt services at the Lloyds Banking Group earlier this month.
David Bisson reports.
|
|
|
|
|
2017-01-24 15:12:53 |
Yahoo sale to Verizon delayed, following revelation of massive security breaches (lien direct) |
If you're in the business of scooping up another company, you probably want to uncover all of its dirty little secrets before you hand over any cash.
|
|
Yahoo
|
|
|
2017-01-23 17:11:20 |
Heartbleed is not dead. And isn\'t likely to be any time soon (lien direct) |
The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don't give a damn.
|
|
|
|
|
2017-01-23 15:57:35 |
Bug allowed attackers to delete ANY Facebook video they chose (lien direct) |
Facebook has patched a vulnerability that attackers could have abused to delete any user's video off the social media platform.
David Bisson reports.
|
|
|
|
|
2017-01-23 10:41:27 |
Twitter hack sees New York Times warn of Russian missile strike against USA (lien direct) |
Vladimir Putin is planning a missile strike on the United States?
Hold your horses, it's the latest example of a newspaper having one of its Twitter accounts hacked.
|
|
|
|
|
2017-01-22 21:21:11 |
Employment scam targets college students and their bank accounts (lien direct) |
A scam is tricking college students into depositing fraudulent checks into their bank accounts with the promise of employment.
David Bisson reports.
|
|
|
|
|
2017-01-19 23:39:48 |
Smashing Security #004: \'You don\'t mess with Brian Krebs\' (lien direct) |
Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual chat about whatever is on our minds.
This week: the Spora ransomware that offers you more than just your encrypted files back, Brian Krebs busts the alleged masterminds behind the Mirai botnet, and be careful that your IT staff aren't the only ones who know your corporate passwords.
Oh, and we're now a podcast as well as a video... :)
|
|
|
|
|
2017-01-19 23:12:34 |
Bring down the White House\'s website for Trump\'s inauguration, urges software engineer (lien direct) |
A software engineer is urging anyone and everyone opposed to the President-Elect to overload Whitehouse.gov on Donald Trump's inauguration day.
David Bisson reports.
|
|
|
|
|
2017-01-19 17:03:51 |
Samsung SmartCam owners warned of hacker hijack vulnerability (lien direct) |
A group of security researchers have uncovered a critical security hole in Samsung SmartCam devices that could allow malicious hackers to remotely seize complete control of cameras, and run malicious code.
Read more in my article on the Bitdefender blog.
|
|
|
|
|
2017-01-18 16:51:48 |
Remote code execution vulnerability affecting Facebook\'s servers earns researcher $40,000 (lien direct) |
Facebook has awarded US $40,000 to a security researcher who achieved remote code execution on its servers by exploiting a widely-publicised vulnerability.
David Bisson reports.
|
|
|
|
|
2017-01-18 14:09:12 |
Not lovin\' it! Researcher finds way to steal McDonald\'s users\' passwords (lien direct) |
A security researcher has discovered two vulnerabilities that allow an attacker to steal users' passwords from McDonald's official website.
David Bisson reports.
|
|
|
|
|
2017-01-18 13:22:09 |
If you\'re going to use Windows, it makes security sense to use Windows 10 (lien direct) |
Wouldn't it be great if modern operating systems hardened their defences, and did a better job in the first place at protecting against these types of security issues even when they are unknown?
Read more in my article on the Hot for Security blog.
|
|
|
★★★★
|
|
2017-01-17 14:50:44 |
It makes good security sense to change Alexa\'s name - here\'s how (lien direct) |
Waking your Alexa device should be as hard for an unauthorised party to do as guessing your password.
|
|
|
|
|
2017-01-17 13:27:25 |
Facebook took two weeks to remove video of 12-year-old girl that livestreamed her suicide (lien direct) |
Facebook needs to do more to prevent links to disturbing content from being shared widely across its network.
|
|
|
|
|
2017-01-17 10:13:38 |
Is your IP security camera making you less secure? (lien direct) |
As I see it, you buy a security camera to secure yourself.
You don't, imagine, install an IP surveillance camera to introduce new security risks.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-01-17 00:20:36 |
Top tips (not including anti-virus) for protecting your Android from malware (lien direct) |
How to defend what Apple's Tim Cook called "a toxic hellstew of vulnerabilities."
Guest contributor Yasin Soliman reports.
|
|
|
|
|
2017-01-16 17:51:05 |
I love podcasts so much, I took a deep breath and made one... (lien direct) |
I don't know what I'm doing, but I hope you like it.
At least you don't have to look at me now it's in podcast form.
|
|
|
|
|
2017-01-16 15:19:46 |
Facebook\'s new public Wi-Fi locator is raising privacy concerns (lien direct) |
Facebook is testing a new feature that helps users find nearby public Wi-Fi networks, but it's unclear whether its tool undermines users' privacy.
David Bisson reports.
|
|
|
|
|
2017-01-16 13:38:32 |
Wandera has uncovered severe mobile data exposures that affect a high proportion of enterprises. Try it now for free. (lien direct) |
Graham Cluley Security News is sponsored this week by the folks at Wandera. Thanks to the great team there for their support!
Wandera's 2017 Mobile Leak Report found more than 200 mobile websites and apps leaking personally identifiable information across a range of categories – including those that are essential for work. Your employees might have been exposed to credit card theft, identity theft, or even the re-use of login credentials to access a corporate network.
Read the 2017 Mobile Leak Report to see which types of apps present the highest risk to your sensitive corporate data.
Mobile is indisputably the new frontier for cyber threats, as adoption of corporate mobility continues to grow, so too does the number of attacks. Businesses have become increasingly exposed to new threats, vulnerabilities and data leaks.
Wandera provides enterprise-grade threat defense against these mobile security risks, keeping devices secure across all four levels of protection as identified by Gartner. Try Wandera for free to assess and understand what is happening with your mobile data.
Wandera works with some of the biggest and best-loved brands in the world. Find out how your business could also benefit by having devices protected and managed at the data-level.
If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
|
|
|
|
|
2017-01-14 13:40:29 |
WhatsApp vulnerability could allow Facebook and others to read messages (lien direct) |
A security issue could allow Facebook and other parties to intercept and read the messages you send via WhatsApp.
David Bisson reports.
|
|
|
|
|
2017-01-13 14:01:28 |
Don\'t follow the example of Donald Trump\'s choice for cybersecurity czar (lien direct) |
Two days is a long time in cybersecurity for Rudy Giuliani.
|
|
|
|
|
2017-01-13 13:17:17 |
Podcast on ransomware\'s threat to the healthcare industry (lien direct) |
The Fight Ransomware podcast invited me onto their show to discuss how heathcare organisations are fighting the ransomware threat. Give it a listen.
|
|
|
|
|
2017-01-12 22:42:00 |
Smashing Security #003: \'Alexa! Get me an axe!\' (lien direct) |
Join me and fellow computer security industry veterans Vanja Svajcer and Carole Theriault as we have another casual video chat about whatever is on our minds.
This week: Donald Trump and *that* secret dossier, MongoDB databases under attack, Microsoft employees suffering from PTSD, and Alexa buying doll houses.
|
|
|
|
|
2017-01-12 15:04:42 |
Vawtrak malware spread via toxic Word documents is still a thing apparently (lien direct) |
Beware poisoned parking tickets!
David Bisson reports.
|
|
|
|
|
2017-01-12 14:17:16 |
Honeytraps used to infect Israeli soldiers\' smartphones with spyware (lien direct) |
Bogus social networking profiles of young, attractive women are being used to trick soldiers into installing malicious spyware on their smartphones.
|
|
|
|
|
2017-01-12 01:46:27 |
Donald Trump finally believes Russia hacked the DNC (lien direct) |
It's been an extraordinary couple of weeks in the ongoing media tornado that US President-Elect Donald Trump finds himself in related to just who hacked the US Democratic party and released swathes of confidential email correspondence to WikiLeaks.
|
|
|
|
|
2017-01-11 15:28:42 |
Airline passengers\' bookings and info leaked by boarding gate displays (lien direct) |
Boarding gate displays at an airport leaked information that could have allowed attackers to gain access to passengers' bookings and their personal details.
David Bisson reports.
|
|
|
|
|
2017-01-11 13:43:17 |
Hello Kitty, Goodbye database containing 3.3 million users credentials (lien direct) |
A database of 3,345,168 Hello Kitty fans has surfaced online, stemming from a misconfigured Sanrio user database that was accessible to anyone in the world.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-01-10 22:33:15 |
Netflix users targeted by credit card phishing scheme (lien direct) |
A new phishing scheme is targeting Netflix users for their credit card details and other personal information.
David Bisson reports.
|
|
|
|
|
2017-01-10 14:03:21 |
Ransomware extorts Los Angeles school to the tune of $28,000 (lien direct) |
Blackmailers have claimed another scalp, extorting US $28,000 from a school hit by a ransomware attack.
Read more in my article on the Hot for Security blog.
|
|
|
|
|
2017-01-10 00:24:48 |
Onion Browser goes free for privacy-conscious iOS users, citing \'recent events\' (lien direct) |
For over four years mobile app developer and privacy journalist Mike Tigas has been selling his browser which encrypts and tunnels users' web traffic through the Tor network.
And now he's made it free.
|
|
|
|
|
2017-01-09 23:40:58 |
27,000 MongoDB servers have their data wiped, receive ransom demand for its safe return (lien direct) |
Tens of thousands of unprotected MongoDB databases have been taken hostage by hackers, who have wiped data from company servers and are demanding a ransom be paid for the safe return of the information.
Ouch. Here's what you need to know.
|
|
|
|