What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-14 10:46:00 | Patch now! Microsoft issues critical security updates as PCs attacked through zero-day flaw (lien direct) | Windows users are once again being told to update their systems with the latest security patches from Microsoft, following the discovery of critical vulnerabilities - including ones which are already being exploited in the wild, or could be used to fuel a fast-spreading worm. Read more in my article on the Hot for Security blog. | ★★★★★ | ||
|
2022-09-08 13:49:29 | Warning issued about Vice Society ransomware gang after attacks on schools (lien direct) | A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. Read more in my article on the Tripwire State of Security blog. | Ransomware | ||
|
2022-09-07 16:03:34 | Massive hotel group IHG struck by cyberattack which disrupts booking systems (lien direct) | InterContinental Hotels Group (IHG), which owns brands such as InterContinental, Crowne Plaza, Holiday Inn, and many others, has had its IT systems breached by malicious hackers Read more in my article on the Hot for Security blog. | |||
|
2022-09-07 13:00:44 | QNAP tells NAS users to “take immediate action” after new wave of DeadBolt ransomware attacks (lien direct) | Owners of QNAP NAS drives have been advised to "take immediate action" in the wake of a new wave of DeadBolt ransomware attacks. | Ransomware | ||
|
2022-09-01 11:56:25 | Over 900K Kubernetes clusters are misconfigured! Is your cluster a target? (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Teleport. Thanks to the great team there for their support! Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes … Continue reading "Over 900K Kubernetes clusters are misconfigured! Is your cluster a target?" | Uber | ||
|
2022-08-30 13:05:11 | Boots lets down its customers, by only offering SMS-based 2FA (lien direct) | I must admit I was delighted to receive an email today from UK high street pharmacy Boots telling me I should enable two-factor authentication on my account. Boots customers would have benefited from two-factor authentication a couple of years ago, when hackers attempted to gain access to customers’ Boots Advantage Card accounts, and temporarily stopped … Continue reading "Boots lets down its customers, by only offering SMS-based 2FA" | |||
|
2022-08-23 16:32:30 | Hackers demand $10 million from Paris hospital after ransomware attack (lien direct) | Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend. The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services. Read more in my article on the Hot for Security blog. | Ransomware | ||
|
2022-08-22 12:25:22 | Mac users urged to update Zoom, after security patch released for previously-flawed security patch (lien direct) | Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers. Read more in my article on the Hot for Security blog. | |||
|
2022-08-12 10:23:42 | Chinese criminals scam kids desperate to play games for more than three hours a week (lien direct) | Scammers are stealing money from children, with the alluring but bogus promise that China's tough restrictions on online gaming can be subverted. Read more in my article on the Hot for Security blog. | |||
|
2022-08-11 14:58:34 | Years after claiming DogWalk wasn\'t a vulnerability, Microsoft confirms flaw is being exploited and issues patch (lien direct) | This week Microsoft finally released a patch for a zero-day security flaw being exploited by hackers, that the company had claimed since 2019 was not actually a vulnerability. Read more in my article on the Hot for Security blog. | |||
|
2022-08-05 07:29:18 | Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email (lien direct) | Did Russian security Kaspersky really choose to send an email to its customers addressing them as "dear and lovely"? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to Kaspersky's customer base? | |||
|
2022-08-02 11:11:01 | Imran Khan\'s Instagram account hacked to promote phoney Elon Musk $100 million crypto giveaway (lien direct) | The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan was hacked yesterday in order to promote a cryptocurrency scam. Read more in my article on the Hot for Security blog. | |||
|
2022-07-29 11:44:50 | Romance scammers jailed after tricking Irish OAP out of €250k (lien direct) | An Irish court has jailed three romance scammers who tricked a 66-year-old woman out of her life savings, and even tricked her into visiting Dubai at her own expense. Read more in my article on the Hot for Security blog. | |||
|
2022-07-27 20:12:10 | Uber\'s former head of security faces fraud charges after allegedly covering up data breach (lien direct) | The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers. Read more in my article on the Hot for Security blog. | Data Breach | Uber Uber | |
|
2022-07-26 13:48:15 | Testing times for AV-Test as Twitter account hijacked by NFT spammers (lien direct) | An unauthorised party has seized control of the @avtestorg Twitter account, nuked its profile picture and banner, replaced its name and description with a full-stop, and set about retweeting numerous messages about NFTs. Anti-virus testing organisation AV-Test appears to have done nothing wrong, so how was its account hacked? | |||
|
2022-07-20 15:46:47 | More malware-infested apps, downloaded millions of times, found in the Google Play store (lien direct) | Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. Read more in my article on the Tripwire State of Security blog. | |||
|
2022-07-20 15:44:46 | Clunk flush! Bexplus cryptocurrency exchange closes suddenly, giving its users only 24 hours to withdraw funds (lien direct) | Bexplus gave its users only 24 hours to withdraw their funds. Can you imagine a traditional financial institution treating its customers in such a slipshod fashion? | |||
|
2022-07-20 14:32:47 | Anti-Russian denial-of-service app actually infects pro-Ukrainian activists (lien direct) | An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists. Read more in my article on the Hot for Security blog. | Malware | ||
|
2022-07-19 15:13:21 | Who on earth would be trying to promote EC-Council University via comment spam on my website? (lien direct) | I can't tell you not to seek ethical hacking certification from EC-Council. But I can suggest that if you are looking for an online university to boost your cybersecurity career, you don't settle for an outfit that has proven itself to be of questionable ethics and utterly clueless. | Spam | ★★★ | |
|
2022-07-19 13:53:49 | Hacker hijacks NFT artist DeeKay\'s Twitter account, steals $150,000 worth of NFTs from fans (lien direct) | NFT artist DeeKay Kwon had his Twitter account hacked at the end of last week by scammers who managed to steal NFTs valued at $150,000 from his followers. Read more in my article on the Hot for Security blog. | |||
|
2022-07-14 15:22:30 | Windows 8.1 displays full-screen warning as it nears its last day of support (lien direct) | Turn on a PC running Microsoft Windows 8.1 and you're likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and - critically - will no longer be receiving any security updates. | |||
|
2022-07-11 16:30:00 | Disneyland social media accounts hacked, offensive messages posted (lien direct) | Even the Magic Kingdom isn't immune from hackers. Late last week, millions of followers of Disneyland's Facebook and Instagram accounts were greeted by a series of offensive messages posted by a hacker. Read more in my article on the Hot for Security blog. | |||
|
2022-07-08 21:58:31 | Microsoft rolls back plan to block macros by default (lien direct) | Things haven't gone as smoothly as Microsoft (and, indeed, the rest of us) might have hoped... | |||
|
2022-07-07 15:52:25 | Lockdown Mode: Apple to protect users from targeted spyware attacks (lien direct) | Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. Read more in my article on the Tripwire State of Security blog. | Threat | ||
|
2022-07-07 11:17:47 | Smashing Security podcast #282: Raising money through ransomware, China\'s mega-leak, and hackers for hire (lien direct) | A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this … Continue reading "Smashing Security podcast #282: Raising money through ransomware, China’s mega-leak, and hackers for hire" | Data Breach | ||
|
2022-07-06 11:49:47 | Comprehensive risk-based API protection with AppTrana (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Indusface. Thanks to the great team there for their support! It is hard to imagine an application without APIs (Application Programming Interface). For the past few years, APIs have become core foundational for the success of businesses. Hence, there is no surprise that … Continue reading "Comprehensive risk-based API protection with AppTrana" | |||
|
2022-07-04 10:01:07 | Official British Army Twitter and YouTube accounts hijacked by NFT scammers (lien direct) | Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers on Sunday. Read more in my article on the Hot for Security blog. | |||
|
2022-07-01 13:51:31 | FTC warns LGBTQ+ community of extortion scams targeting them on dating apps (lien direct) | Members of the LGBTQ+ community have been warned to be on their guard against extortionists who may attempt to prey on them via online dating apps such as Grindr and Feeld. Read more in my article on the Hot for Security blog. | |||
|
2022-07-01 13:12:23 | AMD held to ransom by gang that claims 450GB of data has been stolen (lien direct) | Semiconductor giant AMD says that it is investigating what claims to be a major data breach of its network, that saw a group of online criminals steal 450GB of data from its systems. Read more in my article on the Hot for Security blog. | Data Breach | ||
|
2022-06-30 13:46:38 | Black Basta ransomware – what you need to know (lien direct) | Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations. Read more in my article on the Tripwire State of Security blog. | Ransomware | ||
|
2022-06-30 13:29:57 | NFT marketplace OpenSea warns of data breach that could lead to phishing attacks (lien direct) | Popular NFT marketplace OpenSea has warned users that they might be targeted with phishing attacks following a data breach that exposed the email addresses of its users and newsletter subscribers. | Data Breach | ||
|
2022-06-30 09:23:07 | Smashing Security podcast #281: Debug ransomware and win $1,000,000, period-tracking apps, and AI gets emotional (lien direct) | A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast. Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin. | Ransomware | ||
|
2022-06-29 20:47:31 | Deepfaking crooks seek remote-working jobs to gain access to sensitive data (lien direct) | The FBI has warned that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs. | |||
|
2022-06-28 15:59:01 | Carnival Cruises bruised by $6.25 million fine after series of cyberattacks (lien direct) | Carnival Cruises, the world's largest travel leisure firm which operates over 100 ships for millions of vacationing customers, has been fined a total of $6.25 million following a series of security mishaps. Read more in my article on the Hot for Security blog. | ★★ | ||
|
2022-06-27 17:06:14 | Drunk worker loses USB stick containing details of every resident of his city (lien direct) | A Japanese worker, after a drunken night out, lost a flash drive containing the personal information of every single one of his city's residents. Read more in my article on the Hot for Security blog. | |||
|
2022-06-23 15:05:00 | Amazon thinks it\'s really cool that Alexa can mimic your dead grandma\'s voice (lien direct) | Amazon has demonstrated an experimental feature that demonstrates how a child can choose to have a bedside story read to him by his Alexa... using his dead grandmother's voice. | |||
|
2022-06-23 14:31:10 | NHS warns of scam COVID-19 text messages (lien direct) | The UK's National Health Service has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. Read more in my article on the Tripwire State of Security blog. | |||
|
2022-06-23 14:21:58 | Smashing Security podcast #280: Hot tub hijinx, and a sentient AI (lien direct) | Internet-connected jacuzzis find themselves in hot water, and a Google engineer claims that their AI has developed feelings. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. | |||
|
2022-06-22 06:50:31 | Israeli military personnel spied on via Strava fitness-tracking app (lien direct) | The Strava fitness-tracking app is being used to spy upon members of the Israeli military, tracking their movements at secret bases across the country and potentially even help observe their activities when they travel overseas. Read more in my article on the Hot for Security blog. | |||
|
2022-06-21 19:05:37 | Voicemail-themed phishing attacks targets organisations (lien direct) | Have you received an email notification that there is a voicemail waiting to be listened to by you? Maybe you would be wise to think carefully before clicking on the attachment. | |||
|
2022-06-20 12:26:30 | How to get Fortune 500 cybersecurity without the hefty price tag (lien direct) | >Continue reading "How to get Fortune 500 cybersecurity without the hefty price tag" | |||
|
2022-06-17 14:22:52 | QNAP warns of new DeadBolt ransomware attack locking up NAS devices (lien direct) | Owners of NAS drives manufactured by QNAP have been advised that the company is "thoroughly investigating" reports that a new variant of the DeadBolt ransomware is targeting devices, locking up data and demanding victims pay a fee to extortionists. Read more in my article on the Hot for Security blog. | Ransomware | ||
|
2022-06-17 12:10:49 | NinjaForms WordPress plugin, actively exploited in wild, receives forced security update (lien direct) | A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild. | Vulnerability | ||
|
2022-06-17 08:24:27 | Heineken giving away free beer for Father\'s Day? It\'s a WhatsApp scam (lien direct) | With Father's Day falling this weekend in the United States and UK, more people might be more willing than normal to believe the latest scam to be spreading via WhatsApp is true. But I'm afraid it isn't. Sorry dads, Heineken isn't giving away free coolers of beer. Read more in my article on the Hot for Security blog. | |||
|
2022-06-16 15:13:29 | Interpol arrests thousands of scammers in operation “First Light 2022” (lien direct) | Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation which has seized tens of millions of dollars and seen more than 2000 people arrested. Read more in my article on the Tripwire State of Security blog. | |||
|
2022-06-16 12:24:02 | (Déjà vu) Want to block two billion known breached passwords from being used at your company? It\'s easy with Specops Password Policy tools (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Specops. Thanks to the great team there for their support! With the help of live attack data, Specops Software’s Breached Password Protection can detect over 2 billion known breached passwords in your Active Directory. Using the Specops database, you can block commonly used … Continue reading "Want to block two billion known breached passwords from being used at your company? It’s easy with Specops Password Policy tools" | Tool | ||
|
2022-06-15 23:02:54 | Smashing Security podcast #279: Encrypted notes, and a deadly case of AirTag spying (lien direct) | How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great? All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. | |||
|
2022-06-15 11:02:43 | DDoS-for-hire service which bombarded websites with attacks earns man two years in prison (lien direct) | The US authorities have sentenced a man to 24 months in a federal prison after he was found to have run a DDoS-for-hire service that knocked websites off the internet. Read more in my article on the Hot for Security blog. | |||
|
2022-06-10 13:28:39 | You can be tracked via your Bluetooth signal, researchers claim (lien direct) | Boffins at the University of California San Diego have found a way to track individuals via Bluetooth. Researchers discovered that the Bluetooth signals emitted by mobile phones carry a unique fingerprint, caused by small imperfections accidentally created during the manufacturing process. | |||
|
2022-06-10 12:37:16 | DogWalk zero-day Windows bug receives patch – but not from Microsoft (lien direct) | A Windows zero-day vulnerability dubbed "DogWalk" has not received an official patch yet from Microsoft, but that hasn't stopped others from offering free fixes to protect users. Read more in my article on the Hot for Security blog. | Vulnerability |
To see everything:
Our RSS (filtrered)
