This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-14T09:44:14+00:00 www.secnews.physaphae.fr Graham Cluley - Blog Security Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformation anymore"]]> 2022-11-30T16:28:30+00:00 https://grahamcluley.com/twitter-isnt-going-to-stop-people-posting-covid-19-misinformation-anymore/ www.secnews.physaphae.fr/article.php?IdArticle=8286084 False Guideline None 4.0000000000000000 Graham Cluley - Blog Security 2021-10-04T12:27:42+00:00 https://grahamcluley.com/the-pandora-papers-is-the-panama-papers-turned-up-to-11/ www.secnews.physaphae.fr/article.php?IdArticle=3465025 False Guideline None None Graham Cluley - Blog Security 2021-09-29T11:41:36+00:00 https://www.bitdefender.com/blog/hotforsecurity/us-cryptocurrency-expert-pleads-guilty-to-helping-north-korea-evade-sanctions/ www.secnews.physaphae.fr/article.php?IdArticle=3444795 False Guideline None None Graham Cluley - Blog Security 2021-08-25T20:26:58+00:00 https://www.bitdefender.com/blog/hotforsecurity/man-admits-impersonating-apple-support-staff-to-steal-620-000-photos-from-icloud-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=3287302 False Guideline None None Graham Cluley - Blog Security 2021-08-16T12:35:15+00:00 https://grahamcluley.com/indra-hacking-group-blamed-for-attack-on-iranian-railway-system-that-trolled-countrys-supreme-leader/ www.secnews.physaphae.fr/article.php?IdArticle=3236257 False Guideline None None Graham Cluley - Blog Security Continue reading "Smashing Security podcast #237: NuNa, NuNu, NaNa"]]> 2021-07-22T00:06:39+00:00 https://grahamcluley.com/smashing-security-podcast-237/ www.secnews.physaphae.fr/article.php?IdArticle=3109046 False Guideline None None Graham Cluley - Blog Security 2021-07-15T14:23:22+00:00 https://www.tripwire.com/state-of-security/security-data-protection/us-offers-10-million-reward-in-hunt-for-state-sponsored-ransomware-attackers/?utm_source=bambu&utm_medium=social&utm_campaign=advocacy&blaid=1792192 www.secnews.physaphae.fr/article.php?IdArticle=3071492 False Ransomware,Guideline None None Graham Cluley - Blog Security 2021-05-14T14:54:38+00:00 https://hotforsecurity.bitdefender.com/blog/gamers-warned-of-downloading-fake-afterburner-overclocking-tool-to-boost-graphics-card-performance-25830.html www.secnews.physaphae.fr/article.php?IdArticle=2786265 False Tool,Guideline None None Graham Cluley - Blog Security 2021-03-28T14:15:13+00:00 https://grahamcluley.com/alex-salmonds-alba-party-website-leaks-data-in-idor-foul-up/ www.secnews.physaphae.fr/article.php?IdArticle=2548380 False Guideline None None Graham Cluley - Blog Security 2021-03-18T12:20:03+00:00 https://grahamcluley.com/smashing-security-podcast-219/ www.secnews.physaphae.fr/article.php?IdArticle=2500117 False Guideline None None Graham Cluley - Blog Security Continue reading "Recruitment giant Randstad hit by ransomware, sensitive data stolen"]]> 2020-12-07T18:14:33+00:00 https://grahamcluley.com/recruitment-giant-randstad-hit-by-ransomware-sensitive-data-stolen/ www.secnews.physaphae.fr/article.php?IdArticle=2083380 False Guideline None None Graham Cluley - Blog Security Continue reading "Mystery surrounds alleged Paytm Mall hack, as security firm hit by legal threat"]]> 2020-09-08T11:34:28+00:00 https://grahamcluley.com/mystery-surrounds-alleged-paytm-mall-hack-as-security-firm-hit-by-legal-notice/ www.secnews.physaphae.fr/article.php?IdArticle=1905325 False Threat,Guideline None None Graham Cluley - Blog Security 2020-09-03T09:44:58+00:00 https://hotforsecurity.bitdefender.com/blog/hackers-hijack-indian-pm-narendra-modi-twitter-account-24051.html www.secnews.physaphae.fr/article.php?IdArticle=1903722 False Guideline None None Graham Cluley - Blog Security 2020-06-04T14:09:13+00:00 https://www.tripwire.com/state-of-security/featured/the-scammer-launder-business-email-compromise/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1750453 False Guideline None None Graham Cluley - Blog Security 2019-11-19T16:24:05+00:00 https://www.grahamcluley.com/bad-boy-of-brexit-arron-banks-hacked-private-twitter-messages-leaked/ www.secnews.physaphae.fr/article.php?IdArticle=1476167 False Guideline None None Graham Cluley - Blog Security 2019-10-31T22:20:11+00:00 https://www.tripwire.com/state-of-security/featured/men-paid-100k-by-uber-to-hush-up-hack-plead-guilty-to-extortion-scheme/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1437506 True Hack,Guideline Uber None Graham Cluley - Blog Security 2019-08-30T09:00:02+00:00 https://businessinsights.bitdefender.com/the-top-reason-businesses-make-a-cyber-insurance-claim-business-email-compromise#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1294971 False Guideline None None Graham Cluley - Blog Security 2019-08-19T14:20:03+00:00 https://hotforsecurity.bitdefender.com/blog/20-month-prison-sentence-for-british-hacker-who-made-fortune-helping-sim-swap-fraudsters-21457.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1271575 False Guideline None None Graham Cluley - Blog Security 2019-04-25T10:43:01+00:00 https://www.grahamcluley.com/smashing-security-125-pick-of-the-thief/ www.secnews.physaphae.fr/article.php?IdArticle=1095347 False Malware,Guideline Wannacry None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at CloudShare. Thanks to the great team there for their support! As cyber hacks, ransomware, and other breaches continue to rise, companies are quickly realizing the need for increasing their cybersecurity staff. Current data however indicates that the cybersecurity manpower shortage continues to grow, with over 1,000,000 cybersecurity positions unfilled in the U.S. alone. The relationship between this shortage of cyber security skills and hacking exposure can't be ignored, with many companies feeling that their lack of employees with cybersecurity skills make for more desirable targets for cyber criminals. It's imperative therefore that these employees are sufficiently trained to receive the promised benefits from products and solutions, and able to sell and support them as well. The challenges facing the cyber industry today can be overcome in a variety of ways such as: Replicating complicated products with complex networking features. Running complex training scenarios (for example, injecting scripts). Providing templates of complex related structures. Offering timed environments. Creating replication of complex environments in seconds. Securing the enterprise is a people problem that needs immediate attention! Download the free eBook “Under Attack!”, and get a comprehensive examination of the skill-building strategies needed to strengthen lines of defense across the organization including: An examination of today's urgent cybersecurity skills crisis The top ten actions organizations can take to become more cyber resilient Insights into the most effective cybersecurity training options Tips for creating a corporate cybersecurity culture “People impact security outcomes much more than any technology, policy or process.” Joanna G. Huisman, Analyst at Gartner Since 2007, CloudShare has been the leading supplier of virtual IT labs in the cloud, with specialized solutions designed to meet a wide variety of business needs – including training, sales enablement, and sandboxing for testing and support. CloudShare customers include leading software and cybersecurity companies, such as Palo Alto Networks, Atlassian, ForgeRock, Sophos, Fortinet and Check Point Software Technologies.

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2019-04-07T22:50:03+00:00 https://www.grahamcluley.com/feed-sponsor-cloudshare/ www.secnews.physaphae.fr/article.php?IdArticle=1091757 False Guideline None None Graham Cluley - Blog Security Even the most tech savvy companies in the world can fall for business email compromise. A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers. Read more in my article on the Tripwire State of Security blog. ]]> 2019-03-21T13:30:00+00:00 https://www.tripwire.com/state-of-security/featured/google-and-facebook-scammed-out-of-123-million-by-man-posing-as-hardware-vendor/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1080800 False Guideline None None Graham Cluley - Blog Security Arrested as he returned his rental car at Barcelona's airport, a 33-year-old Russian faces up to five years in jail after admitting to being the mastermind behind the sophisticated NeverQuest banking trojan. Read more in my article on the Hot for Security blog. ]]> 2019-02-25T15:42:01+00:00 https://hotforsecurity.bitdefender.com/blog/russian-creator-of-neverquest-banking-trojan-pleads-guilty-in-american-court-20881.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=1041123 False Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! As leading companies in every industry today are undergoing digital transformation, the lines are blurring between any one organization and its partners, suppliers, vendors, and other third parties. In this new report, ESG examines how these business relationships can introduce new risks that need to be identified and managed “as if these third parties were part of the enterprise itself.” Download your copy now of “Third-Party Risk: Why Real-Time Intelligence Matters” About Recorded Future Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2019-02-19T11:07:03+00:00 https://www.grahamcluley.com/feed-sponsor-recorded-future-2/ www.secnews.physaphae.fr/article.php?IdArticle=1032330 True Threat,Guideline None None Graham Cluley - Blog Security A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis. ]]> 2018-10-25T08:32:01+00:00 https://www.grahamcluley.com/smashing-security-101-rule-34-twitter-scams-and-facebook-fails/ www.secnews.physaphae.fr/article.php?IdArticle=861928 False Guideline None None Graham Cluley - Blog Security A former high school teacher is to plead guilty to hacking into the online accounts of celebrities and stealing naked photographs and other private information. ]]> 2018-10-17T21:59:01+00:00 https://www.grahamcluley.com/naked-photo-hacker/ www.secnews.physaphae.fr/article.php?IdArticle=852506 False Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support! Coming this fall, Nehemiah is releasing their newest ebook, “Cyber as a Business Enabler: Operationalizing Cyber Risk Analytics”. This introductory guide arms the modern day cybersecurity leader to put cyber risk into motion and transform cybersecurity operations into a business enabler. Topics covered in this book include: The end goal of cyber risk analytics Where to gather the right data Key stakeholders involved What it takes to quantify cyber risks financially Follow this link for a sneak peek into the content and to reserve your copy when the full book is released!

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2018-09-10T09:17:02+00:00 https://www.grahamcluley.com/feed-sponsor-nehemiah-ebook/ www.secnews.physaphae.fr/article.php?IdArticle=801221 False Guideline None None Graham Cluley - Blog Security An Australian teenager has admitted hacking into Apple's internal network and stealing 90 GB worth of files. The 16-year-old has pleaded guilty to breaking into Apple's systems on multiple occasions over the course of a year, from his parent's home in Melbourne's suburbs. Read more in my article on the Hot for Security blog. ]]> 2018-08-17T11:21:04+00:00 https://hotforsecurity.bitdefender.com/blog/apple-hacked-by-16-year-old-who-dreamed-of-working-for-firm-20254.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=779795 False Guideline None 3.0000000000000000 Graham Cluley - Blog Security Thousands of holidaymakers relying upon Thomas Cook Airlines to get them to their vacation may have had their personal information put at risk due to sloppy security. ]]> 2018-07-09T15:26:00+00:00 https://www.grahamcluley.com/thomas-cook-airlines-poor-security-breach/ www.secnews.physaphae.fr/article.php?IdArticle=737410 False Guideline None None Graham Cluley - Blog Security Reality Winner, the US government contractor who leaked top secret documents about Russian hacking, has pleaded guilty. ]]> 2018-06-27T13:47:05+00:00 https://www.grahamcluley.com/reality-winner-pleads-guilty-after-being-unmasked-by-microdots/ www.secnews.physaphae.fr/article.php?IdArticle=725505 False Guideline None None Graham Cluley - Blog Security A website which demands money if you want your mugshot removed, could “sharenting” lead to a rise in fraud and identity theft, and how could the FBI have overcounted encrypted phones so badly? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis. ]]> 2018-05-24T07:46:03+00:00 https://www.grahamcluley.com/smashing-security-079-mugshots-mobile-mania-and-back-end-gurus/ www.secnews.physaphae.fr/article.php?IdArticle=669121 False Guideline None None Graham Cluley - Blog Security In 2008, the deputy leader of the British Labour party had her website hacked. And now we know who did it… ]]> 2018-04-12T09:38:05+00:00 https://www.grahamcluley.com/kemi-badenoch-mp-self-confessed-website-hacker/ www.secnews.physaphae.fr/article.php?IdArticle=581198 False Guideline None None Graham Cluley - Blog Security BBC Newsnight broadcast phone number of surgeons working in war-torn Aleppo… and then the hospital was bombed. ]]> 2018-03-22T17:32:04+00:00 https://www.grahamcluley.com/hackers-warplanes-syrian-hospital-after-targeting-british-surgeon-computer/ www.secnews.physaphae.fr/article.php?IdArticle=535540 False Guideline None None Graham Cluley - Blog Security Binance, one of the world's biggest cryptocurrency exchanges by trading volume, has offered a reward equivalent to $250,000 to anyone providing information that leads to the arrest of hackers who attacked the platform last week. Read more in my article on the Hot for Security blog. ]]> 2018-03-13T08:40:03+00:00 https://hotforsecurity.bitdefender.com/blog/know-who-hacked-the-binance-cryptocurrency-exchange-earn-250000-19672.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=509944 False Data Breach,Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at SC Media. Thanks to the great team there for their support! SC Media's 12th annual security conference, RiskSec (previously branded as SC Congress) will be held May 31 in New York City. This event will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day. Features include: Interactive learning sessions Demos from 25 prominent tech companies 30+ industry-leading speakers Ability to earn up to 9 CPE credits Breakfast and lunch from executive chef Cocktail reception In 2017, there was a record number of massive data breaches that compromised millions of users' data and cost senior-level executives their jobs. This event is a great opportunity to collaborate and continue to improve defense techniques. Use discount code CLULEY for $100 off admission. RiskSec is a selective event for senior security professionals. Space is limited and the event will sell out.

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2018-03-12T13:56:03+00:00 https://www.grahamcluley.com/risksec-feed-sponsor/ www.secnews.physaphae.fr/article.php?IdArticle=508332 False General Information,Guideline None 2.0000000000000000 Graham Cluley - Blog Security User interfaces and poor procedures lead to pandemonium in Hawaii, hackers are attempting to trick victims into opening cryptocurrency-related email attachments, and yet more pox-ridden apps are found in Android's Google Play store. ]]> 2018-01-18T09:25:10+00:00 https://www.grahamcluley.com/smashing-security-061-fallout-over-hawaii-missile-false-alarm/ www.secnews.physaphae.fr/article.php?IdArticle=459779 False Guideline None None Graham Cluley - Blog Security A US judge has sentenced a Nigerian man to three years and five months in a federal prison after he pleaded guilty to taking part in a business email compromise scam that targeted organisations around the world. ]]> 2017-12-15T13:57:05+00:00 https://www.welivesecurity.com/2017/12/15/business-email-compromise-scammer-sentenced-41-months-prison/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=451291 False Guideline None None Graham Cluley - Blog Security Passwords are under the microscope again, CrunchyRoll leads anime fans to malware, a sexy robot gains Saudi citizenship, and Carole begins her career as an agony aunt. ]]> 2017-11-09T08:41:18+00:00 https://www.grahamcluley.com/smashing-security-podcast-051-robots-romance-passwords-crunchyroll/ www.secnews.physaphae.fr/article.php?IdArticle=430566 False Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! The 2017 Faces of Fraud Survey, conducted by iSMG, the world's largest media organization devoted solely to information security and risk management, delivers revealing insights into the sector's challenges in fraud practices and strategies, and underscores the growing vulnerability of mobile channels. The 2017 Faces of Fraud Survey was commissioned by VASCO and compiled with responses from banking and security leaders representing financial institutions ranging from under $500 million to more than $20 billion in assets. Key findings include: 52 percent say today's fraud schemes are too sophisticated and evolve too quickly to keep pace Only 38 percent have high confidence in their organization's ability to detect and prevent fraud Almost half identify technical barriers or controls not talking to one another as a top challenge to improving enterprise fraud 41 percent do not want to add new anti-fraud controls that might negatively impact the customer experience 35 percent say they are countering mobile exploits with multifactor authentication Just 13 percent believe they are identifying fraud in real time Download the 2017 Faces of Fraud Survey, a 27-page report that documents how leaders in the banking and security industries are preparing for fraud. Roughly 250 banking/security leaders participated in this survey, which was conducted to determine: The top forms of fraud afflicting financial organizations in 2017 The biggest gaps in organizations' efforts to detect and prevent fraud What organizations are doing to counter the surge in mobile exploits Get your copy of the full report now.

---

]]> 2017-10-24T14:31:02+00:00 https://www.grahamcluley.com/vasco-feed-sponsor-17/ www.secnews.physaphae.fr/article.php?IdArticle=423064 False Guideline None None Graham Cluley - Blog Security ]]> 2017-09-19T11:33:58+00:00 https://www.grahamcluley.com/misleading-headlines-equifaxs-earlier-hack/ www.secnews.physaphae.fr/article.php?IdArticle=409731 False Guideline Equifax None Graham Cluley - Blog Security WannaCry hero Marcus Hutchins (aka MalwareTech) pleads not guilty to malware charges, the Scottish parliament is hit by a brute force attack, IoT smart locks aren't so smart, and.. ahem.. someone is sending intimate pics via AirDrop to unsuspecting commuters. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White. ]]> 2017-08-17T08:42:28+00:00 https://www.grahamcluley.com/smashing-security-038-gents-stop-airdropping-pics/ www.secnews.physaphae.fr/article.php?IdArticle=397578 False Guideline Wannacry None Graham Cluley - Blog Security British security researcher Marcus Hutchins pleads not guilty to malware charges in a US court, and returns to Twitter. ]]> 2017-08-15T08:12:30+00:00 https://www.grahamcluley.com/malwaretech-back-online-pleads-not-guilty-kronos-malware-charges/ www.secnews.physaphae.fr/article.php?IdArticle=396563 False Guideline None None Graham Cluley - Blog Security New "operational" samples of the NukeBot banking trojan have emerged months after its original creator published its source code. David Bisson reports. ]]> 2017-07-20T01:48:15+00:00 https://www.grahamcluley.com/publication-nukebot-trojans-source-code-leads-new-operational-samples/ www.secnews.physaphae.fr/article.php?IdArticle=386798 False Guideline None None Graham Cluley - Blog Security Virgin Media, a leading provider of internet, TV, and phone services in Britain, is urging customers to reset the passwords on their routers. Read more in my article on the Bitdefender BOX blog. ]]> 2017-06-23T23:59:43+00:00 https://www.bitdefender.com/box/blog/smart-home/800000-virgin-media-customer-urged-change-router-passwords/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=378302 False Guideline None None Graham Cluley - Blog Security An annoying Android app asks a user to grant it administrator rights in order to display ads that lead to potential drive-by downloads. David Bisson reports. ]]> 2017-06-07T20:24:29+00:00 https://www.grahamcluley.com/annoying-android-app-demands-admin-rights-to-display-ads/ www.secnews.physaphae.fr/article.php?IdArticle=372123 False Guideline None None Graham Cluley - Blog Security Remember to always be wary of opening unsolicited email attachments and clicking on unknown links. Clicking before you think could lead to your downfall. David Bisson reports. ]]> 2017-03-22T10:40:36+00:00 https://www.grahamcluley.com/victims-real-details-helping-hackers-trick-victims-installing-banking-malware/ www.secnews.physaphae.fr/article.php?IdArticle=343118 False Guideline None None Graham Cluley - Blog Security If you are a company running Cisco Prime Home to control your customers' devices – update it now. Read more in my article on the Bitdefender Box blog. ]]> 2017-02-03T13:54:38+00:00 https://www.bitdefender.com/box/blog/smart-home/critical-cisco-security-hole-lead-hackers-seizing-control-thousands-home-routers/ www.secnews.physaphae.fr/article.php?IdArticle=306206 False Guideline None None Graham Cluley - Blog Security Kids - don't hack into companies without their permission. They don't like it, and neither do the cops. ]]> 2016-12-14T12:58:09+00:00 https://www.grahamcluley.com/talktalks-hacker-blackmailer-pleads-guilty/ www.secnews.physaphae.fr/article.php?IdArticle=272826 False Guideline None None Graham Cluley - Blog Security Researchers have demonstrated that an attacker can hack unencrypted radio communication to seize control of many leading wireless keyboards and mice. David Bisson reports. ]]> 2016-10-28T08:56:22+00:00 https://www.grahamcluley.com/researchers-exploit-unencrypted-radio-hack-wireless-mice-keyboards/ www.secnews.physaphae.fr/article.php?IdArticle=230516 False Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! VASCO, a global leader in authentication, electronic signatures, and identity management, is sharing its expertise in a free on-demand webinar entitled "Top 10 tips for a successful and secure mobile first strategy." Mobile banking has definitely shifted focus from transaction to customer interaction, enabling users to engage with their bank anytime, anywhere and more frequently. But how can you establish a successful and secure mobile first strategy, while keeping an eye on user convenience? Check out this FREE on-demand webinar now! Discover the necessary tips to establish a successful and secure mobile first strategy: Enable more services on mobile Make user experience fast, convenient and secure Score your user's device and context Combat malware and other attacks Adopt mobile as the key to all your banking channels and many more...

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2016-10-03T09:14:26+00:00 https://www.grahamcluley.com/vasco-feed-sponsor-8/ www.secnews.physaphae.fr/article.php?IdArticle=156633 True Guideline None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! VASCO, a global leader in authentication, electronic signatures, and identity management, is sharing its expertise in a free webinar entitled "Top 10 tips for a successful and secure mobile first strategy." Mobile banking has definitely shifted focus from transaction to customer interaction, enabling users to engage with their bank anytime, anywhere and more frequently. But how can you establish a successful and secure mobile first strategy, while keeping an eye on user convenience? Register today for this FREE 30-min webinar! Discover the necessary tips to establish a successful and secure mobile first strategy: Enable more services on mobile Make user experience fast, convenient and secure Score your user's device and context Combat malware and other attacks Adopt mobile as the key to all your banking channels and many more...

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2016-09-12T09:05:53+00:00 https://www.grahamcluley.com/2016/09/vasco-feed-sponsor-7/ www.secnews.physaphae.fr/article.php?IdArticle=53418 False Guideline None None Graham Cluley - Blog Security announced that it had agreed a plan to get the open source disk encryption tool VeraCrypt independently audited. The audit, which would look for security holes and weaknesses in VeraCrypt's code, would be done in co-ordination with vulnerability researchers from QuarksLab. So far, so good. Especially as you may remember that VeraCrypt's predecessor, TrueCrypt, was mysteriously discontinued a couple of years back leading to all manner of conspiracy theories. Now, the bad news... OSTIF says that its confidential PGP-encrypted communications with QuarkLabs about the VeraCrypt security audit may be being mysteriously intercepted: We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders. Not only have the emails not arrived, but there is no trace of the emails in our “sent” folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared. This suggests that outside actors are attempting to listen in on and/or interfere with the audit process. We are setting up alternate means of encrypted communications in order to move forward with the audit project. If nation-states are interested in what we are doing we must be doing something right. Right? Let the speculation begin... ]]> 2016-08-15T12:23:59+00:00 https://www.grahamcluley.com/2016/08/trying-spy-veracrypts-security-audit/ www.secnews.physaphae.fr/article.php?IdArticle=7992 False Guideline None 5.0000000000000000 Graham Cluley - Blog Security Good samaritans and skinflints beware!Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach.Read more in my article on the Tripwire State of Security blog.]]> 2016-08-04T10:23:47+00:00 http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/ www.secnews.physaphae.fr/article.php?IdArticle=6216 False Guideline None None Graham Cluley - Blog Security writes Lukasz Olejnik:The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.A recent study [PDF] reported that battery status is being monitored by some tracking scripts.It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.Aside from tracking, there are other ways that battery information could be exploited.Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low.]]> 2016-08-02T07:55:29+00:00 https://www.grahamcluley.com/2016/08/advertisers-tracking-battery-status/ www.secnews.physaphae.fr/article.php?IdArticle=5177 False Guideline Uber None