This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-03T23:21:55+00:00 www.secnews.physaphae.fr Graham Cluley - Blog Security Computer manufacturer barely notices $3.5 million fine after customers' privacy and security was put at risk. ]]> 2017-09-06T10:18:46+00:00 https://www.grahamcluley.com/lenovos-superfish-security-fiasco-ends-slap-wrist/ www.secnews.physaphae.fr/article.php?IdArticle=404724 False None None None Graham Cluley - Blog Security Attackers have set up a dark web domain for their "Doxagram" site that offers for sale the email addresses and phone numbers of high-profile Instagram users. David Bisson reports. ]]> 2017-09-05T16:51:46+00:00 https://www.grahamcluley.com/instagram-breach-deepens-with-dark-web-doxagram-domain/ www.secnews.physaphae.fr/article.php?IdArticle=404391 False None None None Graham Cluley - Blog Security You don't need to know how to write a single line of code to write Android ransomware. ]]> 2017-09-04T21:11:16+00:00 https://www.grahamcluley.com/android-ransomware-construction-kit/ www.secnews.physaphae.fr/article.php?IdArticle=403941 False None None None Graham Cluley - Blog Security If you own a website, take advantage of the security features that your DNS registrar offers you or risk suffering the kind of attack OurMine wrought against WikiLeaks. ]]> 2017-09-04T18:36:35+00:00 https://www.grahamcluley.com/despite-appearances-wikileaks-wasnt-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=403942 False None None None Graham Cluley - Blog Security Security researchers have spotted a massive malware campaign that sent out 23 million messages laden with Locky ransomware in the span of 24 hours. David Bisson reports. ]]> 2017-09-01T17:26:52+00:00 https://www.grahamcluley.com/locky-ransomware-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=403513 False None None None Graham Cluley - Blog Security Messages your customers receive from a hacker who has already compromised your email system are going to look much more convincing, and could result in your clients transferring large sums of money into a scammer's bank account and you losing customer trust and future business. Read more in my article on the Bitdefender Business Insights blog. ]]> 2017-09-01T12:57:54+00:00 https://businessinsights.bitdefender.com/insecure-office-365-setups-business-security#new_tab www.secnews.physaphae.fr/article.php?IdArticle=403319 False None None None Graham Cluley - Blog Security It's a huge failure by airport security, but hardly the first time it has happened... David Bisson reports. ]]> 2017-09-01T12:53:58+00:00 https://www.grahamcluley.com/blonde-girlfriends-passport-let-dark-haired-man-fly-london-germany/ www.secnews.physaphae.fr/article.php?IdArticle=403320 False None None None Graham Cluley - Blog Security Instagram has confirmed a hacking attack that targeted several high-profile users of the photo sharing application. Make sure you have a strong, unique password and two-step verification in place to better protect your accounts. David Bisson reports. ]]> 2017-08-31T13:41:44+00:00 https://www.grahamcluley.com/instagram-hack-high-profile-accounts/ www.secnews.physaphae.fr/article.php?IdArticle=403019 False None None None Graham Cluley - Blog Security Digital attackers have pulled off a tried-and-true password brute-force attack against American online marketplace Zazzle. David Bisson reports. ]]> 2017-08-31T09:30:29+00:00 https://www.grahamcluley.com/zazzle-brute-force-attack/ www.secnews.physaphae.fr/article.php?IdArticle=402681 False None None None Graham Cluley - Blog Security Are public figures lying about being hacked? What were online criminals doing with 711 million email addresses? And how could scammers profit from Hurricane Harvey? All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by HaveIBeenPwned's Troy Hunt. ]]> 2017-08-31T08:03:20+00:00 https://www.grahamcluley.com/smashing-security-040-troy-hunt/ www.secnews.physaphae.fr/article.php?IdArticle=402683 False None None None Graham Cluley - Blog Security The Onliner spambot weaponized a whopping 711 million email accounts to distribute spam emails laden with malware. David Bisson reports. ]]> 2017-08-30T13:23:44+00:00 https://www.grahamcluley.com/711-million-email-accounts-onliner-spam/ www.secnews.physaphae.fr/article.php?IdArticle=402503 False None None None Graham Cluley - Blog Security Second-hand electronics dealer CeX is warning that it has suffered a data breach that has exposed the personal information of up to two million customers. ]]> 2017-08-30T09:33:20+00:00 https://www.grahamcluley.com/cex-data-breach-impacts-two-million-uk-accounts-customers-told-change-passwords-asap/ www.secnews.physaphae.fr/article.php?IdArticle=402339 False None None None Graham Cluley - Blog Security Apparently it wasn't him who said those nasty things about Barack Obama's mom. ]]> 2017-08-29T20:21:08+00:00 https://www.grahamcluley.com/trump-appointee-says-past-several-years-victim-multiple-cyber-attacks-internet-crimes/ www.secnews.physaphae.fr/article.php?IdArticle=402047 False None None None Graham Cluley - Blog Security Security researchers have detected a state-sponsored spyware campaign that's leveraging the Ehdoor backdoor to target entities in India and Pakistan. David Bisson reports. ]]> 2017-08-29T14:44:47+00:00 https://www.grahamcluley.com/spyware-deployed-state-sponsored-attacks-india-pakistan/ www.secnews.physaphae.fr/article.php?IdArticle=402048 False None None None Graham Cluley - Blog Security Hackers seized control of the American singer and actress's Instagram account and posted revealing snaps of her ex-boyfriend Justin Bieber. ]]> 2017-08-29T10:44:01+00:00 https://www.grahamcluley.com/selena-gomez-please-tell-125-million-fans-enable-two-step-verification/ www.secnews.physaphae.fr/article.php?IdArticle=401858 False None None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems. The Revised Payment Services Directive, also known as PSD2, requires European banks to provide communication interfaces to Third Party Providers (TPPs). These interfaces, generally referred to as APIs, will allow TPPs to build innovative financial services on top of the services of the banks. The requirements for these interfaces are defined in the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC), of which the European Banking Authority (EBA) published a draft version in February 2017. In this whitepaper VASCO analyzes the requirements for the communication interface as defined in the draft RTS, with a special emphasis on security requirements. VASCO identifies the most important security threats against these interfaces, and discuss various solutions that can help banks to protect against them. By downloading this free white paper, you'll discover: the PSD2 requirements for open banking APIs the security and privacy threats against the APIs of banks how to protect APIs against security threats VASCO's solution suite for PSD2 compliance Interested in learning more? Download VASCO's white paper: Open Banking APIs under PSD2: What are the security threats and solutions?

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2017-08-28T13:29:10+00:00 https://www.grahamcluley.com/vasco-feed-sponsor-15/ www.secnews.physaphae.fr/article.php?IdArticle=401478 True None None None Graham Cluley - Blog Security American managed health care company Aetna is in hot water for accidentally exposing the HIV statuses of 12,000 of its patients. David Bisson reports. ]]> 2017-08-25T22:37:17+00:00 https://www.grahamcluley.com/oops-aetna-exposed-12000-customers-hiv-statuses-envelope-window/ www.secnews.physaphae.fr/article.php?IdArticle=400968 False None None None Graham Cluley - Blog Security A firm which sells Xenon HID headlight conversion kits, reversing cameras, parking sensors and other high-tech gear for motorists, has warned customers to be wary after a security breach. ]]> 2017-08-25T16:13:38+00:00 https://www.grahamcluley.com/hids4u-customers-warned-free-gift-email-attack-customer-database-leaks/ www.secnews.physaphae.fr/article.php?IdArticle=400969 False None None None Graham Cluley - Blog Security It took a Massachusetts hospital 14 years to detect a data breach. To make matters worse, even after all that time - it wasn't the medical center itself that discovered the incident. David Bisson reports. ]]> 2017-08-25T15:53:40+00:00 https://www.grahamcluley.com/took-14-years-massachusetts-hospital-detect-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=400970 False None None None Graham Cluley - Blog Security Hackers could change emails in your inbox *after* they are delivered, the web is getting more and more encrypted, and hacked robots can be commanded to umm... stab you. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cyborg Scott Helme. ]]> 2017-08-24T07:32:15+00:00 https://www.grahamcluley.com/smashing-security-039-woah-are-we-talking-to-a-cyborg/ www.secnews.physaphae.fr/article.php?IdArticle=400161 False None None None Graham Cluley - Blog Security The BankBot malware family is abusing Android's accessibility services to try to install additional apps without users' permission. David Bisson reports. ]]> 2017-08-24T02:06:39+00:00 https://www.grahamcluley.com/bankbot-trojan-tries-sneak-apps-onto-android-smartphone-without-permission/ www.secnews.physaphae.fr/article.php?IdArticle=400162 False None None None Graham Cluley - Blog Security Once again, FC Barcelona has had its social media accounts hacked. Maybe they want to think a little bit more about improving their defence? ]]> 2017-08-23T13:51:32+00:00 https://www.grahamcluley.com/barcelona-social-media-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=400163 False None None None Graham Cluley - Blog Security A member of the Anonymous hacking collective claims to have stolen data belonging to 1.2 million patients of the United Kingdom's National Health Service (NHS). David Bisson reports. ]]> 2017-08-22T16:45:18+00:00 https://www.grahamcluley.com/anonymous-nhs-hacker/ www.secnews.physaphae.fr/article.php?IdArticle=399519 False None None None Graham Cluley - Blog Security Hollywood actress Anne Hathaway is just the latest in a long line of celebrities who have found their intimate snaps exposed online by hackers. ]]> 2017-08-22T12:41:13+00:00 https://www.grahamcluley.com/nude-photos-anne-hathaway-leaked-online-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=399311 False None None None Graham Cluley - Blog Security According to media reports, the FBI has been quietly meeting with companies to warn them of the threat posed by Russian security firm Kaspersky. ]]> 2017-08-22T10:52:52+00:00 https://www.grahamcluley.com/fbi-briefing-us-companies-using-kaspersky-products-claims-report/ www.secnews.physaphae.fr/article.php?IdArticle=399312 False None None None Graham Cluley - Blog Security Researchers have disclosed two zero-day vulnerabilities affecting Foxit's PDF Reader after the vendor revealed it has no plans to fix the security flaws. David Bisson reports. ]]> 2017-08-21T15:56:11+00:00 https://www.grahamcluley.com/zero-day-vulnerabilities-foxit-pdf-reader/ www.secnews.physaphae.fr/article.php?IdArticle=398971 False None None None Graham Cluley - Blog Security The OurMine hacking group claimed yet another corporate scalp this weekend - seizing control over the Twitter and Facebook accounts of Sony's PlayStation Network (PSN). Read more in my article on the Hot for Security blog. ]]> 2017-08-21T13:51:28+00:00 https://hotforsecurity.bitdefender.com/blog/sony-social-media-accounts-hijacked-as-hackers-claims-to-have-stolen-psn-database-18783.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=398972 False None None None Graham Cluley - Blog Security The US authorities saved themselves an awful lot of paperwork and legal expense arresting their suspect on their own soil rather than trying to extradite him from the UK. ]]> 2017-08-21T12:05:51+00:00 https://www.grahamcluley.com/gchq-knew-fbi-planning-arrest-wannacrys-accidental-hero-travelled-usa/ www.secnews.physaphae.fr/article.php?IdArticle=398973 False None Wannacry None Graham Cluley - Blog Security Hackers could use a sonar-based attack to infer information about what a target is doing, including when they might be engaging in sexual activity. David Bisson reports. ]]> 2017-08-19T20:54:55+00:00 https://www.grahamcluley.com/sonar-based-attack-could-help-hackers-infer-when-youre-having-sex/ www.secnews.physaphae.fr/article.php?IdArticle=398483 False None None None Graham Cluley - Blog Security "You could disable the air bags, the anti-lock brakes, or the door locks, and steal the car," says researcher. David Bisson reports. ]]> 2017-08-17T14:43:48+00:00 https://www.grahamcluley.com/vendor-neutral-smart-car-bug-dangerous-even-fatal-consequences/ www.secnews.physaphae.fr/article.php?IdArticle=397958 False None None None Graham Cluley - Blog Security It's never a dull day if you're working in HBO's IT security team. Read more in my article on the Tripwire State of Security blog. ]]> 2017-08-17T12:45:25+00:00 https://www.tripwire.com/state-of-security/featured/lessons-to-learn-after-hackers-hijack-hbos-facebook-and-twitter-accounts/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=397737 False None None None Graham Cluley - Blog Security WannaCry hero Marcus Hutchins (aka MalwareTech) pleads not guilty to malware charges, the Scottish parliament is hit by a brute force attack, IoT smart locks aren't so smart, and.. ahem.. someone is sending intimate pics via AirDrop to unsuspecting commuters. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White. ]]> 2017-08-17T08:42:28+00:00 https://www.grahamcluley.com/smashing-security-038-gents-stop-airdropping-pics/ www.secnews.physaphae.fr/article.php?IdArticle=397578 False Guideline Wannacry None Graham Cluley - Blog Security A supply chain attack is believed to have been responsible for surreptitiously inserting a backdoor into widely used server management software. David Bisson reports. ]]> 2017-08-16T18:01:03+00:00 https://www.grahamcluley.com/supply-chain-attack-inserted-backdoor-into-popular-server-management-software/ www.secnews.physaphae.fr/article.php?IdArticle=397428 False None None None Graham Cluley - Blog Security Indian police have arrested four people following the online leaking of an episode of the hit HBO TV series "Game of Thrones". Read more in my article on the Hot for Security blog. ]]> 2017-08-16T09:17:01+00:00 https://hotforsecurity.bitdefender.com/blog/four-people-arrested-in-connection-with-game-of-thrones-episode-leak-18759.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=397068 False None None None Graham Cluley - Blog Security Is your email hardened against brute force attacks? ]]> 2017-08-16T08:42:59+00:00 https://www.grahamcluley.com/hackers-try-break-scottish-parliament-email-accounts-weeks-westminster-attack/ www.secnews.physaphae.fr/article.php?IdArticle=397069 False None None None Graham Cluley - Blog Security A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key. David Bisson reports. ]]> 2017-08-15T14:07:21+00:00 https://www.grahamcluley.com/friendly-neighborhood-hacker-helps-family-regain-access-locked-car/ www.secnews.physaphae.fr/article.php?IdArticle=396899 False None None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems. The Revised Payment Services Directive, also known as PSD2, requires European banks to provide communication interfaces to Third Party Providers (TPPs). These interfaces, generally referred to as APIs, will allow TPPs to build innovative financial services on top of the services of the banks. The requirements for these interfaces are defined in the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC), of which the European Banking Authority (EBA) published a draft version in February 2017. In this whitepaper VASCO analyzes the requirements for the communication interface as defined in the draft RTS, with a special emphasis on security requirements. VASCO identifies the most important security threats against these interfaces, and discuss various solutions that can help banks to protect against them. By downloading this free white paper, you'll discover: the PSD2 requirements for open banking APIs the security and privacy threats against the APIs of banks how to protect APIs against security threats VASCO's solution suite for PSD2 compliance Interested in learning more? Download VASCO's white paper: Open Banking APIs under PSD2: Security Threats and Solutions

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2017-08-15T14:05:06+00:00 https://www.grahamcluley.com/open-banking-apis-psd2-security-threats-solutions-download-free-white-paper/ www.secnews.physaphae.fr/article.php?IdArticle=397071 True None None None Graham Cluley - Blog Security Visited a website protesting against the current US President? Law enforcement wants to know who you are... ]]> 2017-08-15T08:34:37+00:00 https://www.grahamcluley.com/us-govt-demands-details-1-3-million-internet-users-visited-trump-resistance-website/ www.secnews.physaphae.fr/article.php?IdArticle=396562 False None None None Graham Cluley - Blog Security British security researcher Marcus Hutchins pleads not guilty to malware charges in a US court, and returns to Twitter. ]]> 2017-08-15T08:12:30+00:00 https://www.grahamcluley.com/malwaretech-back-online-pleads-not-guilty-kronos-malware-charges/ www.secnews.physaphae.fr/article.php?IdArticle=396563 False Guideline None None Graham Cluley - Blog Security A fouled-up over-the-air firmware update rendered hundreds of a smart lock vendor's products unopenable. Whoops. David Bisson reports. ]]> 2017-08-14T18:06:59+00:00 https://www.grahamcluley.com/hundreds-of-smart-locks-bricked-by-flubbed-remote-update/ www.secnews.physaphae.fr/article.php?IdArticle=396441 False None None None Graham Cluley - Blog Security The fallout from the HBO hack, which has already seen episodes of “Games of Thrones” scripts and episodes leaked online, the distribution of stars' email addresses and personal phone numbers, and million-dollar demands for an alleged haul of 1.5 terabytes of TV shows and corporate information, continues to get worse. Read more in my article on the Hot for Security blog. ]]> 2017-08-14T12:13:59+00:00 https://hotforsecurity.bitdefender.com/blog/hbo-offered-its-hackers-250000-after-attack-leaked-email-claims-18744.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=396268 False None None None Graham Cluley - Blog Security A family of Android spyware has infected more than 1,000 apps, including some which infiltrated Google's Play Store. David Bisson reports. ]]> 2017-08-13T15:15:32+00:00 https://www.grahamcluley.com/thousand-spyware-infected-android-apps-discovered/ www.secnews.physaphae.fr/article.php?IdArticle=395973 False None None None Graham Cluley - Blog Security UK telecoms operator TalkTalk has been fined £100,000 for failing to protect the personal information of consumers, after the details of 21,000 customers were leaked. Read more in my article on the Hot for Security blog. ]]> 2017-08-11T11:37:18+00:00 https://hotforsecurity.bitdefender.com/blog/talktalk-fined-100000-after-carelessly-exposing-customer-data-again-18715.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=395773 False None None None Graham Cluley - Blog Security Plaintext data transmissions make $1.99 app a spoofer's delight... David Bisson reports. ]]> 2017-08-10T22:51:06+00:00 https://www.grahamcluley.com/sms-touch-a-security-and-privacy-nightmare-for-ios-users/ www.secnews.physaphae.fr/article.php?IdArticle=395344 False None None None Graham Cluley - Blog Security British Home Secretary Amber Rudd has been duped into sharing her personal email address with a prankster who has previously embarrassed the likes of Donald Trump Jr and various White House officials. Read more in my article on the Tripwire State of Security blog. ]]> 2017-08-10T12:20:35+00:00 https://www.tripwire.com/state-of-security/featured/amber-rudd-tricked-by-email-prankster-who-duped-white-house-officials/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=395117 False None None None Graham Cluley - Blog Security Hackers are holding HBO to ransom after a massive data breach, and have leaked the phone numbers and email addresses of "Game of Thrones" cast members. Has security firm Carbon Black been leaking customers's sensitive files while trying to scan them? And Disney's mobile apps are accused of spying on kids... All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes. ]]> 2017-08-10T09:46:58+00:00 https://www.grahamcluley.com/smashing-security-037-boobs-dragons-data-breaches/ www.secnews.physaphae.fr/article.php?IdArticle=395118 False None None None Graham Cluley - Blog Security There has been another welcome step along the road to Adobe Flash's funeral, with the release this week of a new version of the Firefox browser. Read more in my article on the Hot for Security blog. ]]> 2017-08-10T07:48:26+00:00 https://hotforsecurity.bitdefender.com/blog/at-last-firefox-puts-another-nail-in-flashs-coffin-18701.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=394887 False None None None Graham Cluley - Blog Security Privacy researchers have accused Hotspot Shield VPN of logging user data and selling it to advertisers, despite claims to the contrary. David Bisson reports. ]]> 2017-08-09T23:22:45+00:00 https://www.grahamcluley.com/hotspot-shield-vpn-accused-logging-user-data-selling-advertisers/ www.secnews.physaphae.fr/article.php?IdArticle=394660 False None None None Graham Cluley - Blog Security Struggling with passwords? The easiest thing to do is get a decent password manager. ]]> 2017-08-08T20:01:44+00:00 https://www.grahamcluley.com/n3vr-m1d-password-rules-get-a-password-manager-to-generate-and-remember-your-passwords-instead/ www.secnews.physaphae.fr/article.php?IdArticle=394058 False None None None Graham Cluley - Blog Security An engineer has been sent to prison for 18 months after accessing his former employer's networks without proper authorization. David Bisson reports. ]]> 2017-08-08T13:59:36+00:00 https://www.grahamcluley.com/engineer-sentenced-to-18-months-in-the-slammer-for-accessing-former-employers-networks/ www.secnews.physaphae.fr/article.php?IdArticle=394059 False None None None Graham Cluley - Blog Security EirGrid, which provides electricity to homes and businesses across Ireland and Northern Ireland, reportedly suffered a security breach earlier this year at the hands of state-sponsored hackers. Read more in my article on the Hot for Security blog. ]]> 2017-08-08T12:27:37+00:00 https://hotforsecurity.bitdefender.com/blog/attack-on-irelands-state-owned-power-provider-blamed-on-state-sponsored-hackers-18675.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=393841 False None None None Graham Cluley - Blog Security A class-action lawsuit has been filed against The Walt Disney Company for wrongfully exfiltrating children's personally identifying information through the Disney Princess Palace Pets mobile app. David Bisson reports. ]]> 2017-08-08T11:07:36+00:00 https://www.grahamcluley.com/disney-slammed-class-action-complaint-unlawfully-exfiltrating-kids-personal-data/ www.secnews.physaphae.fr/article.php?IdArticle=393842 False None None None Graham Cluley - Blog Security Graham Cluley Security News is sponsored this week by the folks at VASCO. Thanks to the great team there for their support! Social engineering is certainly not a new problem, but it's a persistent one that continues to grow, and with seemingly no end in sight. Social engineering preys on a natural human tendency to trust. Hackers are expert at manipulating the human factor and exploiting trust to steal valuable information. They accomplish this by convincing their victims to divulge confidential information or participate unknowingly in fraudulent transactions. While most financial institutions have taken significant steps to combat social engineering through user education and additional controls for their customers, they still find themselves struggling to identify new attack methods and mitigate the damage. Traditional phishing schemes are increasing in frequency and more targeted spear phishing attacks are as well. As customers migrate to additional channels, hackers are following them with threats such as voice phishing (Vishing) and SMS phishing (SMishing). Education and enhanced security are the best defenses against hackers and social engineering attacks. To arm you for the battle, download VASCO's "Social Engineering" eBook and you'll discover: The latest social engineering attack methods The transaction authorization weaknesses How to minimize the risk of social engineering attacks Industry best practices and use cases Get your free copy of VASCO's "Social Engineering" eBook now!

---

If you're interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2017-08-08T10:10:46+00:00 https://www.grahamcluley.com/natural-human-tendency-trust-prepared-download-vascos-social-engineering-ebook/ www.secnews.physaphae.fr/article.php?IdArticle=393843 False None None None Graham Cluley - Blog Security Hit TV show "Game of Thrones" was hit by hackers at the end of last month, who claimed to have stolen 1.5 terabytes of data from HBO. And now an actual episode has leaked online too. ]]> 2017-08-07T08:15:34+00:00 https://www.grahamcluley.com/game-thrones-season-7-episode-4-leaked-online/ www.secnews.physaphae.fr/article.php?IdArticle=393196 False None None None Graham Cluley - Blog Security An attacker could exploit vulnerabilities found in solar panel components to shut down large parts of a power grid, claims a security researcher. David Bisson reports. ]]> 2017-08-06T10:58:17+00:00 https://www.grahamcluley.com/attackers-shut-power-grids-abusing-solar-panel-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=393029 False None None 5.0000000000000000 Graham Cluley - Blog Security A family of malware known as "Invisible Man" abuses Android OS accessibility services in order to steal users' banking credentials. David Bisson reports. ]]> 2017-08-04T14:41:20+00:00 https://www.grahamcluley.com/invisible-man-malware-lifts-banking-credentials-by-abusing-android-accessibility-services/ www.secnews.physaphae.fr/article.php?IdArticle=393030 False None None 2.0000000000000000 Graham Cluley - Blog Security Marcus Hutchins, aka MalwareTech, the British security researcher who was credited with stopping the hard-hitting WannaCry ransomware worm that hit the UK's NHS hard earlier this year, has been arrested in Las Vegas. ]]> 2017-08-03T23:01:53+00:00 https://www.grahamcluley.com/fbi-arrests-wannacrys-accidental-hero-connection-kronos-banking-trojan/ www.secnews.physaphae.fr/article.php?IdArticle=392512 False None Wannacry None Graham Cluley - Blog Security The developers of the notorious Carbanak banking trojan have added a new JavaScript backdoor to their tool set, targeting US restaurant chains. David Bisson reports. ]]> 2017-08-03T22:55:07+00:00 https://www.grahamcluley.com/bateleur-new-malware-backdoor-targeting-restaurant-chains-makers-carbanak/ www.secnews.physaphae.fr/article.php?IdArticle=392513 False None None None Graham Cluley - Blog Security Criminals hacked into a developer's account, and modified a Chrome browser extension used by over a million people to push unwanted adverts. Read more in my article on the Tripwire State of Security blog. ]]> 2017-08-03T12:50:43+00:00 https://www.tripwire.com/state-of-security/featured/hackers-hijack-popular-chrome-extension-inject-code-web-developers-browsers/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=392335 False None None None Graham Cluley - Blog Security A security threat researcher is badly hacked in a revenge attack. Some people want to save Adobe Flash, but is that wise? And a poorly-secured electronic billboard starts displaying offensive images... All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis. ]]> 2017-08-03T02:47:19+00:00 https://www.grahamcluley.com/smashing-security-036-flash-clunk-flush-and-hacking-security-researchers/ www.secnews.physaphae.fr/article.php?IdArticle=392039 False None None None Graham Cluley - Blog Security Someone managed to seize control of a large digital advertising billboard on Cardiff's main shopping street, forcing it to display a series of swastikas and far-right images. ]]> 2017-08-02T13:00:24+00:00 https://www.grahamcluley.com/hackers-hijack-central-cardiff-billboard-display-swastikas/ www.secnews.physaphae.fr/article.php?IdArticle=391864 False None None None Graham Cluley - Blog Security You won't be surprised to hear it's easy to create a webmail account in the name of Donald Trump Jr, Anthony Scaramucci or Jared Kushner. And, of course, there are always people who will trust emails from such accounts all too quickly... ]]> 2017-08-01T19:25:43+00:00 https://www.grahamcluley.com/email-prankster-tricks-white-house-officials/ www.secnews.physaphae.fr/article.php?IdArticle=391550 False None None 2.0000000000000000 Graham Cluley - Blog Security Security researchers have discovered that the Amazon Echo is vulnerable to attacks that could allow a hacker to install malware capable of secretly spying on the device's microphone to hear what is being said in its vicinity. Read more in my article on the Bitdefender BOX blog. ]]> 2017-08-01T14:52:50+00:00 https://www.bitdefender.com/box/blog/smart-home/hackers-install-malware-amazon-echo-secretly-wiretap/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=391551 False None None 2.0000000000000000 Graham Cluley - Blog Security Security researchers have discovered the malicious Triada trojan horse implanted into the firmware of several Android devices. David Bisson reports. ]]> 2017-08-01T14:43:08+00:00 https://www.grahamcluley.com/trojan-found-pre-installed-on-android-phones-being-sold-on-amazon/ www.secnews.physaphae.fr/article.php?IdArticle=391552 False None None None Graham Cluley - Blog Security UK Home Secretary Amber Rudd argues that "real people" would be happy with imperfect, breakable security. ]]> 2017-08-01T10:47:14+00:00 https://www.grahamcluley.com/real-people-not-want-secure-communications-claims-uk-home-secretary-amber-rudd/ www.secnews.physaphae.fr/article.php?IdArticle=391337 False None None None Graham Cluley - Blog Security watch a video explanation, and download VASCO's free white paper where you will discover: Which intrusions RASP can detect and prevent How natively integrated RASP technology strengthens mobile applications How RASP bridges the divide between infrastructure and app server owners Why applications secured with RASP result in a lower cost, higher benefit ratio Runtime application self-protection is critical for next generation app security, so learn more now, watch the video and download VASCO's free white paper.

---

If you're interested in exclusively sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here. ]]> 2017-08-01T10:25:54+00:00 https://www.grahamcluley.com/going-protect-next-generation-mobile-applications/ www.secnews.physaphae.fr/article.php?IdArticle=391338 False None None None Graham Cluley - Blog Security Attendees to the DEF CON hacking conference in Las Vegas discovered weak spots in electronic voting machines that attackers could abuse in future compromises. David Bisson reports. ]]> 2017-07-31T17:56:31+00:00 https://www.grahamcluley.com/def-con-attendees-make-short-work-electronic-voting-machines/ www.secnews.physaphae.fr/article.php?IdArticle=390996 False None None 2.0000000000000000 Graham Cluley - Blog Security Italy's largest lender, UniCredit, has blamed an unnamed “third-party provider” for two security breaches where hackers have managed to steal information related to the personal loans of some 400,000 customers. Read more in my article on the Hot for Security blog. ]]> 2017-07-31T17:15:30+00:00 https://hotforsecurity.bitdefender.com/blog/hackers-steal-information-on-400000-customers-of-italys-biggest-bank-18562.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=390997 False None None 4.0000000000000000 Graham Cluley - Blog Security Hackers can exploit security flaws affecting popular car wash rigs to damage customers' vehicles and "physically attack" people. David Bisson reports. ]]> 2017-07-29T01:40:38+00:00 https://www.grahamcluley.com/car-wash-security-flaws-let-hackers-physically-attack-people/ www.secnews.physaphae.fr/article.php?IdArticle=390480 False None None None Graham Cluley - Blog Security Beijing police officers have arrested 11 individuals in connection with the Fireball malware that has infected hundreds of millions of computers. David Bisson reports. ]]> 2017-07-28T06:31:06+00:00 https://www.grahamcluley.com/11-arrested-chinese-fireball-malware-investigation/ www.secnews.physaphae.fr/article.php?IdArticle=390086 False None None None Graham Cluley - Blog Security China is forcing people to install smartphone spyware, young cyberoffenders are offered rehab, and robot vacuum cleaners want to sell maps of the inside of your house to tech firms. All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dan Ring. ]]> 2017-07-26T23:12:35+00:00 https://www.grahamcluley.com/smashing-security-035-roomba-mandatory-chinese-spyware/ www.secnews.physaphae.fr/article.php?IdArticle=389385 False None None None Graham Cluley - Blog Security Remember to never ever agree to download Adobe Flash Player onto your Android phone. David Bisson reports. ]]> 2017-07-26T16:11:18+00:00 https://www.grahamcluley.com/every-app-offered-by-alternative-android-app-market-redirected-to-malware/ www.secnews.physaphae.fr/article.php?IdArticle=389386 False None None None Graham Cluley - Blog Security The FBI is thought to be currently investigating hundreds of infections tied to the mysterious FruitFly family of Mac-based malware. David Bisson reports. ]]> 2017-07-26T15:52:48+00:00 https://www.grahamcluley.com/fbi-investigating-infections-tied-to-fruitful-fruitfly-malware/ www.secnews.physaphae.fr/article.php?IdArticle=389387 False None None None Graham Cluley - Blog Security More than 45,000 users have voiced their disapproval on social media for Hungary's public transport system after police arrested an 18-year-old man for reporting a flaw in its new e-ticket system. David Bisson reports. ]]> 2017-07-25T02:02:29+00:00 https://www.grahamcluley.com/18-year-old-arrested-reporting-dumb-bug-public-transport-e-ticket-system/ www.secnews.physaphae.fr/article.php?IdArticle=388392 False None None None Graham Cluley - Blog Security Criminals have cloned a UK university's website in an attempt to phish for unsuspecting students' cash and personal information. David Bisson reports. ]]> 2017-07-23T22:21:15+00:00 https://www.grahamcluley.com/online-criminals-clone-uk-universitys-website-to-phish-for-cash/ www.secnews.physaphae.fr/article.php?IdArticle=387915 False None None None Graham Cluley - Blog Security Security holes could have seen attackers seize remote control of a hoverboard and potentially injure riders by suddenly disabling the motor. Read more in my article on the Tripwire State of Security blog. ]]> 2017-07-20T13:55:49+00:00 https://www.tripwire.com/state-of-security/featured/segway-minipro-patched-stop-hackers-hijacking-remote-control-hoverboard-riders/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=387380 False None None None Graham Cluley - Blog Security Crikey - this isn't the first Ethereum heist we've seen...THIS WEEK! David Bisson reports. ]]> 2017-07-20T13:53:09+00:00 https://www.grahamcluley.com/hacker-steals-30m-worth-ethereum-abusing-parity-wallet-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=387381 False None None None Graham Cluley - Blog Security The UK government wants you to give your credit card details to porn sites, Ashley Madison offers compensation to the people whose lives it ruined, and an adult website wants you to pass its unorthodox and below-the-belt biometric identity check... gulp! All this and Myspace, Google Glass, Fleabag, and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland. ]]> 2017-07-20T09:30:03+00:00 https://www.grahamcluley.com/smashing-security-034-pen-mightier-password/ www.secnews.physaphae.fr/article.php?IdArticle=386985 False None None 2.0000000000000000 Graham Cluley - Blog Security New "operational" samples of the NukeBot banking trojan have emerged months after its original creator published its source code. David Bisson reports. ]]> 2017-07-20T01:48:15+00:00 https://www.grahamcluley.com/publication-nukebot-trojans-source-code-leads-new-operational-samples/ www.secnews.physaphae.fr/article.php?IdArticle=386798 False Guideline None None Graham Cluley - Blog Security Once again questions are being asked about IOT security after it was revealed that a buggy software library is being used in millions of devices connected to the internet around the world. Read more in my article on the Bitdefender BOX blog. ]]> 2017-07-19T19:30:48+00:00 https://www.bitdefender.com/box/blog/iot-news/millions-iot-devices-hacking-risk-due-flaw-open-source-software-library/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=386799 False None None None Graham Cluley - Blog Security When you start watching this video from Western Cape Government in South Africa, you think it's a bit of a giggle. And then... ]]> 2017-07-19T13:50:11+00:00 https://www.grahamcluley.com/texting-no-laughing-matter/ www.secnews.physaphae.fr/article.php?IdArticle=386800 False None None None Graham Cluley - Blog Security If something *that* bad can be present on Myspace, I wonder what other problems might lurk there? ]]> 2017-07-18T17:38:20+00:00 https://www.grahamcluley.com/myspace-fixes-account-security-hole-delete-account-anyway/ www.secnews.physaphae.fr/article.php?IdArticle=386243 False None None None Graham Cluley - Blog Security More and more details are emerging of the financial impact that last month's malware attack has had on major businesses. Read more in my article on the Hot for Security blog. ]]> 2017-07-18T14:59:24+00:00 https://hotforsecurity.bitdefender.com/blog/didnt-get-your-oreo-cookie-shipment-last-months-global-cyber-attack-may-be-to-blame-18484.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=386244 False None None None Graham Cluley - Blog Security Unsuspecting Iranian users of the Telegram app, best watch out - or they could find themselves the target of Android spyware. David Bisson reports. ]]> 2017-07-18T14:30:41+00:00 https://www.grahamcluley.com/spyware-abuses-telegram-messaging-app-to-target-iranian-android-users/ www.secnews.physaphae.fr/article.php?IdArticle=386245 False None None None Graham Cluley - Blog Security Never let a suspicious program coerce you into allowing Android app installations from unknown sources. David Bisson reports. ]]> 2017-07-18T13:25:34+00:00 https://www.grahamcluley.com/marcher-malware-adobe-flash-player/ www.secnews.physaphae.fr/article.php?IdArticle=386246 False None None None Graham Cluley - Blog Security All you need to hijack a Myspace account is the user's name, username, and date of birth. David Bisson reports. ]]> 2017-07-17T15:14:01+00:00 https://www.grahamcluley.com/three-pieces-of-public-data-provides-pwnage-for-any-myspace-account/ www.secnews.physaphae.fr/article.php?IdArticle=385800 False None None None Graham Cluley - Blog Security The new OSX/Dok Mac malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials. David Bisson reports. ]]> 2017-07-16T20:07:37+00:00 https://www.grahamcluley.com/dok-mac-malware/ www.secnews.physaphae.fr/article.php?IdArticle=385283 False None None None Graham Cluley - Blog Security A criminal gang's new malware threatens to steal credit card information from poisoned payment terminals. David Bisson reports. ]]> 2017-07-14T15:55:36+00:00 https://www.grahamcluley.com/lockpos-new-point-sale-malware-distributed-dormant-command-control-server/ www.secnews.physaphae.fr/article.php?IdArticle=385285 False None None None Graham Cluley - Blog Security As new technologies develop, it's worth reminding ourselves that just because we can do something doesn't mean that we should. Often a new technology can bring plenty of new opportunities to do amazing things, but that doesn't mean that it cannot also be ripe for abuse. Read more in my article on the Tripwire State of Security blog. ]]> 2017-07-13T12:59:07+00:00 https://www.tripwire.com/state-of-security/featured/looking-welcome-world-facial-recognition/#new_tab www.secnews.physaphae.fr/article.php?IdArticle=384454 False None None None Graham Cluley - Blog Security Every click, a few cents are made... David Bisson reports. ]]> 2017-07-13T09:37:44+00:00 https://www.grahamcluley.com/magala-trojan-clicker-generates-revenue-by-boosting-advertising-clicks/ www.secnews.physaphae.fr/article.php?IdArticle=384455 False None None None Graham Cluley - Blog Security Is password manager 1Password treating its customers unfairly? Are autonomous cars driving us around the bend? And what is this Net Neutrality thing anyway? All this and more is discussed in the latest edition of the "Smashing Security" podcast. ]]> 2017-07-13T07:02:34+00:00 https://www.grahamcluley.com/smashing-security-033-1password-net-neutrality-spatchcock-chicken/ www.secnews.physaphae.fr/article.php?IdArticle=384248 False None None None Graham Cluley - Blog Security Just because a malware outbreak has begun to fade away from the newspaper headlines, doesn't mean your troubles are over. Many firms can continue to suffer long afterwards. Read more in my article on the Bitdefender Business Insights blog. ]]> 2017-07-12T12:17:03+00:00 https://businessinsights.bitdefender.com/goldeneye-ransomware-patch-businesses#new_tab www.secnews.physaphae.fr/article.php?IdArticle=383782 False None None None Graham Cluley - Blog Security It's always important to take any potential hacking incident seriously and bring in the feds to properly investigate. Read more in my article on the Hot for Security blog. ]]> 2017-07-12T09:39:01+00:00 https://hotforsecurity.bitdefender.com/blog/trump-hotels-customers-hit-by-credit-card-stealing-hackers-again-18392.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=383783 False None None None Graham Cluley - Blog Security Yep, we've finally reached the point where people are having to update their augmented reality headsets with security patches. But for those of us with their feet firmly planted in the real world, there are plenty of fixes for Internet Explorer, Edge, Windows Explorer, Microsoft Office and more. ]]> 2017-07-11T22:37:47+00:00 https://www.grahamcluley.com/microsoft-issues-critical-security-patches-updated-yet/ www.secnews.physaphae.fr/article.php?IdArticle=383333 False None None None Graham Cluley - Blog Security 19 people investigating the mysterious disappearance in 2014 of 43 Mexican students have been targeted by sophisticated smartphone spyware known as "Pegasus." David Bisson reports. ]]> 2017-07-11T14:49:40+00:00 https://www.grahamcluley.com/smartphone-spyware-targets-investigators-hunting-missing-mexican-students/ www.secnews.physaphae.fr/article.php?IdArticle=383335 False None None None Graham Cluley - Blog Security Mobile ransomware known as LeakerLocker threatens to dox Android users with whom it comes into contact as a means of extortion. David Bisson reports. ]]> 2017-07-10T17:20:08+00:00 https://www.grahamcluley.com/leakerlocker-ransomware-threatens-to-dox-android-users-as-extortion/ www.secnews.physaphae.fr/article.php?IdArticle=382930 False None None None Graham Cluley - Blog Security Another hoax warning spreads quickly on Facebook. Will people ever learn? ]]> 2017-07-10T16:51:38+00:00 https://www.grahamcluley.com/jayden-k-smiths-facebook-friendship-request-not-hacker-hoax/ www.secnews.physaphae.fr/article.php?IdArticle=382931 False None None None Graham Cluley - Blog Security The WWE has just been caught with its spandex leotard down... Read more in my article on the Hot for Security blog. ]]> 2017-07-10T11:56:30+00:00 https://hotforsecurity.bitdefender.com/blog/three-million-wrestling-fans-at-risk-after-wwe-leaves-database-unprotected-18364.html#new_tab www.secnews.physaphae.fr/article.php?IdArticle=382721 False None None None Graham Cluley - Blog Security The original developer of the Petya ransomware has released a master decryption key that works for all prevision versions of its enciphering creation. But before you get too excited, it doesn't work for NotPetya... David Bisson reports. ]]> 2017-07-10T08:06:37+00:00 https://www.grahamcluley.com/petya-ransomware-developer-releases-master-decryption-key-giving-hope-victims/ www.secnews.physaphae.fr/article.php?IdArticle=382580 False None NotPetya None Graham Cluley - Blog Security "We're sorry", says the AA as it finally coughs up to data breach which exposed partial credit card information. ]]> 2017-07-07T22:31:01+00:00 https://www.grahamcluley.com/aa-apologises-confirms-customers-partial-credit-card-data-exposed/ www.secnews.physaphae.fr/article.php?IdArticle=382385 False None None None