Saturday, January 19, 2019

Ingenious! The Android malware which only triggers if you’re moving

Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim’s device or being analysed by a security team.

The Collection #1 data breach – what you need to do about it

A huge collection of email addresses and passwords, which can be used in attempts to break into online accounts, has been discovered. If you are one of the affected users, what should you do about it?

Magecart hits hundreds of websites via ad supply chain hijack

A criminal Magecart gang successfully compromised hundreds of ecommerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online. Read more in my article on the Tripwire State of...

Smashing Security #111: When rivals hack, and ‘extreme’ baby monitors

Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices. All this and much more is discussed in the latest edition of...

Huge prizes up for grabs for anyone who can hack a Tesla

This year, for the first time ever, a popular car will be amongst the products hackers will be trying to exploit at the Pwn2Own contest. Read more in my article on the Hot for Security blog.

British TV viewers targeted by email fraudsters

TV fraudsters are using the disguise of emails from the TV Licensing authority to steal large sums of money from the bank accounts of unwary Brits.

The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison

A 34-year old man has been jailed after being found guilty of launching a massive denial-of-service attack against Boston Children’s Hospital. Read more in my article on the Hot for Security blog.

Reddit users locked out of accounts after ‘security concern’

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a “security concern.” The lockout has occurred as Reddit’s...

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities. All this and much more is...

Automated phishing attack tool bypasses 2FA protection

Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it’s easy to imagine that many criminals will be tempted to put it to malicious use.

Being paid to quit Facebook

Research claims Facebook users are prepared to give up the social network for a year… if paid $1000.

Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction? The sad truth is that we may never know for sure… but intelligence agencies might.

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more