Tuesday, August 4, 2020
Graham Cluley

Twitter says a “phone spear phishing” attack helped hackers – what’s that?

What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.
Graham Cluley

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls. Read more in my article on the Hot for Security blog.
Graham Cluley

Smashing Security podcast #189: DNA cock-up, Garmin hack, and virtual kidnappings

Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two. All this and much more is discussed in the latest edition of the award-winning “Smashing Security”...
Graham Cluley

Thousands of websites at risk from critical WordPress commenting plugin vulnerability

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or...
Graham Cluley

Hacker plays cat-and-mouse with the EBRD’s Twitter account

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.
Graham Cluley

Business anti-virus products put to the test – which received the highest score?

If you want to find out how different business anti-virus products performed in the tests, and how the one that protects your business fared, check out the report right now.
Graham Cluley

Bank of Ireland fined €1.66 million after being tricked by fraudster

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account. Read...
Graham Cluley

Google blames algorithm for adding porn titles to train station search results

If you searched on Google for details of your nearest train station in parts of New York state, you might be in for a rude surprise.
Graham Cluley

Garmin staggers back online after ransomware attack

Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week. But did it pay a ransom to its attackers or not?
Graham Cluley

Over 1000 Twitter staff and contractors had access to internal tools that helped hackers hijack accounts

As Twitter and law enforcement agencies investigate the high profile attack against Twitter accounts, there is a clear lesson for other businesses to learn. Read more in my article on the Bitdefender Business Insights blog.
Graham Cluley

Garmin knocked out by ransomware attack

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.
Graham Cluley

A free iPhone from Apple? It’s possible, but there are some catches

Who wouldn’t want the latest and greatest iPhone for free? Well, if you’re a security researcher then you might be able to get just that…
Graham Cluley

Smashing Security podcast #188: Dinner with Elon Musk and Kris Jenner

Who stopped Twitter’s hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning...
Graham Cluley

Politician amongst those who had their direct messages accessed during Twitter hack

More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam, as it is revealed a far-right politician had his private messages accessed. Read...
Graham Cluley

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
The Register

As the world descends into madness, it’s good to see some things never change: Monthly Android patches

Qualcomm bugs among the worst – including a critical hole in wireless networking Google has emitted the August edition of its Android software security updates.…
TechRepublic

Why multi-factor authentication should be set up for all your services and devices

More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.

Decades-Old Email Flaws Could Let Attackers Mask Their Identities

Researchers found 18 exploits that take advantage of inconsistencies in the email plumbing most people never think about.

New Spin on a Longtime DNS Intel Tool

Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.