Thursday, October 29, 2020
Graham Cluley

Become a security intelligence expert, with these free tools from Recorded Future

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. If 2020 taught the security industry anything, it is this: There has never been a better time to be a cybercriminal....
Graham Cluley

Smashing Security podcast #202: The Wu-Tang Clan are Among Us

Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game. All this and much more is discussed in the latest edition of...
Graham Cluley

Donald Trump’s website briefly defaced by cryptomining scammers

Donald Trump's official presidential re-election campaign website was briefly defaced by hackers last night. Visitors to the website were not greeted with the normal calls for campaign contributions or offers of Trump-related merchandise, but instead a message which parodied...
Graham Cluley

Finnish therapy clinic’s CEO fired after despicable data breach and blackmail threats

A Finnish psychotherapy clinic has dismissed its CEO in the wake of a disastrous data breach which has seen patients' personal details, as well as notes of what has been discussed in confidential therapy sessions, exposed... and clients blackmailed.
Graham Cluley

Amazon fires employee for leaking customer data

Multiple Amazon customers have turned to social media to describe how they have received a notification from the online retail giant that their email addresses have been leaked to an unnamed third party. Emails sent by Amazon to customers admit...
Graham Cluley

Sopra Steria confirms it has been hit by new strain of Ryuk ransomware, will take weeks to return to normal operations

Sopra Steria confirms it has been hit by a new strain of the Ryuk ransomware, and that it will take weeks for its IT network to return to normal operation.
Graham Cluley

Fake Instagram follower services slapped with lawsuit

Facebook has filed federal lawsuits against four individuals who it claims have been selling fake Instagram followers. Read more in my article on the Hot for Security blog.
Graham Cluley

Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker

According to Dutch ethical hacker Victor Gevers, as recently as last week the US President's @realDonaldTrump account was protected by the incredibly-dumb password "maga2020!" and did not have two-factor authentication (2FA) enabled.
Graham Cluley

Fort Bragg fails to keep a firm grip on its Twitter account, as it blames hacker for saucy tweets

The Twitter account of the Fort Bragg US military base was deleted last night, after what it claimed was a hack. But whether it really was hacked or not is up for debate.
Graham Cluley

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw opened up opportunities for cybercriminals to completely compromise WordPress sites. Read more...
Graham Cluley

Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware

European IT services group Sopra Steria has been hit by a cyber attack. Which would be unfortunate for any business at the best of times, but is possibly even more galling for a firm like Sopra Steria which has a...
Graham Cluley

Smashing Security podcast #201: Robin Hood, Flippy, and the web ad bubble

The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot? All this and much more is discussed...
Graham Cluley

The Recorded Future Express browser extension – elite security intelligence for zero cost

Many thanks to the fab folks at Recorded Future, who are sponsoring my writing this week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster....
Graham Cluley

Albion Online gamers told to change passwords following forum hack

Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database. Read more in my article on the Hot...
Graham Cluley

Google reveals the most powerful DDoS attack in history… albeit three years late

At the end of last week, Google slipped out a blog post that probably went under the radars of some folks. In it, they revealed that they had mitigated against the largest known distributed denial-of-service (DDoS) attack, when its infrastructure...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
The Register

Google Safari Workaround case inspires campaign to sue Facebook in UK’s High Court over Cambridge Analytica app

'Facebook You Owe Us' wants to run a not-quite-class-action-style lawsuit A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become...

Hackers are on the hunt for Oracle servers vulnerable to potent exploit

Enlarge (credit: Victorgrigas) Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night. Johannes Ullrich, dean of research at...

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

In a wide-ranging interview, a REvil leader said the gang is earing $100 million per year, and provided insights into the life of a cybercriminal.

Hackers Make Off With Millions From Wisconsin Republicans

According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.

Ransomware Group Targets Hospitals At Height Of Pandemic

The malware attacks also include data theft and the disruption of healthcare services, and appear to be timed to take advantage of the disruptions caused by the Covid-19 pandemic.