Twitter says a “phone spear phishing” attack helped hackers – what’s that?
What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.
Zoom bug meant attackers could brute force their way into password-protected meetings
Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.
Read more in my article on the Hot for Security blog.
Smashing Security podcast #189: DNA cock-up, Garmin hack, and virtual kidnappings
Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security”...
Thousands of websites at risk from critical WordPress commenting plugin vulnerability
A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.
If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or...
Hacker plays cat-and-mouse with the EBRD’s Twitter account
The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.
Business anti-virus products put to the test – which received the highest score?
If you want to find out how different business anti-virus products performed in the tests, and how the one that protects your business fared, check out the report right now.
Bank of Ireland fined €1.66 million after being tricked by fraudster
One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.
Read...
Google blames algorithm for adding porn titles to train station search results
If you searched on Google for details of your nearest train station in parts of New York state, you might be in for a rude surprise.
Garmin staggers back online after ransomware attack
Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week.
But did it pay a ransom to its attackers or not?
Over 1000 Twitter staff and contractors had access to internal tools that helped hackers hijack accounts
As Twitter and law enforcement agencies investigate the high profile attack against Twitter accounts, there is a clear lesson for other businesses to learn.
Read more in my article on the Bitdefender Business Insights blog.
Garmin knocked out by ransomware attack
Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.
A free iPhone from Apple? It’s possible, but there are some catches
Who wouldn’t want the latest and greatest iPhone for free?
Well, if you’re a security researcher then you might be able to get just that…
Smashing Security podcast #188: Dinner with Elon Musk and Kris Jenner
Who stopped Twitter’s hackers from stealing more money? Why are Covid-19 researchers being told to ramp up their cybersecurity? How can you find out if your smartphone is infected with stalkerware? And who does Graham think he is turning...
Politician amongst those who had their direct messages accessed during Twitter hack
More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam, as it is revealed a far-right politician had his private messages accessed.
Read...
Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential...
New Zealand budget details leaked due to website sloppiness, not hackers
Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents.
But that’s not what had really happened…
HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
Read more in my article on the Tripwire State of...
Smashing Security #130: Doctored videos, Bcc blunders, and a diva
You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...
Hackers stole Flipboard users’ email addresses and hashed passwords
Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.
Free eBook: A Business Owner’s Guide to Cybersecurity
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
As the world descends into madness, it’s good to see some things never change: Monthly Android patches
Qualcomm bugs among the worst – including a critical hole in wireless networking Google has emitted the August edition of its Android software security updates.…
Why multi-factor authentication should be set up for all your services and devices
More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
Researchers found 18 exploits that take advantage of inconsistencies in the email plumbing most people never think about.
New Spin on a Longtime DNS Intel Tool
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
