Friday, November 15, 2019
Graham Cluley

Only after running out of hard disk space did firm realise hacker had stolen one million users’ details

Yet another company has been found woefully lacking when it comes to securing consumers’ data. Read more in my article on the Tripwire State of Security blog.
Graham Cluley

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.” But is this something worth losing any sleep over?
Graham Cluley

Smashing Security #154: A buttock of biometrics

The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale? All this and much more...
Graham Cluley

Donation details “leak” from the Labour website

You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.
Graham Cluley

That “sophisticated” Labour cyber-attack – don’t panic

With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”
Graham Cluley

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves. But that may be about to change… Read more in my article on the Tripwire State of Security blog.
Graham Cluley

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of...
Graham Cluley

Smashing Security #153: Cybercrime doesn’t pay (but Uber does)

The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach. All...
Graham Cluley

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve...
Graham Cluley

Nikkei worker tricked into transferring $29 million into scammer’s bank account

Nikkei, one of the largest media companies in Japan, with an empire spanning broadcasting, digital media, magazines, and newspapers such as the Financial Times, says that its US subsidiary, Nikkei America, has been scammed out of $29 million. Read more...
Graham Cluley

After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign

The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency minder on unpatched Windows PCs.
Graham Cluley

A guest appearance on the IT Pro podcast…

I was honoured to be invited as a guest onto the inaugural episode of the “ITPro podcast” hosted by reviews and community editor Adam Shepherd and features editor Jane McCallion. Give it a listen.
Graham Cluley

Men who were paid $100,000 by Uber to hush-up hack plead guilty to extortion scheme

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data. Read more in...
Graham Cluley

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer. Read more in my article on the Hot for Security blog.
Graham Cluley

Smashing Security #152: Cats, hoodies, and rent

What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents? All this and much more is discussed in the latest edition...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne. Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
The Register

Try as they might, ransomware crooks can’t hide their tells when playing hands

Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…

Google Chrome experiment crashes browser tabs, impacts companies worldwide

In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
SC Magazine

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and...

GitHub launches ‘Security Lab’ to help secure open source ecosystem

Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.