Wednesday, August 10, 2022
Graham Cluley

Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email

Did Russian security Kaspersky really choose to send an email to its customers addressing them as "dear and lovely"? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to Kaspersky's customer...
Graham Cluley

Smashing Security podcast #286: Hackers doxxed, Pornhub probs, and Co-op security measures

Pornhub has a problem, the UK's Co-op supermarket is accused of big brother tactics, and we take a look at how a security researcher is revealing the true identify of hackers. All this and much much more is discussed in...
Graham Cluley

Imran Khan’s Instagram account hacked to promote phoney Elon Musk $100 million crypto giveaway

The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan was hacked yesterday in order to promote a cryptocurrency scam. Read more in my article on the Hot for Security blog.
Graham Cluley

Romance scammers jailed after tricking Irish OAP out of €250k

An Irish court has jailed three romance scammers who tricked a 66-year-old woman out of her life savings, and even tricked her into visiting Dubai at her own expense. Read more in my article on the Hot for Security blog.
Graham Cluley

$10 million reward offered for information on North Korean hackers

A $10 million reward is being offered for information leading to the identification or location of hackers working with North Korea to launch cyber attacks on US critical infrastructure. Read more in my article on the Tripwire State of Security...
Graham Cluley

Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security

Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! IT and DevOps teams were presented with new challenges with the mass-migration to home working, and...
Graham Cluley

Smashing Security podcast #285: Uber’s hidden hack, tips for travel, and AI accent fixes

Uber may not face prosecution over its handling of a 2016 data breach - but its former chief security head does; how to defend your digital devices' data while on vacation, and how to change your accent with artificial...
Graham Cluley

Uber’s former head of security faces fraud charges after allegedly covering up data breach

The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers. Read more in my article on the...
Graham Cluley

Testing times for AV-Test as Twitter account hijacked by NFT spammers

An unauthorised party has seized control of the @avtestorg Twitter account, nuked its profile picture and banner, replaced its name and description with a full-stop, and set about retweeting numerous messages about NFTs. Anti-virus testing organisation AV-Test appears to...
Graham Cluley

Smashing Security podcast #284: The Most Wanted Missing CryptoQueen

In this special edition of the "Smashing Security" podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett - host of "The Missing CryptoQueen" podcast. Jamie tells us about his new book, which shares...
Graham Cluley

More malware-infested apps, downloaded millions of times, found in the Google Play store

Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. Read more in my article...
Graham Cluley

Clunk flush! Bexplus cryptocurrency exchange closes suddenly, giving its users only 24 hours to withdraw funds

Bexplus gave its users only 24 hours to withdraw their funds. Can you imagine a traditional financial institution treating its customers in such a slipshod fashion?
Graham Cluley

Anti-Russian denial-of-service app actually infects pro-Ukrainian activists

An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists. Read more in my article on the Hot for Security blog.
Graham Cluley

Who on earth would be trying to promote EC-Council University via comment spam on my website?

I can't tell you not to seek ethical hacking certification from EC-Council. But I can suggest that if you are looking for an online university to boost your cybersecurity career, you don't settle for an outfit that has...
Graham Cluley

Hacker hijacks NFT artist DeeKay’s Twitter account, steals $150,000 worth of NFTs from fans

NFT artist DeeKay Kwon had his Twitter account hacked at the end of last week by scammers who managed to steal NFTs valued at $150,000 from his followers. Read more in my article on the Hot for Security blog.

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …