Tuesday, May 26, 2020
Graham Cluley

The Civil Service’s rogue tweet about “Truth Twisters”

You can have a strong, unique password, you can have multi-factor authentication in place, but good luck preventing a member of your social media team ‘going rogue’.
Graham Cluley

As hackers sell 8 million user records, Home Chef confirms data breach

Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers. But only after a hacking group put the stolen data up for sale… Read more in my article...
Graham Cluley

EasyJet’s breach notification email to customers – a closer look

Let’s take a closer look at the email EasyJet is sending to customers affected by its recent security breach. Including a brief exploration of how EasyJet’s definition of “recent” might differ from yours or mine…
Graham Cluley

BlockFi hacked following SIM swap attack, but says no funds lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history. Read more in my article...
Graham Cluley

Mitsubishi hackers may have stolen details of prototype missile

Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric. Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile.
Graham Cluley

Smashing Security podcast #179: Deepfake Jay-Z, and beer apps spilling your data

Apps that belch out sensitive military information, what could the world learn from South Korea’s digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump… and why? All this and much much more...
Graham Cluley

EasyJet hack impacts nine million passengers

The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.”
Graham Cluley

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.
Graham Cluley

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential...
Graham Cluley

Hackers steal $10M in “wonderfully done” fraud from Norway’s State Investment Fund

Norfund, the Norwegian state-owned investment fund for developing countries, has revealed that it has been swindled out of $10,000,000 intended for an institution in Cambodia. Read more in my article on the Bitdefender Business Insight blog.
Graham Cluley

The ProLock ransomware doesn’t tell you one important thing about decrypting your files

Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.
Graham Cluley

Edison Mail bug exposed iPhone users’ email accounts to complete strangers

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails. Read more in my article on the Hot for...
Graham Cluley

An outbreak of Coronavirus trojans and scams

Recent weeks have seen a spate of scams an dattacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.
Graham Cluley

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked. This week, US-CERT has published its list of what it describes as the...
Graham Cluley

Smashing Security #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.

Burn-In: The Book For Our Times

Peter Singer and August Cole have delivered a summer block buster just in time.
The Register

eBay users spot the online auction house port-scanning their PCs. Um… is that OK?

Fraud is a big issue for etailer, but there are privacy and consent concerns too Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running...
SecurityWeek

FTC Settles With Canadian Smart Lock Maker Over Security Practices

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.” read more
The Security Ledger

Spotlight Podcast: Securing the Enterprise’s New Normal

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about COVID 19 and the security risks that go along with the "new normal" that has emerged out of the pandemic....

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.