Only after running out of hard disk space did firm realise hacker had stolen one million users’ details
Yet another company has been found woefully lacking when it comes to securing consumers’ data.
Read more in my article on the Tripwire State of Security blog.
About the “easy to hack” EU Exit: ID Document Check app
The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”
But is this something worth losing any sleep over?
Smashing Security #154: A buttock of biometrics
The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much more...
Donation details “leak” from the Labour website
You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.
That “sophisticated” Labour cyber-attack – don’t panic
With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”
BlueKeep: What you need to know
Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.
But that may be about to change…
Read more in my article on the Tripwire State of Security blog.
Mac users warned that disabling all Office macros doesn’t actually disable all Office macros
It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of...
Smashing Security #153: Cybercrime doesn’t pay (but Uber does)
The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.
All...
Unlock the power of threat intelligence with this practical guide. Get your free copy now
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve...
Nikkei worker tricked into transferring $29 million into scammer’s bank account
Nikkei, one of the largest media companies in Japan, with an empire spanning broadcasting, digital media, magazines, and newspapers such as the Financial Times, says that its US subsidiary, Nikkei America, has been scammed out of $29 million.
Read more...
After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign
The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency minder on unpatched Windows PCs.
A guest appearance on the IT Pro podcast…
I was honoured to be invited as a guest onto the inaugural episode of the “ITPro podcast” hosted by reviews and community editor Adam Shepherd and features editor Jane McCallion.
Give it a listen.
Men who were paid $100,000 by Uber to hush-up hack plead guilty to extortion scheme
Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data.
Read more in...
Untitled Goose Game security hole could have allowed hackers to wreak havoc
The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.
Read more in my article on the Hot for Security blog.
Smashing Security #152: Cats, hoodies, and rent
What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?
All this and much more is discussed in the latest edition...
New Zealand budget details leaked due to website sloppiness, not hackers
Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents.
But that’s not what had really happened…
HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
Read more in my article on the Tripwire State of...
Smashing Security #130: Doctored videos, Bcc blunders, and a diva
You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...
Hackers stole Flipboard users’ email addresses and hashed passwords
Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.
Free eBook: A Business Owner’s Guide to Cybersecurity
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
LINE Launches Public Bug Bounty Program on HackerOne
Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne.
Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
Try as they might, ransomware crooks can’t hide their tells when playing hands
Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
Google Chrome experiment crashes browser tabs, impacts companies worldwide
In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
Threat actor impersonates German, Italian and American gov’t agencies to spread malware
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.
Business and...
GitHub launches ‘Security Lab’ to help secure open source ecosystem
Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.
