The Civil Service’s rogue tweet about “Truth Twisters”
You can have a strong, unique password, you can have multi-factor authentication in place, but good luck preventing a member of your social media team ‘going rogue’.
As hackers sell 8 million user records, Home Chef confirms data breach
Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers.
But only after a hacking group put the stolen data up for sale…
Read more in my article...
EasyJet’s breach notification email to customers – a closer look
Let’s take a closer look at the email EasyJet is sending to customers affected by its recent security breach.
Including a brief exploration of how EasyJet’s definition of “recent” might differ from yours or mine…
BlockFi hacked following SIM swap attack, but says no funds lost
For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.
Read more in my article...
Mitsubishi hackers may have stolen details of prototype missile
Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric.
Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile.
Smashing Security podcast #179: Deepfake Jay-Z, and beer apps spilling your data
Apps that belch out sensitive military information, what could the world learn from South Korea’s digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump… and why?
All this and much much more...
EasyJet hack impacts nine million passengers
The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.”
FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin
The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.
Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential...
Hackers steal $10M in “wonderfully done” fraud from Norway’s State Investment Fund
Norfund, the Norwegian state-owned investment fund for developing countries, has revealed that it has been swindled out of $10,000,000 intended for an institution in Cambodia.
Read more in my article on the Bitdefender Business Insight blog.
The ProLock ransomware doesn’t tell you one important thing about decrypting your files
Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.
Edison Mail bug exposed iPhone users’ email accounts to complete strangers
The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.
Read more in my article on the Hot for...
An outbreak of Coronavirus trojans and scams
Recent weeks have seen a spate of scams an dattacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.
The most-targeted security vulnerabilities – despite patches having been available for years
Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.
This week, US-CERT has published its list of what it describes as the...
Smashing Security #178: Office pranks, meat dresses, and robocop dogs
Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other...
New Zealand budget details leaked due to website sloppiness, not hackers
Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents.
But that’s not what had really happened…
HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
Read more in my article on the Tripwire State of...
Smashing Security #130: Doctored videos, Bcc blunders, and a diva
You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...
Hackers stole Flipboard users’ email addresses and hashed passwords
Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.
Free eBook: A Business Owner’s Guide to Cybersecurity
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
Burn-In: The Book For Our Times
Peter Singer and August Cole have delivered a summer block buster just in time.
eBay users spot the online auction house port-scanning their PCs. Um… is that OK?
Fraud is a big issue for etailer, but there are privacy and consent concerns too Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running...
FTC Settles With Canadian Smart Lock Maker Over Security Practices
The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”
read more
Spotlight Podcast: Securing the Enterprise’s New Normal
In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about COVID 19 and the security risks that go along with the "new normal" that has emerged out of the pandemic....
New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
