A Magecart hacking gang may have been caught by police for the first ever time
Police in Indonesia, working alongside Interpol, have arrested three men suspected of being part of a gang engaged in Magecart attacks that skimmed payment card information from online shoppers.
Microsoft’s Internet Explorer zero-day workaround is breaking printers
Microsoft’s workaround for an unpatched vulnerability that is being exploited in targeted attacks by hackers appears to be breaking printers.
Trend Micro anti-virus zero-day exploited in attack on Mitsubishi Electric
There is some egg on the face of Trend Micro after it is revealed their anti-virus software was exploited to steal data from Mitsubishi Electric, but they aren’t the real villains of the story.
Webex flaw allowed anyone to join private online meetings – no password required
Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.
We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw
The REvil (also known as Sodinokibi) ransomware is being planted on corporate networks by hackers exploiting the Shitrix flaw in Citrix servers.
You want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…
Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed.
Uhh,...
Sonos backtracks (a little) over its software updates fustercluck
The maker of wireless home sound systems got itself into hot water after it announced that if you had a mixture of new and old Sonos hardware in your home then *none* of it would be receiving software updates...
Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now
Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store.
Although an embarrassing goof, it’s something of a storm in a teacup...
Ransomware: The average ransom payment has doubled in just three months
A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better.
Read more in my article on the Tripwire State of Security blog.
Traffic jams could be worse than normal, because of the Shitrix vulnerability
Your trip into work today might be delayed by slippery roads, dense fog, and a Citrix vulnerability.
A free tool for detecting Shitrix-related compromises on your business network
Citrix has announced that it has teamed up with security researchers at FireEye to produce a free forensic tool which can help your business hunt for potential Indicators of Compromise related to the CVE-2019-19781 vulnerability.
Smashing Security #162: Robocalls, health hacks, and facial recognition fears
A hospital gets hacked because of an ex-employee’s grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.
All this and much more is discussed in the latest edition of the award-winning...
Plastic surgery patients at risk after ransomware attack
Past and current customers of a cosmetic surgery clinic are contacted by hackers making ransom demands, after they broke into its network and stole personal information.
Teenager charged over $50 million SIM-swap cryptocurrency theft
Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam.
Find out what a SIM swap scam is, and read more in my...
Microsoft data breach exposes 250 million customer service and support records
Red faces at Microsoft after a security researcher discovered an internal customer support database had been left exposed for anyone on the internet to access – no password required.
New Zealand budget details leaked due to website sloppiness, not hackers
Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents.
But that’s not what had really happened…
HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
Read more in my article on the Tripwire State of...
Smashing Security #130: Doctored videos, Bcc blunders, and a diva
You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...
Hackers stole Flipboard users’ email addresses and hashed passwords
Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.
Free eBook: A Business Owner’s Guide to Cybersecurity
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
DEF CON China conference put on hold due to coronavirus outbreak
DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates
We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...
Average Ransomware Payments More Than Doubled in Q4 2019
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable
Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
One Small Fix Would Curb Stingray Surveillance
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.
