Tuesday, January 28, 2020
Graham Cluley

A Magecart hacking gang may have been caught by police for the first ever time

Police in Indonesia, working alongside Interpol, have arrested three men suspected of being part of a gang engaged in Magecart attacks that skimmed payment card information from online shoppers.
Graham Cluley

Microsoft’s Internet Explorer zero-day workaround is breaking printers

Microsoft’s workaround for an unpatched vulnerability that is being exploited in targeted attacks by hackers appears to be breaking printers.
Graham Cluley

Trend Micro anti-virus zero-day exploited in attack on Mitsubishi Electric

There is some egg on the face of Trend Micro after it is revealed their anti-virus software was exploited to steal data from Mitsubishi Electric, but they aren’t the real villains of the story.
Graham Cluley

Webex flaw allowed anyone to join private online meetings – no password required

Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.
Graham Cluley

We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw

The REvil (also known as Sodinokibi) ransomware is being planted on corporate networks by hackers exploiting the Shitrix flaw in Citrix servers.
Graham Cluley

You want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…

Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed. Uhh,...
Graham Cluley

Sonos backtracks (a little) over its software updates fustercluck

The maker of wireless home sound systems got itself into hot water after it announced that if you had a mixture of new and old Sonos hardware in your home then *none* of it would be receiving software updates...
Graham Cluley

Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now

Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store. Although an embarrassing goof, it’s something of a storm in a teacup...
Graham Cluley

Ransomware: The average ransom payment has doubled in just three months

A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better. Read more in my article on the Tripwire State of Security blog.
Graham Cluley

Traffic jams could be worse than normal, because of the Shitrix vulnerability

Your trip into work today might be delayed by slippery roads, dense fog, and a Citrix vulnerability.
Graham Cluley

A free tool for detecting Shitrix-related compromises on your business network

Citrix has announced that it has teamed up with security researchers at FireEye to produce a free forensic tool which can help your business hunt for potential Indicators of Compromise related to the CVE-2019-19781 vulnerability.
Graham Cluley

Smashing Security #162: Robocalls, health hacks, and facial recognition fears

A hospital gets hacked because of an ex-employee’s grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition. All this and much more is discussed in the latest edition of the award-winning...
Graham Cluley

Plastic surgery patients at risk after ransomware attack

Past and current customers of a cosmetic surgery clinic are contacted by hackers making ransom demands, after they broke into its network and stole personal information.
Graham Cluley

Teenager charged over $50 million SIM-swap cryptocurrency theft

Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam. Find out what a SIM swap scam is, and read more in my...
Graham Cluley

Microsoft data breach exposes 250 million customer service and support records

Red faces at Microsoft after a security researcher discovered an internal customer support database had been left exposed for anyone on the internet to access – no password required.

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.