Tuesday, September 25, 2018

‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage

Hundreds of thousands of security cameras are believed to be vulnerable to a zero-day vulnerability that could allow hackers to spy on feeds and even tamper with video surveillance recordings. Read more in my article on the Bitdefender BOX blog.

The makers of the Mirai IoT-hijacking botnet are sentenced

Three men who operated and controlled the notorious Mirai botnet in October 2016 have been sentenced to five years of probation. Read more in my article on the Tripwire State of Security blog.

Your business should be more afraid of phishing than malware

If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate. Read more in my article on the Bitdefender Business Insights blog.

US Dept of State says attack on email system exposed employees’ personal data

The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees.

Another wave of sextortion emails

During the last few months, many of us will have received emails that try to extract a ransom via an anonymous cryptocurrency. But as email blackmailers make big winnings, others are trying to cash in on the craze.

Bristol Airport says it did not pay any ransom to recover from cyber attack

Officials at Bristol Airport in the UK declined to pay a ransom demand from extortionists who attacked its computer systems late last week, forcing them to resort to whiteboards and public address systems to communicate with travellers.

8 Industry Best Practices for a Successful Mobile First Strategy (eBook by OneSpan)

Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support! More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify...

How to crash and restart an iPhone with a CSS-based web attack

A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage. Read more in my article on the Hot for Security blog.

Amazon staff said to be taking bribes to leak data

Often the biggest problem is not the threat of external hackers, but rather internal staff to whom you have granted access to sensitive data and who might be tempted to exploit it for financial gain.

Prison for man who assisted scareware scheme that targeted newspaper website

A man wanted for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website, who spent years on the run from the FBI, has finally been sent to prison. Read more in my article...

TV License website said it was secure. It wasn’t

The official UK TV licensing website was allowing license purchasers to submit their personal identifiable information and bank details in unsafe, unencrypted plaintext.

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.” But apparently it’s the users’ fault anyway for...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...