Saturday, July 20, 2019

Slack response. Passwords reset four years after data breach

Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015. After all, leaving it until four years later looks a little bit… slack.

Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still...

Security researcher arrested after data on every adult in Bulgaria hacked from government site

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.

Smashing Security #137: Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED

Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after...

Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission. Apple pushes out further silent updates to protect users from sketchy app...

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve...

Alan Turing – the face of the new £50 note

The Bank of England has announced that Alan Turing’s face will grace the new £50 note.

How any Instagram account could be hacked in less than 10 minutes

A security researcher has been awarded $30,000 after discovering a serious vulnerability that could potentially have put any Instagram account at risk of being hacked. Read more in my article on the Hot for Security blog.

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well. It’s a good thing, then, that Apple has nixed the...

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. Read more in my article on the Tripwire State...

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in...

Marriott faces £99.2 million fine after hack exposed 393 million hotel guest records

The UK’s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International £99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests. Read more...

Did a hacked smart TV upload footage of couple having sofa sex to a porn website?

A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website. But I’ve got a number of questions…

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission. Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.

British Airways faces record £138 million GDPR fine after data breach

British Airways is facing a record fine of £138 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen. Read more about what you need to know...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.