Thursday, July 19, 2018

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Smashing Security #087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...

£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder

The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.

Elon Musk retracts vile Twitter accusation against cave rescuer

Tesla chief Elon Musk retracts his unfounded allegations against man who helped boys escape from a Thai cave, but scammers are given another opportunity to strike.

Business email compromise scams have netted $12.5 billion, says FBI

The FBI is warning businesses of the serious dangers posed by business email compromise (BEC) scams, saying that losses globally have risen by 136% since December 2016. Read more in my article on the Bitdefender Business Insights blog.

21-year-old woman charged with hacking Selena Gomez

Popstar Selena Gomez’s alleged hacker has been charged. Are your secret password reset questions easy to answer with public information?

IoT search engine exposes passwords of over 30,000 vulnerable DVRs

A researcher has discovered that it’s easier than ever before to hack at least one brand of internet-enabled DVR, as an IoT search engine has cached their passwords within search results. Read more in my article on the Bitdefender BOX...

Timehop data breach is worse than they initially said

‘Time capsule’ app Timehop has revealed that it made a boo-boo when it initially shared details over the weekend of a data breach involving millions of users’ names, email addresses, and phone numbers.

Average cost of a data breach exceeds $3.8 million, claims report

Data breaches are getting more expensive. That’s one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach. Read more in my article on the Tripwire State of Security...

Smashing Security #086: Elon Musk submarine scams and 2FA bypass

Crypto scamming Thai cave scoundrels! $25 million to make anti-fake news videos! TimeHop data breach! Phone number port out scams! All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer...

Facebook doesn’t want to eradicate fake news. If it did they’d kick out InfoWars

Facebook would like you to believe that it’s serious about ridding its platform of fake news. So how come InfoWars, one of the most notorious outlets of sick conspiracy theories, is allowed to maintain a page on the...

Facebook fined a paltry £500,000 (8 minutes’ revenue) over Cambridge Analytica scandal

Facebook will be fined £500,000 - the maximum amount possible - for two breaches of the UK’s Data Protection Act 1998 in connection with the Cambridge Analytica scandal. But under new European legislation, the fine could have been as high...

New iOS security feature can be defeated by a $39 adapter… sold by Apple

A one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory - giving law enforcement plenty of opportunity to crack your passcode with specialist tools.

Crypto scammers on Twitter exploiting Thai Cave rescue

Time and time again, crypto scammers are creating accounts in the names of known Twitter users and using devious tricks to fool their followers into believing they are reading a genuine message from a tech guru, journalist, or celebrity.

Poor security at Thomas Cook airlines leads to simple extraction of fliers’ personal data

Thousands of holidaymakers relying upon Thomas Cook Airlines to get them to their vacation may have had their personal information put at risk due to sloppy security.

Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode

Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support! Nehemiah Security’s “CyberTangent” is a podcast focused on topics like Security Risk Management, Cyber Risk Analytics, Malware...

The Pirate Bay is cryptomining for Monero with your CPU again

The Pirate Bay is in hot water again after being discovered running a cryptocurrency miner on its website. Make sure you always read the print.

Disgruntled programmer accused of trying to sell his firm’s iPhone spyware for $50 million

Your company doesn’t have to work in the field of high-tech surveillance and spyware to find itself at risk from insiders. Read more in my article on the Tripwire State of Security blog.

Smashing Security #085: Doctor Who, Facebook patents, and Bob’s Burgers

Doctor Who’s TARDIS has sprung a data leak, Facebook’s creepy patents are unmasked, and an app to keep women safe on dates has surprising origins. All this and much much more is discussed in the latest edition of the award-winning...

Carole Cadwalladr takes us behind the scenes of the Cambridge Analytica investigation

Carole Cadwalladr, the investigative journalist who revealed how the personal data of millions of Facebook users was used to influence the US election, speaks about what went on behind the headlines.

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.