Saturday, November 17, 2018

Under attack! Should your company ever ‘hack back’?

Are targeted companies missing a trick? Could they not use their tech skills to penetrate their attacker’s own computer systems, and launch a counter-attack which might knock out their adversaries’ infrastructure? Read more in my article on the Bitdefender...

20% of MageCart-compromised merchants get reinfected within days

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again. Read more in my article on the Tripwire State of Security...

Smashing Security #104: The world’s most evil phishing test, and cyborgs in the workplace

Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again…? All this and much more is...

Apple says nothing as Apple ID accounts mysteriously locked down

Has someone been trying to hack into a large number of Apple ID accounts? Read more in my article on the Hot for Security blog.

Target and other high profile Twitter accounts exploited for cryptocurrency scams

The latest high profile account to be abused by scammers to promote a cryptocurrency giveaway? US retail giant Target.

FIDO2: The Passwordless web is coming, says OneSpan

Graham Cluley Security News is sponsored this week by the folks at OneSpan. Thanks to the great team there for their support! More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify...

Unable to remember his password, man sent letter bomb to Bitcoin exchange

A man has been jailed for six and a half years after sending a letter bomb to Bitcoin exchange Cryptopay. Why would anyone do such a horrendous thing? Police believe it was because he couldn’t remember his...

Chinese headmaster fired after setting up his own secret cryptomining rig at school

A Chinese headmaster has lost his job after it was discovered he was stealing the school’s electricity to power a secret cryptocurrency-mining rig. Read more in my article on the Hot for Security blog.

When your Instagram account has been hacked, how do you get it back?

Travel blogger Delaine Maria D’Costa had her account wiped after she failed to pay an extortionist $200. That was bad enough, but then she had to try to convince Instagram to let her have it back again.

Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw

Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months. Read more in my article on the Tripwire State of Security blog.

Smashing Security #103: An Instagram nightmare, crazy iPhone deaths, and election hack claims

One travel blogger finds you don’t have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA...

StatCounter web analytics script poisoned to steal Bitcoins

Security researchers at ESET discovered that hackers managed to compromise StatCounter and change the analytics script used by hundreds of thousands of websites.

Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals

Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged. Read more in my article on the Hot...

On eve of US elections, Facebook blocked 115 accounts engaged in ‘coordinated inauthentic behavior’

Just hours before the US mid-term elections opened, Facebook responded to a tip from law enforcement agencies and shut down 115 accounts that were behaving suspiciously, and potentially linked to a foreign entity.

Another wave of Elon Musk bitcoin scams spread by verified Twitter accounts

The cryptocurrency giveaway scammers are up to their tricks again on Twitter, and it seems that Twitter simply can’t keep up with them. My advice to Twitter? Make Login Verification compulsory for verified accounts.

Take this short Recorded Future survey to assess your organization’s threat intelligence maturity

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future believes that every security team can benefit from threat intelligence. That’s why it has launched...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.