Wednesday, April 21, 2021
Graham Cluley

Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach

The social network has goofed again. But this time it's Facebook's PR team's handling of a data breach rather than its users who have been left exposed.
Graham Cluley

Cluley and Cisco: Preparing for cybersecurity threats in a permanently hybrid world

Thanks to the folks at Cisco who have invited me to participate in an online chat on Monday April 26. Learn more and register your interest to ensure you don't miss it.
Graham Cluley

Six million male members may have been exposed after hack of gay dating service

Manhunt, a popular gay dating service, has suffered a data breach which may have put members at risk of exposure.
Graham Cluley

Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree

A key member of the FIN7 cybercrime gang - which is said to have caused over one billion dollars worth of damage around the world - has been sentenced to 10 years in jail. Read more in my article on...
Graham Cluley

White House launches plan to protect US critical infrastructure against cyber attacks

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. Read more in my article on the Tripwire State of Security blog.
Graham Cluley

Smashing Security podcast #223: Booze, nudes, and insurance dudes

Should insurance companies be banned from helping companies pay ransomware demands? How has malware is messing with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic? All this and much more is discussed...
Graham Cluley

School janitor says she was fired for not installing smartphone tracking app

A school janitor has lost her job, and she says it's because she refused to download a smartphone app that would track her location.
Graham Cluley

Ransomware attack causes supermarket cheese shortage in the Netherlands

Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame. Read more in my article on the Hot for Security blog.
Graham Cluley

A helpful reminder about just how much Facebook stalks you on the internet

Many Facebook users think they only have to worry about the data that they personally share about themselves on Facebook, by posting messages on the site, connecting with their friends, and liking posts. But the truth is that Facebook knows...
Graham Cluley

Upstox warns of serious data breach, resets passwords

Indian stock trading firm Upstox has revealed to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers' personal information.
Graham Cluley

Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily

Many thanks to the great folks at Recorded Future, who are sponsoring my writing this week. Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web. And...
Graham Cluley

Smashing Security podcast #222: Facebook, deepfakes, and April Fools scandals – with Nina Schick

Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast, hosted by...
Graham Cluley

A new headache for ransomware-hit companies. Extortionists emailing your customers

Cybercriminal extortionists have adopted a new tactic to to apply even more pressure on their corporate victims: contacting the victims' customers, and asking them to demand a ransom is paid to protect their own privacy. Read more in my article...
Graham Cluley

Facebook isn’t sorry for letting someone steal personal details of half a billion users

Would it have been so hard for Facebook to apologise for allowing 533 million personal records - including users' phone numbers - to leak onto the internet? I don't think so. And yet sorry seems to be the hardest...
Graham Cluley

Check you own the website before you send out the press release

Cybersecurity can be hard. Even for the professionals. Read more in my article on the Bitdefender Business Insights blog.

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
The Hacker News

3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...