The “white hat” hacker, who claimed to be part of a group calling itself the “Anonymous Calgary Mindhive”, said it hadn’t been hard for him to hijack control of Gregg’s Nest security camera.
Read more in my article on the Bitdefender Box blog.
PODCASTSmashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor
Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The CyberWire’s Dave Bittner.
Facebook waited months before admitting privacy bug exposed millions of users’ unposted photos
At the end of last week Facebook revealed that an API bug had given developers of third-party apps access to the photos of millions of users.
But Facebook didn’t find out about the problem last week. It found out about it in September.
SPONSORUnlock the power of threat intelligence with this practical guide. Get your free copy now
Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.
At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.”
It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
International email bomb hoax proves to be a spectacular failure
Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday.
But if the hoaxer thought they were going to make a lot of money through the scam, they’re going to be disappointed.
2018 - a year of data breaches in review
Week after week, month after month, 2018 saw organisations and companies struck by massive and damaging data breaches, putting the personal details of innocent members of the public at risk.
Read more in my article on the Bitdefender Business Insights blog.
Unlocking Android phones with a 3D-printed head
Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head.
Read more in my article on the Tripwire State of Security blog.
PODCASTSmashing Security #108: Hoaxes, Huawei and chatbots - with Mikko Hyppönen
The curious case of George Duke-Cohan, Huawei’s CFO finds herself in hot water, and the crazy world of mobile phone mental health apps.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guests Mikko Hyppönen from F-Secure and technology journalist Geoff White.
Supermicro says independent investigation found no spy chips on its motherboards
An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.
Bad news for scammers. Huawei executive Meng Wanzhou has been released on bail
Scammers want you to send $2000 to help Huawei’s CFO bribe her way out of jail.
Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure
Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.
GlobeImposter ransomware victims find themselves abandoned by their extortionists
It’s a bad day when your computers get hit by ransomware.
But it only gets worse when you realise that you not only don’t have backups, but also have no way of contacting the criminals who encrypted your data.
SPONSORDigitize and automate your customer agreement process for financial transactions. Download this free OneSpan guide
Many thanks to the great folks at OneSpan, who have sponsored my writing for the last week.
More than 10,000 customers in 100 countries rely on OneSpan to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
OneSpan is now giving you the chance to download its Financial Agreement Automation RFP Guide for Account Opening, Digital Lending and Leasing Automation.
Trillions of dollars in financial transactions are processed each year. These include credit agreements, loans, new account openings, mortgages, pensions and annuities.
Today’s customer is looking for speed, ease and convenience. To meet these demands, financial institutions must offer fully digital experiences.
This guide is for financial institutions evaluating technology for agreement automation.
Agreement automation refers to the digitization of the customer agreement process for financial transactions – including application data validation, digital identity verification, agreement signing and storage, and audit trail capture.
This guide will assist you in:
- Determining your agreement automation requirement
- Deciding which stakeholders to involve in the RFP process
- Developing RFP questions (14 pages of sample RFP questions provided)
- Evaluating options for implementation
Download your copy of OneSpan’s guide now.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
Three years in jail for teenager who spammed out school bomb threats
British teenager George Duke-Cohan has been jailed for three years for making hoax bomb threats that closed hundreds of schools up and down the UK.
Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea
Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.
Read more in my article on the Tripwire State of Security blog.
PODCASTSmashing Security #107: Sextorting the US army, and a Touch ID scam
Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won’t believe who was behind a sextortion scam that targeted over 400 members of the US military.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.
