News

bitdefender.com

Sextortion scam leverages Nest video footage to fool victims into believing they are being spied upon everywhere

A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera.

Read more in my article on the Hot for Security blog.

Good news. Citrix delivers first patches to mop up Shitrix flaw that is being actively exploited

Over the weekend Citrix announced that its plans to release patches for critical vulnerabilities in its technology, used by tens of thousands of businesses worldwide, have significantly sped up.

Ubisoft takes DDoS-for-hire website to court over attacks on video game servers

Video game maker Ubisoft gas filed a lawsuit against the alleged operators of a DDoS-for-hire website, claiming they are “well aware of the harm” the service has caused for the company, after its Rainbow Six: Siege servers were disrupted.

UFC champ Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor

UFC’s Kamaru Usman claims his Twitter account was hacked, after it posted explicit messages about rival fighter Conor McGregor and his partner Dee Devlin.

Hackers are closing the Shitrix security hole to keep everyone out of Citrix servers apart from themselves

The hackers cleaning up Shitrix-vulnerable Citrix equipment are no modern day Robin Hoods.

They’re inoculating vulnerable devices from further Shitrix attacks, but at the same time opening a secret backdoor to allow future cybercriminal campaigns.

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

Travelex won’t say if it has paid a ransom to its attackers

Travelex, the foreign currency exchange service whose services have been knocked offline since New Year’s eve by a cyber attack, is declining to say if it has paid a ransom to the criminals responsible.

“Hello dear slave”

An Egyptian scammer has a unique style when it comes to chatting up his victims.

WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

tripwire.com

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #161: Love, lucky dips, and 23andMe

The man who hacked the UK National Lottery didn’t end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

bitdefender.com

Peekaboo Moments app left baby videos, photos, and 800,000 users’ email addresses exposed on the internet

The developer of a smartphone app has carelessly left a database accessible to anybody with an internet connection, leaving exposed a database of millions of records containing baby videos and photos, as well as the email addresses of users.

Read more in my article on the Hot for Security blog.

PussyCash adult webcam data breach exposes highly sensitive data of models

You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.

Travelex warns customers of phone scam threat in wake of ransomware attack

Members of the public who have found themselves out-of-pocket or inconvenienced by the ongoing problems at Travelex after it suffered a ransomware attack on New Year’s Eve, are being warned to watch out for email and phone scammers taking advantage of the situation.

Critical Windows 10 security fix pushed out after NSA warns Microsoft of spying vulnerability

Hundreds of millions of Windows 10 users are having an important patch rolled out to their computers today after Microsoft was warned by the NSA of a serious security hole in the operating system.