Copied master key forces South African bank to replace 12 million cards

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after – in a catastrophic breach of security – employees printed out the bank’s master key.

Read more in my article on the Tripwire State of Security blog.


Zoom promises to improve its security and privacy as usage (and concern) soars

Having suddenly found itself with a gigantic increase in usage, Zoom was facing a crisis. It risked losing a large amount of the goodwill it had received because of revelations about its less-than-perfect attitude towards security and privacy.

Lets hope it keeps to its word and begins to threat the safety of its users as a priority.

Read more in my article on the Tripwire State of Security blog.


Have you patched your IoT devices against the KrØØk Wi-Fi chip flaw?

Unpatched IoT gadgets, smartphones, tablets, laptops, Wi-Fi access points and routers with Broadcom chips are all at risk from the KrØØk vulnerability.

Read more in my article on the Bitdefender BOX blog.

97% of airports showing signs of weak cybersecurity

New research has shone on a light on what appears to be a shocking lack of security at the world’s airports.

Boffins at ImmuniWeb took a look at 100 of the world’s largest airports, and only found three that passed with flying colours for their web and app security.


Ransomware victim hacks attacker, turning the tables by stealing decryption keys

A victim of the Muhstik ransomware paid his attackers money to recover his files, but then wrought his revenge by hacking them right back.

Read more in my article on the Tripwire State of Security blog.

Company that was laughed off-stage sues Black Hat

The organisers of the Black Hat USA conference are being sued by Crown Sterling after its controversial sponsored talk in Las Vegas.

Slack response. Passwords reset four years after data breach

Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.

After all, leaving it until four years later looks a little bit… slack.

Alan Turing – the face of the new £50 note

The Bank of England has announced that Alan Turing’s face will grace the new £50 note.


DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests

An attack which targeted users of the Telegram app on Wednesday might be linked to protests in Hong Kong that turned violent.

Read more in my article on the Tripwire State of Security blog.

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.


Google stored business customers’ passwords in plaintext on its servers… for 14 years

Google has admitted that some of its business customers of G Suite (formerly known as Google Apps) had their passwords stored on the company’s internal servers for 14 years in plaintext.

Read more in my article on the Bitdefender Business Insights blog.


Sensitive data can lurk on second-hand hard drives

Birth certificates, photographs, names, email addresses, credit card details, social security numbers. All to be found on used hard drives for sale on eBay.

Read more in my article on the Bitdefender Business Insights blog.

Smashing Security podcast #120: Silk Road with Deliveroo

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Find QuadrigaCX’s missing $190 million, and you could win a $100,000 bounty

There has been another twist in the curious case of QuadrigaCX, a Canadian cryptocurrency exchange whose CEO unexpectedly and suddenly died without telling anyone else his password.

And it sounds like more troubling news for investors.

Colorado police encrypt *all* their radio communications, frustrating journalists

The police’s use of encryption is apparently making life harder for journalists in Colorado.

Good! Encryption is a good thing, not a bad thing.


Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals

Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged.

Read more in my article on the Hot for Security blog.