News

Just one month later, the Currys PC World/Dixons Travel hack would have cost them a heck of a lot more

DSG Retail, the parent company of Currys PC World and Dixons Travel, has been fined £500,000 for a hack which lasted from July 2017 to April 2018.

But if the breach had lasted for just one month longer, they could have expected a much MUCH larger penalty.

bitdefender.com

Cryptojacked routers reduce by 78% in SE Asia following Operation Goldfish Alpha

Operation Goldfish Alpha was a six-month effort to secure hacked devices across Southeast Asia.

Read more in my article on the Bitdefender BOX blog.

Stop everything. Update Firefox now

A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.

Make sure you are running the very latest version of Firefox.

tripwire.com

Man jailed for using webcam RAT to spy on women in their bedrooms

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #160: SNAFUs! MS Word, Amazon Ring, and TikTok

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you’re comfortable with, and how teens are flocking to TikTok (and why that might be a problem).

All this and much more is covered in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

City of Las Vegas wakes up to a cyber attack

In the early hours of Tuesday morning, city officials in Las Vegas were alerted that their computer network had suffered a security breach.

If it’s a ransomware attack, it sounds unlikely that they’ll be willing to give in to the extortionists’ demands.

“Planned maintenance”? Travelex’s masterclass in how not to respond to a cyberattack

For days Travelex’s website has said it was down for “planned maintenance”.

Now it finally admits that the company is struggling with a ransomware outbreak that has disrupted its online services.

Company held hostage by ransomware shuts down, tells 300 employees to find new jobs

It wasn’t a case of “Happy Holidays” for the employees of an Arkansas-based telemarketing firm after they were told to find new jobs just before Christmas, after failing to recover from a ransomware attack.

Travelex still offline after discovering malware on New Year’s Eve, and other banks’ currency services are also affected

The world’s largest foreign exchange bureau is still offline today, and the online currency services of other high street banks are disrupted.

Smashing Security #159: Rap, robbery, and IoT holiday hell

A rapping bank worker is accused of stealing from the vault, the devices that can hide your car’s true mileage, and why it may be a case of “No No No” rather than “Ho Ho Ho” when it comes to IoT toys this Christmas.

And as Carole sups the mulled wine, Graham has problems with his internet connection…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

tripwire.com

Waco water bill attack just the latest in a wave of Click2Gov breaches

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #158: The man behind The Missing Cryptoqueen

We’re joined by special guest Jamie Bartlett of “The Missing Cryptoqueen” podcast in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political…

All this and much much more can be found in the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

bitdefender.com

1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

1&1 Telecom GmbH has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.

Read more in my article on the Hot for Security blog.