News

tripwire.com

Whatever happened to cryptojacking?

A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking.

So, what happened?

Read more in my article on the Tripwire State of Security blog.

Smashing Security #170: PornHub, Coronavirus apps, and remote working

It’s a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you’re unexpectedly working from home.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by Malicious Life’s Ran Levi from his attic.

bitdefender.com

More business websites hit by credit-card skimming malware

In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.

Read more in my article on the Bitdefender Business Insights blog.

Talking love and viruses on the BBC World Service

Can you believe it’s very nearly exactly 20 years since the Love Bug virus spread around the world, infecting millions of computers? No, I can’t either…

A few weeks ago it was my pleasure to be interviewed by the BBC’s Gabriela Jones for a World Service “Witness History” documentary all about the Love Bug virus (aka ILOVEYOU or LoveLetter), and now you can listen to it too!

bitdefender.com

UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak.

Read more in my article on the Hot for Security blog.

Malicious Coronavirus victim tracking app demands ransom payment from Android users

A malicious Android app that pretends to warn users about those nearby infected with the COVID-19 Coronavirus actually locks devices, and demands a $100 payment in Bitcoin.

Microsoft Teams goes down as Europe starts working from home

As millions of people across Europe choose to work remotely rather than head into the office in the wake of the Coronavirus pandemic, a widely-used communication and collaboration tool has gone down.

tripwire.com

Phishing attacks exploit YouTube redirects to catch the unwary

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #169: Burglaries, breaches, and bidets

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

A typical day in the life of my Twitter inbox…

Don’t forget, if you’re a scammer you shouldn’t hesitate to reach out to me on Twitter at @gcluley with your business or marriage proposal.

bitdefender.com

Secret-sharing app Whisper failed to keep users’ fetishes and locations private

Security researchers raised the alarm after discovering that hundreds of millions of Whisper users’ intimate messages, tied to their locations, had been left publicly available since the app’s launch in 2012.

Read more in my article on the Hot for Security blog.

Android anti-virus products put to the test – which are the best at stopping new malicious apps?

If there’s one clear message you can take away from the latest real-world test of Android security products, it’s that relying upon Google to protect your smartphone isn’t really good enough.

Comcast Xfinity published the contact details of 200,000 customers who paid for them to be kept private

Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory… putting their safety and privacy at risk.

Coronavirus map used to spread malware

Security researchers have found malicious code hiding behind a website that claimed to show an up-to-date global heatmap of Coronavirus reports.

Virgin Media left 900,000 consumers’ details exposed in unsecured database

One of the UK’s largest internet providers has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.

Exposed data included records which could have linked users to pornographic websites.

bitdefender.com

Over one billion Android devices at risk as they no longer receive security updates

More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection.

That’s the conclusion of an investigation which found that at-risk smartphones are still being sold, despite the range of malware and other threats to which they are vulnerable.

Read more in my article on the Hot for Security blog.