EasyJet hack impacts nine million passengers

The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.”

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

Hackers steal $10M in “wonderfully done” fraud from Norway’s State Investment Fund

Norfund, the Norwegian state-owned investment fund for developing countries, has revealed that it has been swindled out of $10,000,000 intended for an institution in Cambodia.

Read more in my article on the Bitdefender Business Insight blog.

The ProLock ransomware doesn’t tell you one important thing about decrypting your files

Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.

Edison Mail bug exposed iPhone users’ email accounts to complete strangers

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.

Read more in my article on the Hot for Security blog.

An outbreak of Coronavirus trojans and scams

Recent weeks have seen a spate of scams and attacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.

This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

Info on NHS Coronavirus app leaks out via Google Drive snafu

Sensitive documents about the UK’s Coronavirus-tracing app have reportedly been carelessly leaked via a publicly accessible Google Drive link.

Hacking group puts millions of Zoosk dating profiles up for sale

If you have been trying to find love on the Zoosk app I’ve got some bad news for you.

Hackers are offering for sale what they claim is the stolen account information of millions of online daters who have used the popular app.

Chatbooks security breach. Users told to change their passwords

A hacking group known as ShinyHunters is claiming to be responsible for the security breach, and is offering to sell stolen customer records for US $3,500 via an underground web marketplace.

Read more in my article on the Hot for Security blog.

Could this be the world’s most harmless IoT botnet?

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

But that wasn’t the case with the Cereals botnet.

Read more in my article on the Bitdefender BOX blog.

TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app…

Imagine you’re the UK Government in the middle of the biggest crisis the country has faced since World War II.

How are you going to instill some confidence that citizens should install a new Coronavirus tracing app?

Over 300 websites taken down in just two weeks as UK public report suspicious emails

The National Cyber Security Centre (NCSC), which tasks itself with “helping to make the UK the safest place to live and do business online,” is making impressive inroads against scam websites.

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

Read more in my article on the Tripwire State of Security blog.