News

49% of workers, when forced to update their password, reuse the same one with just a minor change

A new survey has revealed some alarming news about the way users are choosing their passwords in their homes and workplace.

Snatch ransomware reboots Windows in Safe Mode to bypass anti-virus protection

Never let it be said that malware authors don’t continue to find innovative ways to prevent their creations from being detected.

bitdefender.com

Hackers steal credit card details from Sweaty Betty customers

Women’s activewear retailer Sweaty Betty has emailed some of its customers warning that their payment card details may have been compromised by malicious code running on its website.

Read more in my article on the Hot for Security blog.

bitdefender.com

Amazon battles leaky S3 buckets with a new security tool

A new AWS feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, a company’s brand being damaged, and even – potentially – put its customers at risk.

Read more in my article on the Bitdefender Business Insights blog.

tripwire.com

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #157: A biometric knuckle duster

What is Kaspersky’s ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.

Jail for bomb hoaxer who targeted Super Bowl, Houses of Parliament, and schools for Jewish children

Andreas Dowling used accounts and text-to-speech software to hide his identity as he caused 35,000 pupils to be evacuated from their schools.

Cryptocurrency exchange locks its cold wallet as CEO “goes missing”

Users of the Chinese cryptocurrency exchange IDAX must be feeling a little anxious right now. It has locked its cold wallet, suspending all deposits and withdrawals, after its CEO allegedly disappeared.

bitdefender.com

Customers complain after alarms go offline, as security firm hit by ransomware attack

Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection.

Read more in my article on the Hot for Security blog.

bitdefender.com

Palo Alto Networks employee data breach highlights risks posed by third party vendors

The personal details of some past and present Palo Alto Networks employees – their names, dates of birth and social security numbers – have been exposed online. But is it really the company’s fault?

Read more in my article on the Bitdefender Business Insights blog.

Sextortion with a twist of Litecoin

Internet users are being sent sextortion emails, claiming to have recorded videos of their X-rated website visits and demanding payment be made in Litecoin.

Smashing Security #156: Better safe than Sony

In this 20 minute clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures – reportedly carried out by North Korea for the very oddest of reasons…

tripwire.com

Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets

For a long time it has been regarded as one of the security industry’s urban myths, but now law enforcement agencies have confirmed that they are investigating whether thieves have been identifying which cars might be carrying high tech gadgets through the use of Bluetooth scanners.

Read more in my article on the Bitdefender BOX blog.

bitdefender.com

Hackers attack OnePlus again – this time stealing customer details

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.

Read more in my article on the Hot for Security blog.