News

tripwire.com

Puerto Rico government falls for $2.6 million email scam

As if Puerto Rico wasn’t having a hard enough time as it attempts to recover from recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by cybercriminals.

Read more in my article on the Tripwire State of Security blog.

Secure email service Tutanota complains it is being blocked by AT&T in parts of the United States

Some US users of the Tutanota have been unable to access the secure email service while out and about on their smartphones since the end of January.

The common demoninator? They all use AT&T for their internet access.

Smashing Security #165: Cheapfakes, deepfakes, and Ashley Madison

Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

bitdefender.com

2FA is being pushed out to all Google Nest users to better protect their accounts

If a Google Nest account is compromised by a malicious hacker that’s not bad news for the legitimate owner of the account, it’s also bad news for Google.

So that’s why they’re trying to do something about it…

Read more in my article on the Bitdefender Box blog.

Patch now! Microsoft releases fixes for 99 security flaws, some being actively exploited by hackers

It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”

The clock is ticking. IT teams should waste no time in readying themselves for a roll-out across the Windows computers for which they’re responsible.

bitdefender.com

China denies it was behind the Equifax hack, as four men charged for data breach

China has denied that it was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens.

Read more in my article on the Hot for Security blog.

Prison inmates’ sensitive data left exposed on leaky cloud bucket

A completely-avoidable data leak has exposed prescription records, mugshots, and other sensitive information related to an unknown number of prison inmates.

Graham Cluley on Tripwire’s Talking Cybersecurity Podcast

A couple of weeks ago the guys from Tripwire were kind enough to invite me onto their new podcast, “Talking Cybersecurity”, and now the episode is out!

Take a listen.

Dashlane password manager’s Chrome extension has disappeared

The Dashlane Password Manager browser extension was suddenly removed from the Chrome web store this weekend.

Coronavirus phishing attack disguises as a message from the Center for Disease Control

Once again we’re reminded that cold-hearted scammers and fraudsters don’t have any qualms about exploiting human misery, and are prepared to do anything if it might net them a rich reward.

Facebook’s Twitter account is hijacked by notorious OurMine hacking group

Facebook’s official Twitter account started posting message from the OurMine hacking gang just before midnight UK time on Friday.

Dutch university paid $220,000 ransom to hackers after Christmas attack

Maastricht University has admitted paying a 30 bitcoin ransom to hackers who compromised its network in the immediate run-up to Christmas 2019, and infected it with the Clop ransomware.

Apple fined €25 million for deliberately slowing down old iPhones

Apple has been hit with a 25 million Euro fine (US $27.5 million) after it added battery management features to iOS that slowed down the performance of older iPhones.

Android users at risk from Bluetooth hijack attack, and are warned of “short distance worm” threat

Hackers could exploit a flaw on unpatched Android 8.0 and 9.0 phones to run malicious code such as a worm, with no user interaction required.