News

Webex flaw allowed anyone to join private online meetings – no password required

Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.

We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw

The REvil (also known as Sodinokibi) ransomware is being planted on corporate networks by hackers exploiting the Shitrix flaw in Citrix servers.

Want your photo removed from our facial recognition database? Just send us your photo and government-issued ID…

Controversial firm Clearview AI which stole your photographs from social media sites to feed their facial recognition database expects you to send them your photos and a scan of your ID if you want to have your data removed.

Uhh, yeah. Right.

Sonos backtracks (a little) over its software updates fustercluck

The maker of wireless home sound systems got itself into hot water after it announced that if you had a mixture of new and old Sonos hardware in your home then *none* of it would be receiving software updates after May.

Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now

Someone at LastPass must be feeling 5!ck as a p4rr0t right now, after human error meant that its browser extension was accidentally deleted from the Chrome web store.

Although an embarrassing goof, it’s something of a storm in a teacup security-wise.

tripwire.com

Ransomware: The average ransom payment has doubled in just three months

A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better.

Read more in my article on the Tripwire State of Security blog.

Traffic jams could be worse than normal, because of the Shitrix vulnerability

Your trip into work today might be delayed by slippery roads, dense fog, and a Citrix vulnerability.

A free tool for detecting Shitrix-related compromises on your business network

Citrix has announced that it has teamed up with security researchers at FireEye to produce a free forensic tool which can help your business hunt for potential Indicators of Compromise related to the CVE-2019-19781 vulnerability.

Smashing Security #162: Robocalls, health hacks, and facial recognition fears

A hospital gets hacked because of an ex-employee’s grudge, robocalls are on the rise, and we share a scary story about the future of facial recognition.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Michael Hucks.

Plastic surgery patients at risk after ransomware attack

Past and current customers of a cosmetic surgery clinic are contacted by hackers making ransom demands, after they broke into its network and stole personal information.

bitdefender.com

Teenager charged over $50 million SIM-swap cryptocurrency theft

Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam.

Find out what a SIM swap scam is, and read more in my article on the Hot for Security blog.

Microsoft data breach exposes 250 million customer service and support records

Red faces at Microsoft after a security researcher discovered an internal customer support database had been left exposed for anyone on the internet to access – no password required.

Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know

An investigation has concluded that Jeff Bezos’s smartphone was hacked after receiving a WhatsApp message from Mohammed bin Salman.

Read more about the background behind the story, and what we know so far.

Exams cancelled? University closing due to Brexit? A mischievous email from Southampton’s Vice-Chancellor

Clues sprinkled through the poorly-written email, however, reveal that its author has not done his homework.

Internet-enabled dash cams that allow anyone to track your GPS location in real-time

Watch out car drivers. If you have have installed a BlackVue dash cam into your vehicle you might have unwittingly made available your real-time GPS location.

bitdefender.com

Sextortion scam leverages Nest video footage to fool victims into believing they are being spied upon everywhere

A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera.

Read more in my article on the Hot for Security blog.