News

Don’t vote for me and Smashing Security in the EU Security awards

The seventh annual European Cybersecurity Blogger Awards are now open to the public vote. Let them know what your favourite security blogs, podcasts, Twitter accounts etc are…

Here’s my explanation of why you shouldn’t vote for me in various categories.

Hackers’ malicious script skimmed credit card details off Robert Dyas website

UK DIY, electricals, and houseware chain Robert Dyas has revealed that malicious code on Robert Dyas’s payment page was secretly skimming the credit card details of customers and sending them to hackers.

Called to an urgent Zoom meeting with HR? It might be a phishing attack

Cybercriminals have sent out emails attempting to trick remote workers into believing they need to join a Zoom meeting to discuss their future employment.

bitdefender.com

Text ‘bomb’ crashes iPhones, iPads, Macs and Apple Watches – what you need to know

An innocent-looking message, containing characters in the Sindhi language, can cause your iPhone to crash without warning.

Read more in my article on the Hot for Security blog.

tripwire.com

Maze ransomware – what you need to know

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data.

But what makes Maze so dangerous is that it also steals the data it finds, and threatens to publish it if the ransom is not paid.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #175: Zoom deepfakes, Zardoz, and ‘Rona tracing

Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

This Zoom trick would have spared swearing politician’s blushes

The Welsh Assembly had a Zoom meeting today to discuss the government’s response to the Coronavirus pandemic.

It… err.. didn’t go entirely to plan. See what happened and how you can prevent it from happening to you.

How to protect your Nintendo account from hackers with two-step verification (2SV)

Nintendo, like many other companies, offers two-step verification (2SV) to help users protect their online accounts from hackers.

Here’s what you need to know.

bitdefender.com

IT services giant Cognizant hit by Maze ransomware attack

The Maze group’s attacks see corporate victims not only infected with file-encrypting ransomware, but also threatened with the publication of stolen data if extortion demands are not met.

Read more in my article on the Hot for Security blog.

Google declares war on Android fleeceware scamming users through sneaky subscriptions

The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that you use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions.

I’ve sent my worst enemies to Earworm Island

Imagine marooning your worst enemy on a desert island, along with the four most terrible records ever made.

That’s the premise of a brand new podcast, hosted by technology journalist Geoff White.

And I’m his first guest! Not on the island, you understand. But I get to choose who I send to the island, and what tunes I torture them with.

Yeah, this isn’t security-related – but I figure we all could do with a break right now.

tripwire.com

A Zoom zero-day exploit is up for sale for $500,000

There are reportedly two zero-day vulnerabilities present in the latest versions of Zoom for Windows and macOS – and exploits for the unpatched flaws are being actively hawked to anyone who might be prepared to pay.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

49 crypto-wallet pickpocketing browser extensions booted from the Chrome web store

Hackers have been using Google Ads to target unsuspecting cryptocurrency investors into installing malicious browser extensions, with the aim of stealing passphrases and private keys and draining funds from their wallets.

Read more in my article on the Hot for Security blog.

Smashing Security podcast #174: Garry Kasparov and Animal Crossing

World-chess-champion-turned-activist Garry Kasparov joins us as we discuss celebrity lookalikes, smartphone fleeceware, the impact Coronavirus is having on security, and how a popular new video game is being used for political ends.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

How to host safer Zoom meetings

The Coronavirus pandemic has forced many people to work from home for the first time, and use video conferencing apps that they’re not familiar with.

Guest contributor Philip Le Riche takes a closer look at what you can do to better protect your Zoom meetings.