News

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.


1 min read

bitdefender.com

Marriott faces £99.2 million fine after hack exposed 393 million hotel guest records

The UK’s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International £99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests.

Read more in my article on the Hot for Security blog.


0 sec read

Did a hacked smart TV upload footage of couple having sofa sex to a porn website?

A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.

But I’ve got a number of questions…


1 min read

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.

Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.


3 min read

tripwire.com

British Airways faces record £183 million GDPR fine after data breach

British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen.

Read more about what you need to know in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Derp! DDoS attacker who brought down EA, Sony, and Steam jailed for 27 months

A 23-year-old man has plenty of time to mull over whether it’s funny to launch distributed denial-of-service attacks against online video gaming services, after he was sentenced to prison this week.

Read more in my article on the Hot for Security blog.


0 sec read

St John Ambulance service hit by ransomware attack

The UK’s St John Ambulance service says that it was hit by a ransomware attack earlier this week, but if the attackers hoped they might massively disrupt the volunteer first aid service then they’ll be massively disappointed.


1 min read

Smashing Security #135: Zombie grannies and unintended leaks

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.


1 min read

You lost US Customs Border data? You’re losing your government contracts…

“Evidence of conduct indicating a lack of business honesty or integrity” led to suspension of federal contracts for hacked subcontracting firm.


1 min read

bitdefender.com

US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!

US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activities.

Read more in my article on the Hot for Security blog.


0 sec read

Ex-Equifax CIO, who knew about huge data breach, jailed for insider trading

So, just what was Equifax doing during those 40 days between discovering it had been hacked and sharing the bad news with the world?

Well, now we know. Or at least we know what Jun Ying, the CIO of Equifax US Information Solutions, was doing.


1 min read

Malware makes an exhibition of itself

If you happen to be in the Netherlands in the next few months you may be interested in dropping into an unusual art exhibition.

From Friday 5 July until 10 November, you’ll be able to check out “Malware: Symptoms of Viral Infection” at the Het Nieuwe Instituut in Rotterdam.


56 sec read

bitdefender.com

Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 servers

Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

After €24 million stolen by typosquatting a cryptocurrency exchange, six people arrested

European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 millon) stolen from users of cryptocurrency exchange.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #134: Sextortion, silicone face masks, and a DDoS doofus

Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.


1 min read

tripwire.com

$1.1 million in two weeks – Florida cities pay out big to ransomware gangs

Cybercriminals have learnt something very valuable in the last couple of weeks: in order to regain access to their data, cities in Florida are prepared to pay out huge Bitcoin ransoms to hackers.

Read more in my article on the Tripwire State of Security blog.


0 sec read