News

bitdefender.com

Edison Mail bug exposed iPhone users’ email accounts to complete strangers

The makers of a popular iOS email app have warned their users that their accounts may have been compromised after a buggy software update made it possible to see strangers’ emails.

Read more in my article on the Hot for Security blog.

An outbreak of Coronavirus trojans and scams

Recent weeks have seen a spate of scams and attacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.

tripwire.com

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.

This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

Info on NHS Coronavirus app leaks out via Google Drive snafu

Sensitive documents about the UK’s Coronavirus-tracing app have reportedly been carelessly leaked via a publicly accessible Google Drive link.

Hacking group puts millions of Zoosk dating profiles up for sale

If you have been trying to find love on the Zoosk app I’ve got some bad news for you.

Hackers are offering for sale what they claim is the stolen account information of millions of online daters who have used the popular app.

bitdefender.com

Chatbooks security breach. Users told to change their passwords

A hacking group known as ShinyHunters is claiming to be responsible for the security breach, and is offering to sell stolen customer records for US $3,500 via an underground web marketplace.

Read more in my article on the Hot for Security blog.

bitdefender.com

Could this be the world’s most harmless IoT botnet?

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

But that wasn’t the case with the Cereals botnet.

Read more in my article on the Bitdefender BOX blog.

TalkTalk’s ex-CEO Dido Harding heads up the UK’s Coronavirus tracing app…

Imagine you’re the UK Government in the middle of the biggest crisis the country has faced since World War II.

How are you going to instill some confidence that citizens should install a new Coronavirus tracing app?

Over 300 websites taken down in just two weeks as UK public report suspicious emails

The National Cyber Security Centre (NCSC), which tasks itself with “helping to make the UK the safest place to live and do business online,” is making impressive inroads against scam websites.

tripwire.com

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #177: Elon Musk, Roblox, and Love Bug author found

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down in Manila the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

bitdefender.com

Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks

Kaiji, a new botnet campaign, created from scratch rather than resting on the shoulders of those that went before it, is infecting Linux-based servers and IoT devices with the intention of launching distributed denial-of-service (DDoS) attacks.

Read more in my article on the Bitdefender BOX blog.

Tarkett floored by cyber attack

French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result.

It was 20 years ago today… The Love Bug remembered

It was twenty years ago today, that the Love Bug hit computer systems worldwide.

Which means I know what I was doing exactly twenty years ago!

James Griffiths at CNN interviewed me about my memories of that historic day…