News

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?

Smashing Security #154: A buttock of biometrics

The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Donation details “leak” from the Labour Party website

You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.

That “sophisticated” Labour cyber-attack – don’t panic

With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”

tripwire.com

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

Read more in my article on the Hot for Security blog.

Smashing Security #153: Cybercrime doesn’t pay (but Uber does)

The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.

bitdefender.com

Nikkei worker tricked into transferring $29 million into scammer’s bank account

Nikkei, one of the largest media companies in Japan, with an empire spanning broadcasting, digital media, magazines, and newspapers such as the Financial Times, says that its US subsidiary, Nikkei America, has been scammed out of $29 million.

Read more in my article on the Hot for Security blog.

After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign

The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency miner on unpatched Windows PCs.

A guest appearance on the IT Pro podcast…

I was honoured to be invited as a guest onto the inaugural episode of the “ITPro podcast” hosted by reviews and community editor Adam Shepherd and features editor Jane McCallion.

Give it a listen.

tripwire.com

Men who were paid $100,000 by Uber to hush-up hack plead guilty to extortion scheme

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.

Smashing Security #152: Cats, hoodies, and rent

What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.

Medical data is being leaked by NHS pagers, and then broadcast for the world to see…

Medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.

How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them

Imagine you’re in an abusive relationship, and things have turned violent.

You leave him, block his Facebook account, and update the name on your profile to hide your identity.

Would you expect your ex-partner to be able to see what your new name is?

bitdefender.com

Update your iPhone 5 before November 3 2019, or lose its internet access

Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.

Read more in my article on the Hot for Security blog.