Update your iPhone 5 before November 3 2019, or lose its internet access

Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.

Read more in my article on the Hot for Security blog.

See you at NISC, the National Information Security Conference, next week

I’m delighted to announce that I will be moderating NISC 2019 in Cheshire next week. It’s a great conference with some terrific cybersecurity speakers. Find out more about how you can participate too.

Japanese hotel robots can be hacked to spy on guests in their bedrooms

A Japanese hotel chain has had to update its in-room robots, after a security researcher discovered they could be easily hacked to allow anyone access to their camera and microphone.

Sensitive US government and military travel details left exposed online

Significant amounts of sensitive data about employees of the US government military personnel data could now be in the public domain following its exposure in a data leak.

Read more in my article on the Hot for Security blog.

12 year jail sentence for man who hacked Los Angeles Superior Court to send two million phishing emails

A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court, and then using it to send two million phishing emails.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #151: Frankly, sometimes paying the ransom is a good idea

Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn’t the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.

All this, and much much more, in the latest “Smashing Security” podcast.

Action Fraud? Inaction Fraud

In recent months serious questions have been raised about whether victims of cybercrime are getting the support they deserve from the UK’s national fraud reporting centre.

Alexa and Google Home devices can be exploited to eavesdrop on users, phish passwords

Researchers have shown just how easy it is for third-parties to exploit the so-called “smart” speakers that many home owners have purchased to eavesdrop on conversations and even steal passwords and credit card details.

Read more in my article on the Bitdefender BOX blog.

Avast fends off hacker who breached its internal network in copycat CCleaner attack

Czech anti-virus firm Avast has been targeted for a second time by hackers seemingly attempting to plant malware inside a malicious CCleaner update.

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…

Smashing Security #150: Liverpool WAGs, Facebook politics, and a selfie stalker

Footballers’ wives go to war over Instagram leaks, it turns out fake news is fine on Facebook (just so long as it’s in a political ad), and things take a horrific turn in Japan, as a stalker uses a scary technique to find out where his pop idol lives.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner.

Ransomware attack hits Pitney Bowes, impacting company mail rooms around the world

Global shipping and mailing service Pitney Bowes has fallen foul of a ransomware attack that has encrypted data on its computer systems and disrupted customer access to its online services.

Read more in my article on the Hot for Security blog.

Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.

Alleged “Psycho” hacker in court over EtherDelta cryptocurrency robbery

An alleged hacker has appeared in a US federal court to answer charges related to the theft of at least $1.4 million in cryptocurrency from the EtherDelta cryptocurrency exchange platform in December 2017.

Read more in my article on the Hot for Security blog.

Stalker zoomed in on Japanese idol’s eyes to find out where she lived

An obsessed fan assaulted J-Pop star Ena Matsuoka after determining where she lived by zooming in on selfies she had posted on social media, and examining the reflection in her eyes.

Smashing Security #149: Falling in love with fraudsters

We take a trip to Staten Island, New York, to hear how a case of cyberstalking resulted in the arrest of 20 alleged mobsters, learn about the nude photo-loving insider threat at Yahoo, and discover how fraudsters might be boosting’s profits.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by Ran Levi of “Malicious Life.”