News

Tarkett floored by cyber attack

French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result.

It was 20 years ago today… The Love Bug remembered

It was twenty years ago today, that the Love Bug hit computer systems worldwide.

Which means I know what I was doing exactly twenty years ago!

James Griffiths at CNN interviewed me about my memories of that historic day…

My old-fashioned view on the terms “blacklist” and “whitelist”

The UK’s National Cyber Security Centre (NCSC) has said that it will be changing the terminology it uses on its website, causing some to describe it as “political correctness gone mad.”

Here’s what I think…

Ghost blogging platform suffers security breach

Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers.

bitdefender.com

Cybercriminals are using Google reCAPTCHA to hide their phishing attacks

Security researchers say that they are seeing cybercriminals deploying Google’s reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns.

Read more in my article on the Hot for Security blog.

tripwire.com

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers are warning of a new mobile banking trojan that steals details from over 200 financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #176: Hacking hacks and university attacks

Journalists spying on their rivals, the NHS rejects Apple and Google’s approach to Coronavirus-tracing, and universities are hit by an old-fashioned sexy lady attack.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rik Ferguson.

Shade ransomware calls it a day, 750,000 decryption keys released

Even if you can’t pay the ransom and don’t have a backup, don’t destroy your garbled data believing that you’ll never be able to recover it. Maybe one day someone will build a tool that can do a job, or a ransomware gang will have a change of heart.

bitdefender.com

A GIF image could have let hackers hijack Microsoft Teams at your firm

A critical vulnerability has been patched in the Microsoft Teams work collaboration platform after security researchers discovered a way in which hackers could compromise accounts and steal data with a seemingly harmless .GIF image.

Read more in my article on the Bitdefender Business Insights blog.

Don’t vote for me and Smashing Security in the EU Security awards

The seventh annual European Cybersecurity Blogger Awards are now open to the public vote. Let them know what your favourite security blogs, podcasts, Twitter accounts etc are…

Here’s my explanation of why you shouldn’t vote for me in various categories.

Hackers’ malicious script skimmed credit card details off Robert Dyas website

UK DIY, electricals, and houseware chain Robert Dyas has revealed that malicious code on Robert Dyas’s payment page was secretly skimming the credit card details of customers and sending them to hackers.

Called to an urgent Zoom meeting with HR? It might be a phishing attack

Cybercriminals have sent out emails attempting to trick remote workers into believing they need to join a Zoom meeting to discuss their future employment.

bitdefender.com

Text ‘bomb’ crashes iPhones, iPads, Macs and Apple Watches – what you need to know

An innocent-looking message, containing characters in the Sindhi language, can cause your iPhone to crash without warning.

Read more in my article on the Hot for Security blog.

tripwire.com

Maze ransomware – what you need to know

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data.

But what makes Maze so dangerous is that it also steals the data it finds, and threatens to publish it if the ransom is not paid.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #175: Zoom deepfakes, Zardoz, and ‘Rona tracing

Will deepfake disguises hit a video conference near you, can Coronavirus-tracing apps be trusted, and should Facebook shut down anti-quarantine events?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.