Privacy

Security researcher arrested after data on every adult in Bulgaria hacked from government site

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.


1 min read

Smashing Security #137: Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED

Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody’s account.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.


1 min read

Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission.

Apple pushes out further silent updates to protect users from sketchy app behaviour.


1 min read

bitdefender.com

How any Instagram account could be hacked in less than 10 minutes

A security researcher has been awarded $30,000 after discovering a serious vulnerability that could potentially have put any Instagram account at risk of being hacked.

Read more in my article on the Hot for Security blog.


0 sec read

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.


1 min read

tripwire.com

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.


1 min read

Did a hacked smart TV upload footage of couple having sofa sex to a porn website?

A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.

But I’ve got a number of questions…


1 min read

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.

Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.


3 min read

Smashing Security #135: Zombie grannies and unintended leaks

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.


1 min read

You lost US Customs Border data? You’re losing your government contracts…

“Evidence of conduct indicating a lack of business honesty or integrity” led to suspension of federal contracts for hacked subcontracting firm.


1 min read

bitdefender.com

Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 servers

Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Bought a second-hand Nest Cam? It might have been spying on you

Even if you initiated a factory reset of the popular Nest Cam Indoor home security camera, connected to third-party partner services via Works with Nest, it might still be possible for a user to access its video feed.

Read more in my article on the Bitdefender BOX blog.


0 sec read

400GB of hacked files from US border surveillance contractor are available for anyone to download

Stolen CBP data has been distributed via torrent sites, and is now available for anyone to download.


1 min read

WeTransfer security failure results in file transfer emails being sent to the wrong people

WeTransfer, the popular online service for sharing large files easily without having to worry about gobbling up email inbox quotas, has suffered what the company is calling a “security incident.”


1 min read

Smashing Security #133: Cookie cock-ups, Hong Kong protests, and smart TV virus scans

We head to Hong Kong to look at how technology has helped anti-government protesters (and how China has tried to disrupt it), Samsung is skittish over whether to tell TV owners to virus-scan their devices, and you won’t believe whose website is not GDPR-compliant.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson.


1 min read