Security threats

Smashing Security #161: Love, lucky dips, and 23andMe

The man who hacked the UK National Lottery didn’t end up a winner, Japanese Love hotel booking tool suffers a data breach, and just what is 23andMe planning to do with your DNA?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

PussyCash adult webcam data breach exposes highly sensitive data of models

You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.

Travelex warns customers of phone scam threat in wake of ransomware attack

Members of the public who have found themselves out-of-pocket or inconvenienced by the ongoing problems at Travelex after it suffered a ransomware attack on New Year’s Eve, are being warned to watch out for email and phone scammers taking advantage of the situation.

Critical Windows 10 security fix pushed out after NSA warns Microsoft of spying vulnerability

Hundreds of millions of Windows 10 users are having an important patch rolled out to their computers today after Microsoft was warned by the NSA of a serious security hole in the operating system.

Boing Boing bounces back after hack attempted to infect users with fake Adobe Flash update

The extremely popular Boing Boing blog was hacked by an unknown party who planted malicious code into the site’s WordPress theme.

If you fear your computer may have been compromised you may be wise to run an up-to-date anti-virus program.

27% of Windows users are still running Windows 7. They need to stop now

At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system.

Travelex wants you to know that everything’s going really really well

Apparently the world’s largest foreign exchance service is making “good progress” following the attack which knocked out its systems two weeks ago.

Move along, nothing to see here.

Cable Haunt: Hundreds of millions of cable modems may be vulnerable to hijacking attack

Researchers warn that your cable modem might be vulnerable to hijacking, due to a critical security vulnerability in its Broadcom firmware.

Learn more now.

Shitrix: Hackers target unpatched Citrix systems over weekend

Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.

Take action to protect your systems now before the exploit hits you in the face.

Graham Cluley on the Totally Unprepared Politics podcast

Just before the UK’s General Election in December, I recorded an interview with the “Totally Unprepared Politics” podcast.

Thanks to Adill Al-ashgar for inviting me on the show. And don’t worry, although we do touch on some politics, it’s mostly about cybersecurity.

bitdefender.com

Cryptojacked routers reduce by 78% in SE Asia following Operation Goldfish Alpha

Operation Goldfish Alpha was a six-month effort to secure hacked devices across Southeast Asia.

Read more in my article on the Bitdefender BOX blog.

Stop everything. Update Firefox now

A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.

Make sure you are running the very latest version of Firefox.

tripwire.com

Man jailed for using webcam RAT to spy on women in their bedrooms

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #160: SNAFUs! MS Word, Amazon Ring, and TikTok

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you’re comfortable with, and how teens are flocking to TikTok (and why that might be a problem).

All this and much more is covered in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

City of Las Vegas wakes up to a cyber attack

In the early hours of Tuesday morning, city officials in Las Vegas were alerted that their computer network had suffered a security breach.

If it’s a ransomware attack, it sounds unlikely that they’ll be willing to give in to the extortionists’ demands.

“Planned maintenance”? Travelex’s masterclass in how not to respond to a cyberattack

For days Travelex’s website has said it was down for “planned maintenance”.

Now it finally admits that the company is struggling with a ransomware outbreak that has disrupted its online services.