Security threats

Smashing Security #146: Password secrets and baking brownies

In the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault, Carole has suffered an injury, we journey back in time to one of our earliest episodes to discuss the perils of passwords, and Rachael Stockton from LastPass drops by for a chat.


55 sec read

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

How to get away with hacking a US satellite

The US Air Force wants to know if you can hijack control of an orbiting satellite and turn its camera from staring at Earth to point at the moon instead.

Read more in my article on the Hot for Security blog.


0 sec read

LastPass users automatically updated to fix security vulnerability in browser extension

Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.


1 min read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

tripwire.com

Toyota parts supplier loses $37 million in email scam

Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Wikipedia and World of Warcraft Classic targeted by DDoS attacks

Uou can imagine the pain that was caused to pub quiz cheats and students writing essays this weekend when crowd-sourced internet encyclopedia Wikipedia, one of the world’s most popular websites, was hit by a distributed denial-of-service attack.

Read more in my article on the Hot for Security blog.


0 sec read

Hackers who hit Texas with ransomware attack demanded $2.5 million, got nothing

Although it may have cost Texas more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks.


1 min read

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…


2 min read

bitdefender.com

CEO voice deepfake blamed for scam that stole $243,000

A company is said to have lost €220,000 (approximately $243,000) after receiving a phone call from a boss requesting the money be transferred into a supplier’s bank account.

But it wasn’t the real boss on the phone…

Read more in my article on the Hot for Security blog.


0 sec read

Chinese tech firm Huawei says it was hacked by the United States

The Chinese technology giant says the United States has launched hacking attacks against its intranet and internal network.

But attributing a cyber attack to a particular party is notoriously difficult. It would certainly be just as fascinating to see Huawei’s reasons why it believes the USA hacked it, as to see what evidence the United States has against Huawei.


1 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

Join me for a webinar about making cybersecurity relevant in modern day culture

Next week, on Thursday 12th September 2019 at 3pm UK (that’s 10am EST), I’ll be participating in a webinar hosted by The Register alongside MetaCompliance’s Robert O’Brien – and I’d love it if you joined in!


44 sec read

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.


0 sec read

Hear me speak at “Conversations from the Vault” in London

You may already be going to be there without realising it, as the event is happening at the same place as IDC’s Identity & Privacy Conference.


45 sec read

bitdefender.com

The top reason businesses make a cyber insurance claim – Business Email Compromise

AIG, one of the largest insurance companies in the world, has issued a report which reveals that there is a new leader in the list of top threats causing losses for businesses.

Read more in my article on the Bitdefender Business Insights blog.


0 sec read