Security threats

700 million reasons for Equifax to remember to patch its vulnerable IT systems in future

Equifax has agreed to pay up to $700 million in a FTC settlement following its 2017 data breach.


1 min read

bitdefender.com

iCloud account hacker jailed for three years after preying on rappers and sports celebrities

A man, who posed as an Apple customer support representative for three years, has been sentenced to federal prison after breaking into the accounts of rappers, as well as NBA and NFL players.

Read more in my article on the Hot for Security blog.


0 sec read

No, the Met Police wasn’t hacked. But its Twitter account and website were hijacked

Late on Friday night, some rather out-of-character tweets seemed to be coming out of New Scotland Yard.

The Twitter account of London’s Metropolitan Police (@metpoliceuk) broadcast to its more than one million followers a series of bizarre and sometimes offensive messages.


1 min read

tripwire.com

Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2,300 PCs running the outdated operating system.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Security researcher arrested after data on every adult in Bulgaria hacked from government site

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.


1 min read

Smashing Security #137: Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED

Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody’s account.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.


1 min read

Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission.

Apple pushes out further silent updates to protect users from sketchy app behaviour.


1 min read

bitdefender.com

How any Instagram account could be hacked in less than 10 minutes

A security researcher has been awarded $30,000 after discovering a serious vulnerability that could potentially have put any Instagram account at risk of being hacked.

Read more in my article on the Hot for Security blog.


0 sec read

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.


1 min read

tripwire.com

Apple says its Walkie-Talkie app could be exploited to spy on iPhones

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.


1 min read

Did a hacked smart TV upload footage of couple having sofa sex to a porn website?

A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.

But I’ve got a number of questions…


1 min read

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.

Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.


3 min read

tripwire.com

British Airways faces record £183 million GDPR fine after data breach

British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen.

Read more about what you need to know in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Derp! DDoS attacker who brought down EA, Sony, and Steam jailed for 27 months

A 23-year-old man has plenty of time to mull over whether it’s funny to launch distributed denial-of-service attacks against online video gaming services, after he was sentenced to prison this week.

Read more in my article on the Hot for Security blog.


0 sec read

St John Ambulance service hit by ransomware attack

The UK’s St John Ambulance service says that it was hit by a ransomware attack earlier this week, but if the attackers hoped they might massively disrupt the volunteer first aid service then they’ll be massively disappointed.


1 min read