Phishing

Smashing Security #172: UncleF***Face

Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he’s bought a Facebook Portal for his in-laws.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault.

Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims

In recent days warnings have spread rapidly across social networking sites that the Houseparty app – which makes it easy for anyone to drop in for a video chat with friends locked down during the Coronavirus pandemic – is unsafe.

But is there any evidence?

bitdefender.com

UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak.

Read more in my article on the Hot for Security blog.

tripwire.com

Phishing attacks exploit YouTube redirects to catch the unwary

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #169: Burglaries, breaches, and bidets

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

bitdefender.com

2FA is being pushed out to all Google Nest users to better protect their accounts

If a Google Nest account is compromised by a malicious hacker that’s not bad news for the legitimate owner of the account, it’s also bad news for Google.

So that’s why they’re trying to do something about it…

Read more in my article on the Bitdefender Box blog.

Coronavirus phishing attack disguises as a message from the Center for Disease Control

Once again we’re reminded that cold-hearted scammers and fraudsters don’t have any qualms about exploiting human misery, and are prepared to do anything if it might net them a rich reward.

Smashing Security #164: A bitter pill to swallow

A gallery is tricked into giving millions to a fraudster, software tells doctors to push opioids onto patients, and an artist finds a novel way to trick Google Maps into thinking there’s a traffic jam.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

bitdefender.com

Man admits hacking Nintendo, leaking details of Switch games console

Despite a previous brush with the law, Ryan Hernandez went on to hack and hack again.

Read more in my article on the Hot for Security blog.

bitdefender.com

Yes, MFA isn’t perfect. But that’s not a reason for your company not to use it

Multi-factor authentication is one of the simplest steps you can take to harden your security. It would be an enormous mistake to think it is worthless just because it’s not a perfect solution.

Read more in my article on the Bitdefender Business Insights blog.

Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States

Elliott Gunton – aka “Glubz” – is charged in relation to the December 2017 security breach of cryptocurrency exchange EtherDelta.

Won a free iPhone? No, it’s Calendar spam

An increasing number of people are reporting that their calendars are being bombarded with spam invitations. Here is how to stop them appearing in your Google calendar.

tripwire.com

Block newly-registered domains to reduce security threats in your organisation

Security researchers propose that there might be an additional simple step your company might like to take to better defend your users against threats: aggressively block all domains less than one month old.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #138: Logic bombs, brain data exploitation, and Digga D tweets

Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police’s Twitter account and website?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.

Police arrest man after Lancaster University hacking attack

Police have arrested a 25-year-old man in connection with a data breach at Lancaster University that saw student records and applicant’s personal details compromised.

Sky worries users with phishy-looking password reset email

Sky could have done a better job when they designed their customer email to make it look less suspicious.