Vulnerability

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


1 min read

Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?

The sad truth is that we may never know for sure… but intelligence agencies might.


2 min read

TheHackerGiraffe says he’s retired from hacking smart TVs to promote PewDiePie

TheHackerGiraffe, the hacker who breached innocent users’ unsecured printers, Google Chromecast streaming devices, and smart TVs to promote the PewDiePie YouTube channel, has announced his retirement.


2 min read

tripwire.com

Hackers demand ransom from Dublin’s tram system, after Luas website defaced

The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor

Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The CyberWire’s Dave Bittner.


1 min read

Facebook waited months before admitting privacy bug exposed millions of users’ unposted photos

At the end of last week Facebook revealed that an API bug had given developers of third-party apps access to the photos of millions of users.

But Facebook didn’t find out about the problem last week. It found out about it in September.


1 min read

Supermicro says independent investigation found no spy chips on its motherboards

An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.


1 min read

Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.


1 min read

tripwire.com

US charges Iranian hackers for SamSam ransomware attacks

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Germany proposes security guidelines for routers, but not everybody is happy

The German government has published draft guidelines on how it believes broadband routers should be secured. But some people think more could be done.

Read more in my article on the Bitdefender Box blog.


0 sec read

More details on One Planet York app vulnerability don’t paint council in a good light

New information has come to light which makes it more difficult to defend York city council’s actions and communications in response to being told about a vulnerability in its One Planet York app.


1 min read

Did UK city council over-react to a vulnerability report in its recycling app or not?

Some in the computer security community feel that the council over-reacted by reporting the incident to the police.

I’m not so sure.


2 min read

bitdefender.com

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Two friends jailed for TalkTalk hack plot

Judge describes men connected to TalkTalk hack as “individuals of extraordinary talent.” Sigh…

Read more in my article on the Hot for Security blog.


0 sec read

Vision Direct hack reveals customer credit card details

Criminals planted credit-card skimming code on Vision Direct online store.


1 min read

tripwire.com

20% of MageCart-compromised merchants get reinfected within days

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again.

Read more in my article on the Tripwire State of Security blog.


0 sec read