Vulnerability

Smashing Security #109: Grinches target Amazon and Reddit, stealing Christmas from the poor

Join us for our special Christmas episode as we tell tales of printer hacking, website defacement, Grinches, and how Google is snooping on your private YouTube videos.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The CyberWire’s Dave Bittner.


1 min read

Facebook waited months before admitting privacy bug exposed millions of users’ unposted photos

At the end of last week Facebook revealed that an API bug had given developers of third-party apps access to the photos of millions of users.

But Facebook didn’t find out about the problem last week. It found out about it in September.


1 min read

Supermicro says independent investigation found no spy chips on its motherboards

An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.


1 min read

Google admits Google Plus hit by *another* privacy flaw, speeds up site’s closure

Google has admitted that Google Plus suffered another security failure last month, allowing the personal information of 52 million users to be accessed by third-party apps and developers without permission.


1 min read

tripwire.com

US charges Iranian hackers for SamSam ransomware attacks

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Germany proposes security guidelines for routers, but not everybody is happy

The German government has published draft guidelines on how it believes broadband routers should be secured. But some people think more could be done.

Read more in my article on the Bitdefender Box blog.


0 sec read

More details on One Planet York app vulnerability don’t paint council in a good light

New information has come to light which makes it more difficult to defend York city council’s actions and communications in response to being told about a vulnerability in its One Planet York app.


1 min read

Did UK city council over-react to a vulnerability report in its recycling app or not?

Some in the computer security community feel that the council over-reacted by reporting the incident to the police.

I’m not so sure.


2 min read

bitdefender.com

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Two friends jailed for TalkTalk hack plot

Judge describes men connected to TalkTalk hack as “individuals of extraordinary talent.” Sigh…

Read more in my article on the Hot for Security blog.


0 sec read

Vision Direct hack reveals customer credit card details

Criminals planted credit-card skimming code on Vision Direct online store.


1 min read

tripwire.com

20% of MageCart-compromised merchants get reinfected within days

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw

Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #103: An Instagram nightmare, crazy iPhone deaths, and election hack claims

One travel blogger finds you don’t have to be Kylie Jenner to be targeted by an Instagram hacker. When 40 iPhones at a hospital mysteriously die, what could be the explanation? And, surprise surprise, political parties in the USA are throwing around hacking accusations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Naked Security’s Mark Stockley.


2 min read

bitdefender.com

Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

The latest iOS passcode bypass bug appears to have been introduced by Apple’s new Group Facetime feature.

Read more in my article on the Hot for Security blog.


0 sec read

Videos and MS Office documents – ingredients for a malware attack

Security researchers say that they have uncovered a new way to serve up malware to computer users, by exploiting the way in which videos are embedded inside Microsoft Office documents.

And Microsoft has no plans to fix it.


1 min read