data breach

Smashing Security #172: UncleF***Face

Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he’s bought a Facebook Portal for his in-laws.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault.

Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims

In recent days warnings have spread rapidly across social networking sites that the Houseparty app – which makes it easy for anyone to drop in for a video chat with friends locked down during the Coronavirus pandemic – is unsafe.

But is there any evidence?

bitdefender.com

Cybersecurity insurance firm Chubb investigates its own ransomware attack

A notorious ransomware gang claims to have successfully compromised the infrastructure… of a company selling cyberinsurance.

Read more in my article on the Hot for Security blog.

tripwire.com

Third-party data breach exposes GE employees’ personal information

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider.

Read more in my article on the Tripwire State of Security blog.

Security firm leaves more than five billion records exposed on unsecured database

A massive database, containing more than five billion records derived from past security breaches between 2012 and 2019, has been left unprotected, without any password protection on the internet.

And who left it exposed? A security firm.

bitdefender.com

More business websites hit by credit-card skimming malware

In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.

Read more in my article on the Bitdefender Business Insights blog.

Smashing Security #169: Burglaries, breaches, and bidets

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

bitdefender.com

Secret-sharing app Whisper failed to keep users’ fetishes and locations private

Security researchers raised the alarm after discovering that hundreds of millions of Whisper users’ intimate messages, tied to their locations, had been left publicly available since the app’s launch in 2012.

Read more in my article on the Hot for Security blog.

Comcast Xfinity published the contact details of 200,000 customers who paid for them to be kept private

Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory… putting their safety and privacy at risk.

Virgin Media left 900,000 consumers’ details exposed in unsecured database

One of the UK’s largest internet providers has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.

Exposed data included records which could have linked users to pornographic websites.

bitdefender.com

Cathay Pacific slammed for security failures following hack which exposed 9.4 million people worldwide

The UK’s Information Commissioner’s Office (ICO) has fined Cathay Pacific for “a number of basic security inadequacies” which resulted in hackers stealing the data of 9.4 million people worldwide – including 111,578 from the UK.

Read more in my article on the Hot for Security blog.

tripwire.com

MGM Resorts hacked: 10.6 million guests have their personal data exposed on hacking forum

Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

China denies it was behind the Equifax hack, as four men charged for data breach

China has denied that it was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens.

Read more in my article on the Hot for Security blog.

tripwire.com

How your screen’s brightness could be leaking data from your air-gapped computer

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer.

Read more in my article on the Tripwire State of Security blog.

Twitter security hole allowed state-sponsored hackers to match phone numbers to usernames

Twitter admits to a bug that might have put privacy-conscious users at risk – by revealing what phone numbers are associated with which Twitter accounts.

bitdefender.com

Man admits hacking Nintendo, leaking details of Switch games console

Despite a previous brush with the law, Ryan Hernandez went on to hack and hack again.

Read more in my article on the Hot for Security blog.