Malware

tripwire.com

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #153: Cybercrime doesn’t pay (but Uber does)

The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.


1 min read

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #151: Frankly, sometimes paying the ransom is a good idea

Remember how the City of Baltimore was badly hit by ransomware earlier this year? Turns out that wasn’t the end of their problems. Also, Carole takes a look at how smart speakers can be hacked to trick you into giving criminals your passwords or even credit card details. And we discuss the findings of the LastPass global password security report.

All this, and much much more, in the latest “Smashing Security” podcast.


2 min read

Avast fends off hacker who breached its internal network in copycat CCleaner attack

Czech anti-virus firm Avast has been targeted for a second time by hackers seemingly attempting to plant malware inside a malicious CCleaner update.


1 min read

bitdefender.com

Ransomware attack hits Pitney Bowes, impacting company mail rooms around the world

Global shipping and mailing service Pitney Bowes has fallen foul of a ransomware attack that has encrypted data on its computer systems and disrupted customer access to its online services.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Ransomware victim hacks attacker, turning the tables by stealing decryption keys

A victim of the Muhstik ransomware paid his attackers money to recover his files, but then wrought his revenge by hacking them right back.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Hearing aid manufacturer hit by cyber attack slashes profits by $95 million

Demant, the manufacturer of Oticon hearing aids, has said that it expects losses of up to 650 million kroner (approximately $95 million) following a cyber attack earlier this month.


2 min read

tripwire.com

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

Hackers who hit Texas with ransomware attack demanded $2.5 million, got nothing

Although it may have cost Texas more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks.


1 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

tripwire.com

Block newly-registered domains to reduce security threats in your organisation

Security researchers propose that there might be an additional simple step your company might like to take to better defend your users against threats: aggressively block all domains less than one month old.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

Read more in my article on the Hot for Security blog.


0 sec read