phishing

Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims

In recent days warnings have spread rapidly across social networking sites that the Houseparty app – which makes it easy for anyone to drop in for a video chat with friends locked down during the Coronavirus pandemic – is unsafe.

But is there any evidence?

bitdefender.com

UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak.

Read more in my article on the Hot for Security blog.

tripwire.com

Phishing attacks exploit YouTube redirects to catch the unwary

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

2FA is being pushed out to all Google Nest users to better protect their accounts

If a Google Nest account is compromised by a malicious hacker that’s not bad news for the legitimate owner of the account, it’s also bad news for Google.

So that’s why they’re trying to do something about it…

Read more in my article on the Bitdefender Box blog.

Coronavirus phishing attack disguises as a message from the Center for Disease Control

Once again we’re reminded that cold-hearted scammers and fraudsters don’t have any qualms about exploiting human misery, and are prepared to do anything if it might net them a rich reward.

bitdefender.com

Man admits hacking Nintendo, leaking details of Switch games console

Despite a previous brush with the law, Ryan Hernandez went on to hack and hack again.

Read more in my article on the Hot for Security blog.

tripwire.com

12 year jail sentence for man who hacked Los Angeles Superior Court to send two million phishing emails

A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court, and then using it to send two million phishing emails.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Yes, MFA isn’t perfect. But that’s not a reason for your company not to use it

Multi-factor authentication is one of the simplest steps you can take to harden your security. It would be an enormous mistake to think it is worthless just because it’s not a perfect solution.

Read more in my article on the Bitdefender Business Insights blog.

Won a free iPhone? No, it’s Calendar spam

An increasing number of people are reporting that their calendars are being bombarded with spam invitations. Here is how to stop them appearing in your Google calendar.

tripwire.com

Block newly-registered domains to reduce security threats in your organisation

Security researchers propose that there might be an additional simple step your company might like to take to better defend your users against threats: aggressively block all domains less than one month old.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #138: Logic bombs, brain data exploitation, and Digga D tweets

Logic bombs in Excel spreadsheets, how should we protect our brain data from big companies, and how did bizarre messages about Drill rap end up on the Metropolitan Police’s Twitter account and website?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BJ Mendelson.

Sky worries users with phishy-looking password reset email

Sky could have done a better job when they designed their customer email to make it look less suspicious.

bitdefender.com

iCloud account hacker jailed for three years after preying on rappers and sports celebrities

A man, who posed as an Apple customer support representative for three years, has been sentenced to federal prison after breaking into the accounts of rappers, as well as NBA and NFL players.

Read more in my article on the Hot for Security blog.

No, the Met Police wasn’t hacked. But its Twitter account and website were hijacked

Late on Friday night, some rather out-of-character tweets seemed to be coming out of New Scotland Yard.

The Twitter account of London’s Metropolitan Police (@metpoliceuk) broadcast to its more than one million followers a series of bizarre and sometimes offensive messages.

Smashing Security #135: Zombie grannies and unintended leaks

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.

tripwire.com

After €24 million stolen by typosquatting a cryptocurrency exchange, six people arrested

European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 millon) stolen from users of cryptocurrency exchange.

Read more in my article on the Tripwire State of Security blog.