vulnerability

Smashing Security #157: A biometric knuckle duster

What is Kaspersky’s ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


1 min read

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.


2 min read

bitdefender.com

Hackers attack OnePlus again – this time stealing customer details

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Millions of Android phones may be vulnerable to camera spying vulnerability

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Only after running out of hard disk space did firm realise hacker had stolen one million users’ details

Yet another company has been found woefully lacking when it comes to securing consumers’ data.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

Read more in my article on the Hot for Security blog.


0 sec read

After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign

The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency miner on unpatched Windows PCs.


1 min read

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #152: Cats, hoodies, and rent

What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.


1 min read

Japanese hotel robots can be hacked to spy on guests in their bedrooms

A Japanese hotel chain has had to update its in-room robots, after a security researcher discovered they could be easily hacked to allow anyone access to their camera and microphone.


1 min read

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…


2 min read

Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.


56 sec read

Toms Shoes newsletter “hacked by a nice man”

Footwear retailer Toms has had its email newsletter compromised by someone who calls himself “a nice man”.

And he has strong opinions on the behaviour of other hackers…


1 min read

How a GIF could let a hacker view your WhatsApp messages

A flaw in WhatsApp could have allowed hackers to snoop upon your chat history just by tricking you into opening a boobytrapped GIF image.

If you’re going to run WhatsApp, make sure that it’s properly updated.


1 min read

It’s been a couple of days, so Apple releases yet another iOS update

Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.


1 min read