vulnerability

Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know

An investigation has concluded that Jeff Bezos’s smartphone was hacked after receiving a WhatsApp message from Mohammed bin Salman.

Read more about the background behind the story, and what we know so far.

Good news. Citrix delivers first patches to mop up Shitrix flaw that is being actively exploited

Over the weekend Citrix announced that its plans to release patches for critical vulnerabilities in its technology, used by tens of thousands of businesses worldwide, have significantly sped up.

Hackers are closing the Shitrix security hole to keep everyone out of Citrix servers apart from themselves

The hackers cleaning up Shitrix-vulnerable Citrix equipment are no modern day Robin Hoods.

They’re inoculating vulnerable devices from further Shitrix attacks, but at the same time opening a secret backdoor to allow future cybercriminal campaigns.

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

Critical Windows 10 security fix pushed out after NSA warns Microsoft of spying vulnerability

Hundreds of millions of Windows 10 users are having an important patch rolled out to their computers today after Microsoft was warned by the NSA of a serious security hole in the operating system.

Boing Boing bounces back after hack attempted to infect users with fake Adobe Flash update

The extremely popular Boing Boing blog was hacked by an unknown party who planted malicious code into the site’s WordPress theme.

If you fear your computer may have been compromised you may be wise to run an up-to-date anti-virus program.

27% of Windows users are still running Windows 7. They need to stop now

At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system.

Cable Haunt: Hundreds of millions of cable modems may be vulnerable to hijacking attack

Researchers warn that your cable modem might be vulnerable to hijacking, due to a critical security vulnerability in its Broadcom firmware.

Learn more now.

Shitrix: Hackers target unpatched Citrix systems over weekend

Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.

Take action to protect your systems now before the exploit hits you in the face.

bitdefender.com

Cryptojacked routers reduce by 78% in SE Asia following Operation Goldfish Alpha

Operation Goldfish Alpha was a six-month effort to secure hacked devices across Southeast Asia.

Read more in my article on the Bitdefender BOX blog.

Stop everything. Update Firefox now

A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild.

Make sure you are running the very latest version of Firefox.

bitdefender.com

Hackers steal credit card details from Sweaty Betty customers

Women’s activewear retailer Sweaty Betty has emailed some of its customers warning that their payment card details may have been compromised by malicious code running on its website.

Read more in my article on the Hot for Security blog.

Smashing Security #157: A biometric knuckle duster

What is Kaspersky’s ugly ring for? Is there something suspicious about how NordVPN lets you stream Disney+? And why did a hacker impersonate a music producer?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.

bitdefender.com

Hackers attack OnePlus again – this time stealing customer details

Hackers have once again successfully compromised the website of Chinese phone manufacturer OnePlus, opening up opportunities for online criminals to target the company’s customers.

Read more in my article on the Hot for Security blog.

bitdefender.com

Millions of Android phones may be vulnerable to camera spying vulnerability

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.