Daily Archives: July 8, 2018

Nostalgic social network ‘Timehop’ loses data from 21 million users

Probably wishes it could go back in time and run 2FA, cos lack of it sparked the leak

A service named “Timehop” that claims it is “reinventing reminiscing” – in part by linking posts from other social networks – probably wishes it could go back in time and reinvent its own security, because it has just confessed to losing data describing 21 million members and can’t guarantee that the perps didn’t slurp private info from users’ social media accounts.…

Smartphone Hackers Can Get Data by Analyzing Touchscreen User Interactions

A team of cybersecurity researchers at Ben-Gurion University of the Negev (BGU) has demonstrated that valuable user information can be exfiltrated by tracking smartphone touch movements to impersonate a user on compromised, third party touchscreens while sending emails, conducting financial transactions or even playing games.

6 Steps for Establishing and Maintaining Digital Integrity

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or […]… Read More

The post 6 Steps for Establishing and Maintaining Digital Integrity appeared first on The State of Security.

How to Ensure Safety from Fraud Within Your Business

Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud that led […]… Read More

The post How to Ensure Safety from Fraud Within Your Business appeared first on The State of Security.

Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode

Looking for another great cyber podcast? CyberTangent is your new home with expert guests every episode

Graham Cluley Security News is sponsored this week by the folks at Nehemiah Security. Thanks to the great team there for their support!

Nehemiah Security’s “CyberTangent” is a podcast focused on topics like Security Risk Management, Cyber Risk Analytics, Malware Hunting, and more.

This specific episode of “CyberTangent” features our favorite guest, Graham Cluley himself! In this episode, we get to know Graham a little better, starting with how he got into the cybersecurity space and ending with his “love language.”

Start listening now to “CyberTangent”!


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Ep. 107 – All Your Bias Are Belong to Us with Paolo Gaudiano

Biases – we all have them.  Are they useful? What do they tell us about ourselves or corp culture? And most importantly, how can a social engineer use them. Join us with Paolo Gaudiano in this excellent podcast. July 09, 2018

Contents

Download

Ep. 107 – All Your Bias Are Belong to Us with Paolo Gaudiano

Miro Video Player

Get Involved

Got a great idea for an upcoming podcast? Send us a quick message on the contact form!

Enjoy the Outtro Music? Thanks to Clutch for allowing us to use Son of Virginia as our new SEPodcast Theme Music

And check out a schedule for all our training at Social-Engineer.Com

Check out the Innocent Lives Foundation to help unmask online child predators.

The post Ep. 107 – All Your Bias Are Belong to Us with Paolo Gaudiano appeared first on Security Through Education.

Tech Scammers Exploit "Download Bomb Trick" in Chrome and Other Browsers




The 'Download Bomb Bug' that was found in Google Chrome 65 in March 2018 has been again discovered in Google Chrome 67 and it appears that this time it has also affected other browsers like Vivaldi, Opera, Firefox, and Brave. 


The bug starts downloading hundreds of thousands of parallel downloads to freeze a web browser on a single page. Once users web browser is frozen successfully, then scam websites prompt a tech support number to unfreeze their browsers.

According to Bleeping Computer, tech scammers "used the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to initiate thousands of downloads one after the other to freeze Chrome browsers on tech support sites."


It is being reported that many variations of this trick have been used by tech support scammers to encapsulate users on malicious sites that lure victims into calling a number connected with shady organizations to have their browser unlocked. Meanwhile, hackers on the other end demand a high price in order to unlock the browser.

Google has successfully fixed the bug in Chrome 65, but it has now resurfaced in its latest version i.e. Chrome 67.  The bug was found by an anti-virus provider Malwarebytes, in February reports that Mozilla could be susceptible to it as well.

However, researchers have found that Microsoft Edge and Internet Explorer are unaffected by this bug.