Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.
After all, leaving it until four years later looks a little bit… slack.
Author Archives: Graham CLULEY
Thousands of NHS computers are still running Windows XP from beyond the grave
Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2300 PCs running the outdated operating system.
Read more in my article on the Tripwire State of Security blog.
Security researcher arrested after data on every adult in Bulgaria hacked from government site
Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.
Smashing Security #137: Porn trolling lawyers, Insta hacking, and Ctrl-Alt-LED
Erection your honour! Lawyers find themselves behind bars after they make porn movies in an attempt to scam internet users, boffins in Israel detail a way to steal data from an air-gapped computer, and Instagram coughs up $30,000 after a researcher finds a simple way to hack into anybody’s account.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.
Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps
RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission.
Apple pushes out further silent updates to protect users from sketchy app behaviour.
Alan Turing – the face of the new £50 note
The Bank of England has announced that Alan Turing’s face will grace the new £50 note.
How any Instagram account could be hacked in less than 10 minutes
A security researcher has been awarded $30,000 after discovering a serious vulnerability that could potentially have put any Instagram account at risk of being hacked.
Read more in my article on the Hot for Security blog.
Apple pushes out silent update to remove sketchy Zoom code from Macs
Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.
It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.
Apple says its Walkie-Talkie app could be exploited to spy on iPhones
Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge.
Read more in my article on the Tripwire State of Security blog.
Unlock the power of threat intelligence with this practical guide. Get your free copy now
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.” It’s aimed at helping security professionals realize the advantages of threat […]
Smashing Security #136: Oops, we created Iran’s hacking exploit
Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.
Marriott faces £99.2 million fine after hack exposed 393 million hotel guest records
The UK’s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International £99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests.
Read more in my article on the Hot for Security blog.
Did a hacked smart TV upload footage of couple having sofa sex to a porn website?
A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.
But I’ve got a number of questions…
Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click
If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.
Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.
British Airways faces record £183 million GDPR fine after data breach
British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen.
Read more about what you need to know in my article on the Tripwire State of Security blog.
Derp! DDoS attacker who brought down EA, Sony, and Steam jailed for 27 months
A 23-year-old man has plenty of time to mull over whether it’s funny to launch distributed denial-of-service attacks against online video gaming services, after he was sentenced to prison this week.
Read more in my article on the Hot for Security blog.
St John Ambulance service hit by ransomware attack
The UK’s St John Ambulance service says that it was hit by a ransomware attack earlier this week, but if the attackers hoped they might massively disrupt the volunteer first aid service then they’ll be massively disappointed.
Smashing Security #135: Zombie grannies and unintended leaks
We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.
You lost US Customs Border data? You’re losing your government contracts…
“Evidence of conduct indicating a lack of business honesty or integrity” led to suspension of federal contracts for hacked subcontracting firm.
US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!
US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activities.
Read more in my article on the Hot for Security blog.
Ex-Equifax CIO, who knew about huge data breach, jailed for insider trading
So, just what was Equifax doing during those 40 days between discovering it had been hacked and sharing the bad news with the world?
Well, now we know. Or at least we know what Jun Ying, the CIO of Equifax US Information Solutions, was doing.
Malware makes an exhibition of itself
If you happen to be in the Netherlands in the next few months you may be interested in dropping into an unusual art exhibition.
From Friday 5 July until 10 November, you’ll be able to check out “Malware: Symptoms of Viral Infection” at the Het Nieuwe Instituut in Rotterdam.
Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 servers
Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.
Read more in my article on the Hot for Security blog.
After €24 million stolen by typosquatting a cryptocurrency exchange, six people arrested
European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 millon) stolen from users of cryptocurrency exchange.
Read more in my article on the Tripwire State of Security blog.
Smashing Security #134: Sextortion, silicone face masks, and a DDoS doofus
Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.