Author Archives: Graham CLULEY

Smashing Security #065: Cryptominomania, Poppy, and your Amazon Alexa

Smashing Security #065: Cryptominomania, Poppy, and your Amazon Alexa

Cryptomining goes nuclear, YouTube for Kids gets scary, and TV ads have been given the green light to mess with your Amazon Alexa.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

How a Bitcoin phishing gang made $50 million with the help of Google AdWords

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.

The post How a Bitcoin phishing gang made $50 million with the help of Google AdWords appeared first on The State of Security.

The State of Security: How a Bitcoin phishing gang made $50 million with the help of Google AdWords

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.

The post How a Bitcoin phishing gang made $50 million with the help of Google AdWords appeared first on The State of Security.



The State of Security

Uh-oh. How just inserting a USB drive can pwn a Linux box

Remember the notorious Stuxnet worm?

It was a highly-sophisticated piece of malware – developed by the United States and Israeli intelligence – which targeted Iran’s Natanz uranium enrichment facility.

One of the things which made Stuxnet so notable was that it exploited a zero-day vulnerability in Windows, meaning that it could infect a Windows computer (even with Windows AutoRun and AutoPlay disabled) just by plugging in an infected USB stick.

The exploit was in how Microsoft Windows handled .LNK shortcut files, and meant that malicious code could be run on a computer without any user interaction – just inserting the thumb drive was enough.

Of course, this vulnerability was uncovered back in 2010. Nothing like that would ever happen these days… right?

Sadly for Linux users running the KDE Plasma desktop environment, they find themselves now facing a similar scenario. If anything it’s worse, according to a security advisory released late last week.

In short, if a USB memory stick is plugged into a vulnerable computer has a volume label containing the characters `` or $(), the text contained within the characters will be executed as shell commands.

Or, to put it another way, give a USB drive the volume name `rm -rf`, and hand it to a friend who runs KDE Plasma on their Linux box, and they won’t be your friend much longer.

Of course, this isn’t the sort of attack that could be conducted remotely. An attacker needs to have physical access to the vulnerable computer, or maybe sneakily leave it lying around in a car park in the hope that an unsuspecting user will plug it into their computer out of curiosity.

It’s easy to imagine how both malicious attackers and immature pranksters might attempt to abuse this flaw, so make sure that any vulnerable Linux computers under your control are properly protected.

KDE Plasma users are advised to update their systems as soon as possible to version 5.12.0 or later.

Astonishingly, in 2015 it was discovered that Microsoft’s 2010 attempt to patch the USB flaw had been insufficient, and so it had another go.

Let’s hope KDE Plasma has better luck than Microsoft.

HOTforSecurity: Uh-oh. How just inserting a USB drive can pwn a Linux box

Remember the notorious Stuxnet worm?

It was a highly-sophisticated piece of malware – developed by the United States and Israeli intelligence – which targeted Iran’s Natanz uranium enrichment facility.

One of the things which made Stuxnet so notable was that it exploited a zero-day vulnerability in Windows, meaning that it could infect a Windows computer (even with Windows AutoRun and AutoPlay disabled) just by plugging in an infected USB stick.

The exploit was in how Microsoft Windows handled .LNK shortcut files, and meant that malicious code could be run on a computer without any user interaction – just inserting the thumb drive was enough.

Of course, this vulnerability was uncovered back in 2010. Nothing like that would ever happen these days… right?

Sadly for Linux users running the KDE Plasma desktop environment, they find themselves now facing a similar scenario. If anything it’s worse, according to a security advisory released late last week.

In short, if a USB memory stick is plugged into a vulnerable computer has a volume label containing the characters `` or $(), the text contained within the characters will be executed as shell commands.

Or, to put it another way, give a USB drive the volume name `rm -rf`, and hand it to a friend who runs KDE Plasma on their Linux box, and they won’t be your friend much longer.

Of course, this isn’t the sort of attack that could be conducted remotely. An attacker needs to have physical access to the vulnerable computer, or maybe sneakily leave it lying around in a car park in the hope that an unsuspecting user will plug it into their computer out of curiosity.

It’s easy to imagine how both malicious attackers and immature pranksters might attempt to abuse this flaw, so make sure that any vulnerable Linux computers under your control are properly protected.

KDE Plasma users are advised to update their systems as soon as possible to version 5.12.0 or later.

Astonishingly, in 2015 it was discovered that Microsoft’s 2010 attempt to patch the USB flaw had been insufficient, and so it had another go.

Let’s hope KDE Plasma has better luck than Microsoft.



HOTforSecurity

WeLiveSecurity: All HTTP websites to soon be marked as “not secure” by Google Chrome

If you're still running a website that is still using insecure HTTP then it's time to wake up and drink the coffee. Because unless you take action soon, you're going to find many of your visitors are going to distrust your website.

The post All HTTP websites to soon be marked as “not secure” by Google Chrome appeared first on WeLiveSecurity



WeLiveSecurity

Apple’s iOS source code leak – what you need to know

What’s happened?

Earlier this week someone anonymously published a key piece of Apple’s iOS source code onto GitHub.

Which bit of iOS was it?

It was an integral part of iOS known as “iBoot” – the section of code which controls the security of your iPhone or iPad as it starts up.

So it’s an important part of iOS?

Very important and highly sensitive. The secure boot firmware ensures that iOS will only run apps digitally signed by Apple, and checks that the operating system has not been tampered with by a hacker.

Does that make this leak interesting to hackers?

Yes, and to other parties (I’m looking at you principally law enforcement agencies) who might be interested in finding vulnerabilities that could be exploited to help them compromise and unlock iOS devices.

So finding a vulnerability in iOS’s boot-up code could be pretty valuable?

Put it this way. Apple’s bug bounty program is prepared to pay you up to $200,000 for vulnerabilities you uncover in its secure boot firmware components. Chances are that there are others out there (intelligence agencies, for instance) who may be prepared to pay you even more.

Would Apple want code like that leaked to the public?

Definitely not. Apple is famous for its secrecy, and its desire to control information. Don’t believe me? If you’ve got a good memory you may recall the lengths it has gone to in its attempts to retrieve prototype iPhones when they have fallen into the laps of the media.

But more importantly than that – Apple knows that having access to this critical source code could provide a head-start for attackers looking for ways to exploit the operating system.

Give me some good news

As Motherboard describes, the leaked code appears to be for iOS version 9, which was released in September 2015.

Phew! I’m running iOS 11

Good for you! Unfortunately there’s a high chance that portions of the leaked code have remained the same in iOS 11. Furthermore, there are believed to be tens of millions of older iPhones and iPads in circulation that are still running iOS 9 as they are unable to be updated.

I think I still have an old iPad that only runs iOS 9. What should i do with it?

Sadly, from the security point of view, it’s coming to the end of its natural life. If you have devices running iOS 9 then you probably need to start thinking about moving to something else – at least for anything critical such as email or online banking – as they are no longer receiving security updates.

Also, always take care about the links which you click on – as you could be taken to a boobytrapped webpage designed to exploit a security hole that isn’t patched on your iOS 9 device.

So, I need more good news.

The code is no longer available on GitHub. Apple acted promptly after the first revelation that the sensitive source code had leaked and issued a DMCA legal notice demanding it be taken down.

However, anyone who was keen to get their hands on the code is now certain to have it in their possession.

Take care out there.

12 Common Threat Intelligence Use Cases

12 Common Threat Intelligence Use Cases

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

Recorded Future provides the only complete threat intelligence solution powered by patented machine learning to help security teams defend against cyberattacks.

Are you using threat intelligence to its full potential?

The term “threat intelligence” is often misunderstood and with so many security options out there, organizations struggle to find the right solution to meet their needs. The Gartner "Market Guide for Security Threat Intelligence Products and Services” explains the different use cases and how to best leverage threat intelligence in your organization.

You will learn how to:

  • Identify 12 common threat intelligence use cases.
  • Align these use cases to your specific requirements.
  • Implement strategies for getting value from threat intelligence.
  • Evaluate vendors based on your business needs.

Download this report to get clarity on threat intelligence definitions and learn how to make the right decisions for your organization today.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

The State of Security: Swisscom data breach exposes 800,000 customers

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers.

The post Swisscom data breach exposes 800,000 customers appeared first on The State of Security.



The State of Security

Smashing Security #064: So just a ‘teeny tiny’ security issue then?

Smashing Security #064: So just a 'teeny tiny' security issue then?

A Namecheap vulnerability allows strangers to make subdomains for your website, Troy Hunt examines password length, and ex-Google and Facebook employees are fighting to protect kids from social media addiction.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest HaveIBeenPwned's Troy Hunt.

Security hole meant Grammarly would fix your typos, but let snoopers read your every word

A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.

The Grammarly real-time spelling and grammar checker, which has over seven million daily users, describes itself as all you need to ensure that “everything you type is clear, effective, and mistake-free.”

As someone who is prone to getting muddled over whether to use “less” or “fewer”, or how to spell “accommodation”, I can certainly understand its appeal.

But by constantly looking over your shoulder at everything you type online, you want to be sure that Grammarly is taking proper care over the information it is proof-reading for you.

Perhaps, then, poor spellers around the world should be grateful that vulnerability hunter extraordinaire Tavis Ormandy of Google’s Project Zero group appears to have found what he described as a “high severity bug” before it was uncovered by anybody more malicious.

Ormandy discovered that a simple piece of JavaScript hidden on a malicious website could secretly trick the Grammarly extension for Firefox and Chrome into handing over a user’s authentication token.

With such a token, a malicious hacker could log into your Grammarly account, access Grammarly’s online editor, and unlock your “documents, history, logs, and all other data.”

The good news is that Grammarly responded with impressive speed after being informed of the problem by Ormandy. Even though the Google security researcher gave Grammarly 90 days to fix the issue, it was actually resolved within a few hours – a response time that Ormandy described as “really impressive.”

Grammarly turned to Twitter to reassure users that it had rolled out a patch for the bug, and that exploitation of the vulnerability was limited to text saved in the Grammarly Editor.

“This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the browser extension.”

“The bug is fixed, and there is no action required by our users.”

With an automatic update already rolled out to the Firefox and Chrome extension libraries, chances are that the problem has been fixed before it could be maliciously exploited. All the same, it’s impossible to be 100% certain that Tavis Ormandy was the first person in the world to uncover this particular bug – so it always makes sense to keep your eye open for suspicious activity.

Smominru! Half a million PCs hit by cryptomining botnet

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

The post Smominru! Half a million PCs hit by cryptomining botnet appeared first on The State of Security.

The State of Security: Smominru! Half a million PCs hit by cryptomining botnet

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves?

The post Smominru! Half a million PCs hit by cryptomining botnet appeared first on The State of Security.



The State of Security

Smashing Security #063: Carole’s back!

Ss episode 63 thumb

Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

Bitcoin hijack steals from both ransomware authors AND their victims

Talk about having a bad day…

First you get hit with ransomware, demanding you send a Bitcoin payment to anonymous hackers

Then you realise that you don’t have a secure backup of your files, so you’ll have to pay up to have any hope of getting your files back.

And finally, after you have worked out how to buy yourself some Bitcoins online, and as you are attempting to pay the hackers their ransom… the payment gets diverted to someone else entirely.

In short, your files are still encrypted, and you’ve lost all your money.

That’s the ultimate bad-day scenario being described by security researchers who claim to have identified a scam that both steals from ransomware authors and their victims.

Here’s the background.

It’s not at all unusual for ransomware to present victims with a demand that the ransom be paid via a Tor .onion site on the dark web. Of course, the typical victim of ransomware has probably never been on the dark web, and probably doesn’t have the first clue about how to install the Tor browser.

As a result, they might use a Tor proxy instead. Tor proxy services act as a man-in-the-middle, allowing anybody to simply enter a .onion address into a website – or add a suffix to the URL such as “.to” or “.top” – to have their request completed, with no need to install special software.

Of course, you are putting an enormous amount of trust in the hands of the Tor proxy service that they are not meddling with the information you are seeing – or indeed the data that you are sending.

Fascinatingly, security researchers say that they have uncovered evidence that at least one Tor proxy is interfering with ransomware payments, effectively stealing from the ransomware’s authors and victims alike. According to Proofpoint, ransomware payment webpages are being the secretly altered when viewed via the Onion.top Tor-to-web proxy in order to display a different Bitcoin address.

Ransomware such as Sigma, GlobeImposter, and LockeR have all been identified as suffering from a sneaky switcheroo of Bitcoin wallet addresses via the proxy, giving a different payment address than when the same page is viewed via the real Tor browser.

Perhaps it’s no surprise then that some ransomware is actually warning its victims not to use Onion.top.

As always, the best way to avoid the effects of ransomware is not to have your computer or smartphone infected in the first place. Be sure to follow Hot for Security’s tips for reducing the ransomware threat before you become the next victim.

HOTforSecurity: Keylogger found on thousands of WordPress-based sites, stealing every keypress as you type

A new report from researchers at Sucuri reveals that websites are once again being found infected by cryptomining code – stealing the resources of visiting computers to mine for the Monero cryptocurrency.

Many web surfers almost certainly don’t realise that the reason that their laptop’s fan is running at full blast is because the website they are viewing is tied up with the complex number-crunching necessary to earn the digital currency.

But, in a twist, this particular attack isn’t just interested in mining Monero. While the website’s front-end is digging for cryptocurrencies, the back-end is secretly hosting a keylogger designed to steal unsuspecting users’ login credentials.

With the keylogger in place, any information entered on any of the affected websites’ web forms will be surreptitiously sent to the hackers.

And yes, that includes the site’s login form.

As if that wasn’t bad enough, what is typed in the forms is sent to the hackers even before the user has clicked on the “log in” button.

 

If a hacker manages to steal the credentials of the site’s administrator they won’t need to rely upon a vulnerability to break into the site in future, they can just login without a care in the world. (And yes, that’s another reason why WordPress accounts should be defended with two-factor authentication).

As Bleeping Computer reports, there are at least 2,000 WordPress sites infected with the keylogger. This is in addition to earlier related attacks which were affecting near 5,500 WordPress sites last month.

We’ve said it before, and we’ll no doubt say it again. And again.

If your website is powered by the self-hosted edition of WordPress, it’s essential that you keep both it, and any third-party plugins, updated.

Self-hosting your WordPress site is attractive in many ways, but you have to acknowledge that security is now your responsibility (or find yourself a managed wordpress host who is prepared to take it on for you). New vulnerabilities are found in the software and its many thousands of third-party plugins all the time.

In short, if you don’t know what you’re doing, there’s a chance that your WordPress-running website has security holes which a malicious hacker could exploit. Such security weaknesses could potentially damage your brand, scam your website visitors, and help online criminals to make their fortune.



HOTforSecurity

WeLiveSecurity: Jail for man who hacked 1000 student email accounts in search for sexually explicit images

A poorly-secured password reset utility allowed a man to access more than 1,000 email accounts at a New York City-area university in a hunt for sexually explicit photographs and videos.

The post Jail for man who hacked 1000 student email accounts in search for sexually explicit images appeared first on WeLiveSecurity



WeLiveSecurity

Smashing Security #062: Tinder spying, Amazon shoplifting, and petrol pump malware

Smashing Security #062: Tinder spying, Amazon shoplifting, and petrol pump malware

Your Tinder swipes can be spied upon, Amazon is opening high street stores that don't require any staff, and Russian fuel pumps are being infected with malware in an elaborate scheme to make large amounts of money.

With Carole on a top secret special assignment, it's left to security veteran Graham Cluley to discuss all this and much much more on the "Smashing Security" podcast with special guests David McClelland and Vanja Švajcer.

Jail for man who launched DDoS attacks against Skype, Google, and Pokemon Go

A British man has been sentenced to two years in jail after admitting to a series of computer crime offences, which included over 100 attempts to knock the likes of Google, Skype and Nintendo’s popular video game Pokemon Go offline.

21-year-old Alex Bessell pleaded guilty to charges at Birmingham Crown Court that he had accessed computers without authorisation, disrupted computer operations, made and supplied malware, as well as been involved in money laundering.

Operating from his bedroom in Toxteth, Liverpool, Bessell not only had a zombie army of over 9000 hijacked computers under his control to launch distributed denial-of-service (DDoS) attacks. He also ran an underground online criminal business called Aiobuy, that earned more than US $700,000 by selling malware code to malicious hackers.

On Aiobuy, Bessell offered 9,077 products for sale, including remote access trojans, crypters (designed to hide malware from anti-virus software), botnet code. and other malicious tools. Law enforcement agencies uncovered evidence of more than 35,000 purchases through the site which had recorded over a million visitors.

DC Mark Bird of the West Midlands Regional Cybercrime Unit, which investigated the case, described Bessell’s conviction as important:

“This is one of the most significant cybercrime prosecutions we’ve seen: he was offering an online service for anyone wanting to carry out a web attack.”

“It meant anyone who had a grudge against an individual or company, or who simply wanted to conduct a cyber-attack, didn’t need the technical know-how themselves. They simply needed to pick a piece of malware, pay the fee, and Bessell would do the rest.”

When police raided Bessell’s home they discovered banking trojans on his computers, designed to steal login credentials. In addition, 750 stolen usernames and passwords were recovered from the computers’ hard drives.

Bessell, who is believed to have been involved in cybercrime since the age of 14, was said by prosecutors to have processed more than US $3 million through PayPal and anonymous cryptocurrencies, retaining a percentage for himself. And yet, until late 2017, he also held down a legitimate job as a driver for the takeaway delivery firm Deliveroo.

From the sound of things, it will be some time before Bessell enjoys the luxury of calling out for a takeaway. His unscrupulous actions helped others to commit thousands of hacking attacks against innocent internet users and businesses.

Bessell will have plenty of time to reflect on how he has screwed up his own life, and inflicted pain and hardship on others, as he tucks into his prison meals for the next couple of years.

Smashing Security #061: Fallout over Hawaii missile false alarm

Smashing Security #061: Fallout over Hawaii missile false alarm

User interfaces and poor procedures lead to pandemonium in Hawaii, hackers are attempting to trick victims into opening cryptocurrency-related email attachments, and yet more pox-ridden apps are found in Android's Google Play store.

All this and much much more is discussed in latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Hawaii’s missile alert agency keeps its password on a Post-it note

Hawaii's missile alert agency keeps its password on a Post-it note

Last Saturday the people of Hawaii received a terrifying alert about a ballistic missile heading its way. Thankfully, the alert turned out to have been sent in error by the Hawaii Emergency Management Agency.

Now evidence has come to light that some of the organisation's staff might be in the habit of sticking Post-it notes containing passwords onto their computer monitors.

Read more in my article on the Hot for Security blog.

Hawaii’s missile alert agency keeps its password on a Post-it note

Last Saturday the people of Hawaii received a terrifying alert about a ballistic missile heading its way.

Fortunately the alert was a false alarm, caused by a worker who was supposed to send an internal test, and accidentally chose the wrong menu item.

It took a full 38 minutes for the Hawaii Emergency Management Agency (HEMA) to allay fears, and send out a correction.

Serious questions have been asked about how the bogus missile alert could have been sent out, and what can be done to ensure that members of the public are more rapidly informed if more mistakes occur in the future.

My feeling is that although there was no foul play behind the false missile warning, HEMA might be wise to also look at its general approach to IT security.

As Business Insider describes, evidence has come to light that some of the organisation’s staff might be in the habit of sticking Post-it notes containing passwords onto their computer monitors.

That in itself is far from ideal, but what’s even worse is that these Post-it note passwords have been caught on camera by the media, and available for anybody to view on the internet.

A photograph, taken by Associated Press back in July 2017, shows HEMA’s operations officer in front of a bank of computer screens at its headquarters in Honolulu. But if you look past Jeffrey Wong’s colourful Hawaiian shirt, and zoom in on the computers used to monitor potential hazards, you’ll see a solitary Post-it note.

My eyesight isn’t perfect, but it looks to me like it reads:

Password: Warningpoint2

Now, there’s no suggestion that that is a password that could be used to remotely access computers at the agency, or indeed that it’s a password connected with the sending of alerts, but… it surely does say something about the state of security practices at what should be a considered a potential target for a state-sponsored attack.

Organisations who have previously accidentally revealed their passwords in front of the media’s unblinking gaze include BBC News, France’s TV5Monde (ironically in a news report about how it had been recently hacked), and the Super Bowl’s top secret security hub, amongst others.

If the media is visiting your office, it’s probably sensible to remove any passwords which could appear in the background. In fact, maybe it makes sense to remove any such visible passwords regardless of whether someone is likely to be pointing a camera around.

HOTforSecurity: Cybersecurity quiz winners rewarded with malware-infected USB sticks

It is a truth universally acknowledged in the infosecurity community, that giving away free USB sticks only leads to trouble.

On countless occasions we’ve seen businesses embarrassed as they hand out thumb drives which are not only stuffed to the brim with marketing material, but are also unwittingly hiding malware.

And yet, companies continue to put the public at risk by giving away cheap USB sticks at trade shows, with often little consideration as to what may also be lurking on the device.

In perhaps the most ironic example of “Danger USB!” yet, we hear that Taiwan’s cybercrime-fighting investigators recently handed out malware-infected USB sticks to… winners of a cybersecurity quiz.

Taiwan’s Criminal Investigation Bureau has apologised after handing out 54 infected flash drives at a data security expo hosted by the government from 11-15 December. An event which had the noble aim of raising awareness of cybercrime. Ho hum!

As local media reports, distribution of the 8GB devices was halted on the afternoon of 12 December after early winners of the quiz warned that their anti-virus software had warned them that the drives contained malware.

The Windows-based malware was designed to steal personal information from infected PCs and send it via an IP address based in Poland to parties unknown.

However, it seems unlikely that Taiwan’s computer crime-busting cops, or the event itself, were deliberately targeted by hackers. Instead, as is often the case, there is a more down-to-earth explanation for what happened – and why only 54 of the 250 giveaway USB drives are believed to contain the malware.

According to the Criminal Investigation Bureau, the infections have been traced back to a single PC at an external contractor. It seems that a random sample of the USB drives were plugged into the infected PC in order to test their storage capacity, and the malware was unwittingly transmitted to 54 of them at that time.

It’s the kind of security goof that is all-too-familiar. Readers with long memories may recall that, in 2010, IBM handed out USB sticks at the AusCERT security conference infected by not one… but two pieces of malware.

Seven years later, IBM found itself in the embarrassing position of having to admit that it had shipped malware-infected USB sticks to enterprise customers.

How can you protect yourself from unsolicited, unwanted USB sticks? Well, there’s one simple fool-proof method that guarantees your computer won’t become infected.

No prizes if you guessed correctly. Simply throw it in the rubbish bin.



HOTforSecurity

Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web.

And now, with its FREE Cyber Daily email all IT security professionals can access information about the top trending threat indicators - helping you use threat intelligence to help make better decisions quickly and easily.

Which means that you will be able to benefit from a daily update of the following:

  • Information Security Headlines: Top trending news stories.
  • Top Targeted Industries: Companies targeted by cyber attacks, grouped by their industries.
  • Top Hackers: Organizations and people recognized as hackers by Recorded Future.
  • Top Exploited Vulnerabilities: Identified vulnerabilities with language indicating malcode activity. These language indicators range from security research ("reverse engineering," "proof of concept") to malicious exploitation ("exploited in the wild," "weaponized").
  • Top Vulnerabilities: Identified vulnerabilities that generated significant amounts of event reporting, useful for general vulnerability management.

Infosec professionals agree that the Cyber Daily is an essential tool:

"I look forward to the Cyber Daily update email every morning to start my day. It's timely and exact, with a quick overview of emerging threats and vulnerabilities. For organizations looking to strengthen their security program with threat intelligence, Recorded Future’s Cyber Daily is the perfect first step that helps to prioritize security actions." - Tom Doyle, CIO at EBI Consulting.

So, what are you waiting for?

Sign up for the Cyber Daily today, and starting tomorrow you'll receive the top trending threat indicators.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

WhatsApp flaw could allow anyone to sneak into your private group chat

Let's hope that WhatsApp responds appropriately to the researchers' findings, and plugs this security hole before the threat evolves from being purely theoretical to real life.

The post WhatsApp flaw could allow anyone to sneak into your private group chat appeared first on The State of Security.

Smashing Security #060: Meltdown, Spectre, and personal devices in the White House

Smashing Security #060: Meltdown, Spectre, and personal devices in the White House

The chips are down, as tech companies struggle to protect against the Meltdown and Spectre flaws. The White House is getting tough on leakers by banning personal devices from the West Wing. And someone has been embedding a Bitcoin wallet into their hand...

All this and much much more is discussed in latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David McClelland.

Post-hack, VTech has to pay $650,000 in FTC settlement – but doesn’t have to admit any wrongdoing

Post-hack, VTech has to pay $650,000 in FTC settlement

The FTC settlement, one of the first reached with an internet-enabled toy manufacturer over security and privacy concerns, lets the firm off the hook in one key area: it doesn't require VTech to admit to any wrongdoing.

Read more in my article on the Bitdefender BOX blog.

Bogus security apps in the Google Play store stole users’ info and tracked their location

Android users would be wise to remember that just because an app appears in the official Google Play store doesn't mean that it should be considered entirely trustworthy.

The post Bogus security apps in the Google Play store stole users’ info and tracked their location appeared first on The State of Security.

Smashing Security podcast #059: An intro to Bitcoin and Blockchain

Smashing Security podcast: An intro to Bitcoin and Blockchain

In this special "splinter" episode of the "Smashing Security" podcast we take a look at Bitcoin and Blockchain. What's all the fuss about cryptocurrencies? How can you protect your Bitcoin wallet? And how does the Blockchain work?

Listen to the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Peter Ullrich of the "Explain Blockchain" podcast.

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?

All this and much much more is discussed in the special first birthday edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.