I’m off to Dublin this week to join the galaxy of security superstars speaking at IRISSCON 2019. Find out more about the conference and see you there!
Author Archives: Graham CLULEY
Only after running out of hard disk space did firm realise hacker had stolen one million users’ details
Yet another company has been found woefully lacking when it comes to securing consumers’ data.
Read more in my article on the Tripwire State of Security blog.
Only after running out of hard disk space did firm realise hacker had stolen one million users’ details
Yet another company has been found lacking when it comes to securing its consumers’ data. Utah-based InfoTrax Systems provides back-end services to multi-level marketing companies (MLMs) such as dōTERRA, ZanGo, and LifeVantage, providing website portals where individuals can register as a distributor, sign-up new distributors, and place orders for themselves and end consumers. According to […]… Read More
The post Only after running out of hard disk space did firm realise hacker had stolen one million users’ details appeared first on The State of Security.
About the “easy to hack” EU Exit: ID Document Check app
The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”
But is this something worth losing any sleep over?
Smashing Security #154: A buttock of biometrics
The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Donation details “leak” from the Labour Party website
You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.
Unlock the power of threat intelligence with this practical guide. Get your free copy now
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.” It’s aimed at helping security professionals realize the advantages of threat […]
That “sophisticated” Labour cyber-attack – don’t panic
With a drama-filled general election campaign underway in the United Kingdom, the Labour Party says that its systems suffered a “sophisticated and large-scale cyber-attack.”
BlueKeep: What you need to know
Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.
But that may be about to change…
Read more in my article on the Tripwire State of Security blog.
BlueKeep: What you Need to Know
What is BlueKeep? BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion […]… Read More
The post BlueKeep: What you Need to Know appeared first on The State of Security.
Mac users warned that disabling all Office macros doesn’t actually disable all Office macros
It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.
Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.
Read more in my article on the Hot for Security blog.
Smashing Security #153: Cybercrime doesn’t pay (but Uber does)
The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Lisa Forte.
Nikkei worker tricked into transferring $29 million into scammer’s bank account
Nikkei, one of the largest media companies in Japan, with an empire spanning broadcasting, digital media, magazines, and newspapers such as the Financial Times, says that its US subsidiary, Nikkei America, has been scammed out of $29 million.
Read more in my article on the Hot for Security blog.
After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign
The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency miner on unpatched Windows PCs.
A guest appearance on the IT Pro podcast…
I was honoured to be invited as a guest onto the inaugural episode of the “ITPro podcast” hosted by reviews and community editor Adam Shepherd and features editor Jane McCallion.
Give it a listen.
Men who were paid $100,000 by Uber to hush-up hack plead guilty to extortion scheme
Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data.
Read more in my article on the Tripwire State of Security blog.
Untitled Goose Game security hole could have allowed hackers to wreak havoc
The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.
Read more in my article on the Hot for Security blog.
Smashing Security #152: Cats, hoodies, and rent
What’s the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Medical data is being leaked by NHS pagers, and then broadcast for the world to see…
Medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.
How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them
Imagine you’re in an abusive relationship, and things have turned violent.
You leave him, block his Facebook account, and update the name on your profile to hide your identity.
Would you expect your ex-partner to be able to see what your new name is?
Update your iPhone 5 before November 3 2019, or lose its internet access
Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.
Read more in my article on the Hot for Security blog.
See you at NISC, the National Information Security Conference, next week
I’m delighted to announce that I will be moderating NISC 2019 in Cheshire next week. It’s a great conference with some terrific cybersecurity speakers. Find out more about how you can participate too.
Japanese hotel robots can be hacked to spy on guests in their bedrooms
A Japanese hotel chain has had to update its in-room robots, after a security researcher discovered they could be easily hacked to allow anyone access to their camera and microphone.