Graham Cluely

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

Graham Cluely Security Blog - 1 hour 47 min ago

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

Categories: Graham Cluely

Join me to learn more about Magecart attacks - and how to defend against them

Graham Cluely Security Blog - 11 hours 6 min ago

Attacks that can silently skim payment data as it is entered on websites have become a huge problem.

Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.

Categories: Graham Cluely

Google in hot water after not revealing it had hidden a secret microphone in home alarm product

Graham Cluely Security Blog - 11 hours 40 min ago

As if some folks weren’t concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside its Nest Secure product.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

The man suing Apple over two-factor authentication has ‘previous’

Graham Cluely Security Blog - 15 hours 25 min ago

Many have been baffled by Jay Brodsky’s legal action against Apple, including his claim that it takes between two and five minutes for him to pass the 2FA security check.

But things began to fall a little more into place when you discover it’s not the first time he has sued Apple.

Categories: Graham Cluely

Why real-time intelligence matters for managing third-party risk

Graham Cluely Security Blog - Tue, 02/19/2019 - 6:07am

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

As leading companies in every industry today are undergoing digital transformation, the lines are blurring between any one organization and its partners, suppliers, vendors, and other third parties.

In this new report, ESG examines how these business relationships can introduce new risks that need to be identified and managed “as if these third parties were part of the enterprise itself.”

Download your copy now of “Third-Party Risk: Why Real-Time Intelligence Matters”

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data.

Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Categories: Graham Cluely

450,000 usernames and passwords stolen from Coinmama cryptocurrency broker

Graham Cluely Security Blog - Tue, 02/19/2019 - 3:29am

Coinmama, a site that is supposed to “make it fast, safe and fun” to buy Bitcoins and Etherium with a credit card, has suffered a data breach that has resulted in almost half a million customers having their personal details breached.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Apple sued over death blamed on faulty iPad battery

Graham Cluely Security Blog - Mon, 02/18/2019 - 11:23am

Was iPad’s Lithium-ion battery to blame for apartment fire that killed 64-year-old man two years ago?

Categories: Graham Cluely

Apple sued because two-factor authentication… oh, I give up

Graham Cluely Security Blog - Mon, 02/18/2019 - 11:16am

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.

Categories: Graham Cluely

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluely Security Blog - Mon, 02/18/2019 - 9:05am

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.”

It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.

Download your free copy now.

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Categories: Graham Cluely

Hacker arrested for wave of fake bomb and shooting threats against schools

Graham Cluely Security Blog - Thu, 02/14/2019 - 8:34am

FBI agents have arrested a 20-year-old man alleged to have been part of a hacking gang which not only launched distributed denial-of-service (DDoS) attacks, but also launched a wave of chilling bomb and shooting threats against thousands of schools in the United States and United Kingdom.

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Electric scooters can be hijacked remotely – no password required

Graham Cluely Security Blog - Thu, 02/14/2019 - 6:47am

Security researchers have demonstrated that it’s possible to remotely hijack control of popular electric scooters, forcing them to dangerously brake suddenly or accelerate.

Read more in my article on the Bitdefender Box blog.

Categories: Graham Cluely

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Graham Cluely Security Blog - Thu, 02/14/2019 - 5:27am

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Categories: Graham Cluely

VFEmail suffers ‘catastrophic’ attack, as hacker wipes email service’s primary and backup data

Graham Cluely Security Blog - Tue, 02/12/2019 - 2:40pm

There will be many angry customers of VFEmail who will be distraught at the thought that years’ worth of irreplaceable personal and business correspondence may have been wiped out. It’s understandable that some might turn their fury towards VFEmail.

But VFEmail is a victim too.

Categories: Graham Cluely

Automatic 4K/HD for YouTube extension pulled from Chrome Store for pop-up ad abuse

Graham Cluely Security Blog - Mon, 02/11/2019 - 9:53am

A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Some OkCupid users have their accounts compromised. Why don’t more dating apps use 2FA?

Graham Cluely Security Blog - Mon, 02/11/2019 - 5:51am

It’s easy to imagine the harm that could result from a hacker reading users’ private communications on a dating app. So it’s a disgrace that more don’t offer a higher level of security to help prevent accounts from being hijacked.

Categories: Graham Cluely

Learn how Starbucks combats credential stuffing & account takeover (ATO)

Graham Cluely Security Blog - Mon, 02/11/2019 - 5:48am

Graham Cluley Security News is sponsored this week by the folks at Shape Security. Thanks to the great team there for their support!

“These are not kids in mom’s basement attacking us.”

Nearly five million people around the globe buy Starbucks coffee from their mobile app every single day. Forty percent of those purchases are paid using Starbucks’ gift card/stored value system, making the app a ripe target for account takeover (ATO).

Starbucks was one of the first enterprises to identify the growing threat of credential stuffing and mass ATO attacks. The security team tried using WAFs and CDN-provided bot solutions, but found those methods were no match for ever-evolving attackers.

Watch Shape’s discussion with Starbucks to learn how the two companies partnered to help combat ATO and hear answers to questions including:

  • How have attackers evolved at Starbucks over the past three years?
  • How can we leverage a collective defense to turn the tide on attackers?
  • How does Starbucks balance security with user friction?

Shape Security is defining a new future in which excellent cybersecurity not only stops attackers, but also reduces friction for good customers. Shape disrupts the economics of cybercrime by making it too expensive for attackers to commit online fraud, while also enabling enterprises to more easily transact with genuine customers.

The Shape platform, covered by 55 patents, stops the most dangerous application attacks enabled by bots and cybercriminal tools, including credential stuffing (account takeover), fake account creation, and unauthorized aggregation.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Categories: Graham Cluely

Botched Mumsnet update allowed users to see details of strangers’ accounts

Graham Cluely Security Blog - Sun, 02/10/2019 - 9:33am

Popular British parenting site Mumsnet apologises after software update allows users to log into strangers’ accounts.

Categories: Graham Cluely

Update your iOS devices now against the FaceTime eavesdropping bug

Graham Cluely Security Blog - Fri, 02/08/2019 - 8:02am

Apple has finally issued an updated to iOS, iOS 12.1.4, which fixes the high profile problem which allowed FaceTime callers to listen and even see you *before* you answered an incoming call.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Google Chrome extension warns if your password has been leaked

Graham Cluely Security Blog - Thu, 02/07/2019 - 7:17am

Google has released an optional extension for its Chrome browser that will trigger a visual warning if it determines you are using a username/password combination that it knows to be unsafe.

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Smashing Security #114: Darknet Diaries, death, and beauty apps

Graham Cluely Security Blog - Wed, 02/06/2019 - 7:32pm

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault.

Categories: Graham Cluely

Pages