Graham Cluely

Smashing Security #066: Passwords, pirates, and postcards

Graham Cluely Security Blog - Wed, 02/21/2018 - 7:38pm

Flight simulators packed with password-grabbing malware, Facebook fighting Russian trolls, and how vulnerability researchers fear being sued.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Dave Bittner from The CyberWire podcast.

Categories: Graham Cluely

Facebook SMS spam risks spoiling adoption of 2FA

Graham Cluely Security Blog - Tue, 02/20/2018 - 8:51am

It's hard enough getting people to turn on 2FA without sites using it to send non-security notifications.

Categories: Graham Cluely

Apple fixes 'killer text bomb' vulnerability with new update for iOS, macOS, watchOS, and tvOS

Graham Cluely Security Blog - Tue, 02/20/2018 - 8:00am

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.

Categories: Graham Cluely

'Killer text bomb' crashes iPhones, iPads, Macs, and Apple Watches

Graham Cluely Security Blog - Mon, 02/19/2018 - 9:59am

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

How a Bitcoin phishing gang made $50 million with the help of Google AdWords

Graham Cluely Security Blog - Thu, 02/15/2018 - 12:13pm

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Smashing Security #065: Cryptominomania, Poppy, and your Amazon Alexa

Graham Cluely Security Blog - Thu, 02/15/2018 - 10:06am

Cryptomining goes nuclear, YouTube for Kids gets scary, and TV ads have been given the green light to mess with your Amazon Alexa.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

Categories: Graham Cluely

Patch now! Microsoft fixes over 50 serious security flaws

Graham Cluely Security Blog - Wed, 02/14/2018 - 10:44am

This week saw the second Tuesday of the month, and everyone who is responsible for protecting Windows computers knows what that means: another bundle of security patches have been released by Microsoft.

Read more in my article on the We Live Security blog.

Categories: Graham Cluely

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

Graham Cluely Security Blog - Tue, 02/13/2018 - 12:10pm

If you don't want to disable your ad blocker, maybe you'll feel comfortable letting Salon.com run code from Coinhive which will gobble up your computer's resources to mine some Monero cryptocurrency.

Categories: Graham Cluely

Google is bringing AMP to email

Graham Cluely Security Blog - Tue, 02/13/2018 - 11:08am

We need to keep an eye on this. Making email "richer" in terms of features has always brought new security challenges.

Categories: Graham Cluely

UK government announces tool to detect and block extremist videos

Graham Cluely Security Blog - Tue, 02/13/2018 - 10:27am

A UK company has received £600,000 of taxpayer's money to develop detection software, trained with thousands of hours worth of video content posted by Islamic State.

Categories: Graham Cluely

Uh-oh. How just inserting a USB drive can pwn a Linux box

Graham Cluely Security Blog - Mon, 02/12/2018 - 8:10am

Give a USB drive a volume name like this, hand it to a friend who runs KDE Plasma on their Linux box, and they won't be your friend much longer.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

All HTTP websites to soon be marked as 'not secure' by Google Chrome

Graham Cluely Security Blog - Mon, 02/12/2018 - 6:20am

If you're still running a website that is using insecure HTTP then it's time to wake up and drink the coffee.

Because unless you take action soon, you're going to find many of your visitors are going to distrust your website.

Read more in my article on the We Live Security blog.

Categories: Graham Cluely

Government websites hijacked by cryptomining plugin

Graham Cluely Security Blog - Sun, 02/11/2018 - 7:47pm

More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant code designed to exploit the computer power of visiting PCs and mine for cryptocurrency.

Categories: Graham Cluely

Russian nuclear scientists arrested for allegedly hijacking supercomputer to mine Bitcoins

Graham Cluely Security Blog - Fri, 02/09/2018 - 3:19pm

Scientists were allegedly using one of Russia's most powerful supercomputers to mine Bitcoins.

Categories: Graham Cluely

Apple's iOS source code leak - what you need to know

Graham Cluely Security Blog - Fri, 02/09/2018 - 8:53am

Earlier this week someone anonymously published a key piece of Apple's iOS source code onto GitHub.

Something you wouldn't want to fall into the wrong hands...

Read more about what you need to know in my article on the Hot for Security blog.

Categories: Graham Cluely

12 Common Threat Intelligence Use Cases

Graham Cluely Security Blog - Thu, 02/08/2018 - 7:07am

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the last week.

Recorded Future provides the only complete threat intelligence solution powered by patented machine learning to help security teams defend against cyberattacks.

Are you using threat intelligence to its full potential?

The term “threat intelligence” is often misunderstood and with so many security options out there, organizations struggle to find the right solution to meet their needs. The Gartner "Market Guide for Security Threat Intelligence Products and Services” explains the different use cases and how to best leverage threat intelligence in your organization.

You will learn how to:

  • Identify 12 common threat intelligence use cases.
  • Align these use cases to your specific requirements.
  • Implement strategies for getting value from threat intelligence.
  • Evaluate vendors based on your business needs.

Download this report to get clarity on threat intelligence definitions and learn how to make the right decisions for your organization today.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Categories: Graham Cluely

Swisscom data breach exposes 800,000 customers

Graham Cluely Security Blog - Thu, 02/08/2018 - 6:39am

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers.

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Smashing Security #064: So just a 'teeny tiny' security issue then?

Graham Cluely Security Blog - Wed, 02/07/2018 - 7:11pm

A Namecheap vulnerability allows strangers to make subdomains for your website, Troy Hunt examines password length, and ex-Google and Facebook employees are fighting to protect kids from social media addiction.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest HaveIBeenPwned's Troy Hunt.

Categories: Graham Cluely

WordPress update stopped WordPress automatic updates from working. So update now

Graham Cluely Security Blog - Wed, 02/07/2018 - 10:39am

Automatic updates are a great thing. Just so long as they actually automatically update.

Categories: Graham Cluely

Get FREE threat intelligence on hackers and exploits with the Recorded Future Cyber Daily

Graham Cluely Security Blog - Wed, 02/07/2018 - 9:55am

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and organizing billions of data points from the Web.

And now, with its FREE Cyber Daily email all IT security professionals can access information about the top trending threat indicators - helping you use threat intelligence to help make better decisions quickly and easily.

Which means that you will be able to benefit from a daily update of the following:

  • Information Security Headlines: Top trending news stories.
  • Top Targeted Industries: Companies targeted by cyber attacks, grouped by their industries.
  • Top Hackers: Organizations and people recognized as hackers by Recorded Future.
  • Top Exploited Vulnerabilities: Identified vulnerabilities with language indicating malcode activity. These language indicators range from security research ("reverse engineering," "proof of concept") to malicious exploitation ("exploited in the wild," "weaponized").
  • Top Vulnerabilities: Identified vulnerabilities that generated significant amounts of event reporting, useful for general vulnerability management.

Infosec professionals agree that the Cyber Daily is an essential tool:

"I look forward to the Cyber Daily update email every morning to start my day. It's timely and exact, with a quick overview of emerging threats and vulnerabilities. For organizations looking to strengthen their security program with threat intelligence, Recorded Future’s Cyber Daily is the perfect first step that helps to prioritize security actions." - Tom Doyle, CIO at EBI Consulting.

So, what are you waiting for?

Sign up for the Cyber Daily today, and starting tomorrow you'll receive the top trending threat indicators.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Categories: Graham Cluely

Pages