Graham Cluely

For eight years, hackers have been able to exploit this password-stealing flaw in Joomla

Graham Cluely Security Blog - 12 hours 58 min ago

For the last eight years a critical vulnerability has lurked within the code of the Joomla CMS which could have allowed malicious hackers to steal every user's login credentials - including those belonging to administrators.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Spammed-out emails threaten websites with DDoS attack on September 30th

Graham Cluely Security Blog - 18 hours 44 min ago

Websites are being told that they have until September 30th to pay extortionists $720 worth of Bitcoin, or else suffer a distributed denial-of-service (DDoS) attack.

Read more in my article on the We Live Security blog.

Categories: Graham Cluely

McAfee joins the anti-Kaspersky witch hunt in shitty attempt to sell a few boxes

Graham Cluely Security Blog - Thu, 09/21/2017 - 12:58pm

A witch hunt against a long-established major player in the infosecurity space should be something that brings the industry together. It's ghastly to see how McAfee is behaving.

Categories: Graham Cluely

SEC reveals hackers might have used stolen data for insider trading

Graham Cluely Security Blog - Thu, 09/21/2017 - 10:55am

The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.

David Bisson reports.

Categories: Graham Cluely

Smashing Security podcast #043: Backups - a necessary evil?

Graham Cluely Security Blog - Wed, 09/20/2017 - 7:20pm

When did you last backup your data? How and what should you backup? And where should you store them?

All is revealed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Vamarzis.

Categories: Graham Cluely

More than three dozen schools call off classes after 'cyber terrorist' threat

Graham Cluely Security Blog - Wed, 09/20/2017 - 3:03pm

More than three dozen public schools and other educational institutions canceled classes after receiving threats from a "cyber terrorist."

David Bisson reports.

Categories: Graham Cluely

Viacom cloud config goof exposed Paramount Pictures, Comedy Central, MTV, and more

Graham Cluely Security Blog - Wed, 09/20/2017 - 2:31pm

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.

David Bisson reports.

Categories: Graham Cluely

First ever crypto-mining Chrome extension discovered

Graham Cluely Security Blog - Wed, 09/20/2017 - 6:13am

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users' computers by secretly mining for virtual cash.

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Red Alert 2.0: New Android banking trojan can block and log incoming calls from banks

Graham Cluely Security Blog - Tue, 09/19/2017 - 11:36am

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information.

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Misleading headlines about Equifax's *earlier* hack

Graham Cluely Security Blog - Tue, 09/19/2017 - 7:33am

Woah! Calm down media. Equifax *did* go public about the earlier incident, and it was reported in the security press.

Categories: Graham Cluely

Heads roll, as it's revealed Equifax's IT team knew it hadn't patched web app vulnerability

Graham Cluely Security Blog - Tue, 09/19/2017 - 5:13am

Patches should have been in place, but Equifax's music-loving CSO has been unfairly vilified.

Categories: Graham Cluely

The Pirate Bay website quietly runs a cryptocurrency miner on visitors' PCs, gobbling up CPU cycles

Graham Cluely Security Blog - Mon, 09/18/2017 - 9:16am

The Pirate Bay surprised many of its users when it quietly added a JavaScript-based cryptocurrency miner to its website.

David Bisson reports.

Categories: Graham Cluely

CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor

Graham Cluely Security Blog - Mon, 09/18/2017 - 5:58am

Trusted by millions, distributed by an anti-virus company, CCleaner compromised the security of users with a malicious backdoor.

Categories: Graham Cluely

Equifax confirms up to 400,000 UK consumers at risk after data breach

Graham Cluely Security Blog - Sat, 09/16/2017 - 6:40pm

Credit reporting agency Equifax has revealed more details of just how many people are affected in the UK, as consumers are warned of the risk of phishing attacks.

Read more in my article on the We Live Security blog.

Categories: Graham Cluely

Guess what happened after VEVO told its hackers to 'f**k off'...

Graham Cluely Security Blog - Sat, 09/16/2017 - 5:33pm

A hacking gang posted 3.12 terabytes of VEVO's internal files online, after it discovered the company was being reckless with its security.

David Bisson reports.

Categories: Graham Cluely

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

Graham Cluely Security Blog - Thu, 09/14/2017 - 10:30am

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website...

Read more in my article on the Tripwire State of Security blog.

Categories: Graham Cluely

Firm offers up to $1 million for Tor zero-day exploits - but who will they sell them to?

Graham Cluely Security Blog - Thu, 09/14/2017 - 10:27am

A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser.

David Bisson reports.

Categories: Graham Cluely

Smashing Security podcast #042: Equifax, BlueBorne, and the iPhone X

Graham Cluely Security Blog - Thu, 09/14/2017 - 4:48am

Equifax's shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple's iPhone X comes with Face ID.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.

Categories: Graham Cluely

BlueBorne threatens almost every connected device with Bluetooth-based attacks

Graham Cluely Security Blog - Wed, 09/13/2017 - 9:35am

Researchers have discovered a new attack vector they've named "BlueBorne" that enables bad actors to compromise nearly every connected device via Bluetooth.

David Bisson reports.

Categories: Graham Cluely

Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!

Graham Cluely Security Blog - Wed, 09/13/2017 - 6:50am

Microsoft has once again released a batch of essential security updates for users of its software. What are you waiting for?

Read more in my article on the Hot for Security blog.

Categories: Graham Cluely

Pages