Smashing Security #134: Sextortion, silicone face masks, and a DDoS doofus

June 27, 2019

Scammers steal millions by impersonating a French politician, we offer fashion tips for DDoS attackers, and hear how a small town fought a sextortionist preying on young women. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker. Hosts: Graham Cluley – @gcluleyCarole Theriault – @caroletheriault Guest: Jessica…

Read More >>

400GB of hacked files from US border surveillance contractor are available for anyone to download

June 25, 2019

You don’t have to be hacked to lose control of your sensitive data. That truth was brought home again this month when it was revealed that information gathered by the United States Customs and Border Protection (CBP), the largest federal law enforcement agency at the Department of Homeland Security, had leaked onto the internet. And how had the data leaked? The CBP wasn’t hacked. Instead, a subcontracting company working for…

Read More >>

Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software

June 21, 2019

Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices. In a support advisory published on its website, Dell reveals that the problem lies within SupportAssist, troubleshooting software bundled with the company’s home user and business PCs. Specifically, the problem lies in Dell SupportAssist which the PC manufacturer describes as…

Read More >>

645,000 people warned their personal health data at risk after phishing attack

June 19, 2019

The Oregon Department of Human Services (DHS) has started notifying more than 600,000 people that their personal details have been put at risk after staff were tricked into granting hackers access millions of emails. According to the agency, the security breach occurred on January 8, 2019 when nine employees clicked on a link in an email that purported to be an official government communication. The targeted phishing email tricked staff…

Read More >>

DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests

June 13, 2019

An attack which targeted users of the Telegram app on Wednesday might be linked to protests in Hong Kong that turned violent. That’s one of the theories in circulation, after a distributed denial-of-service (DDoS) attack disrupted legitimate access to the Telegram secure messaging app by swamping it with “garbage requests.” Pitched battles broke out in Hong Kong on Wednesday between police and protestors over proposals to allow the extradition of…

Read More >>

Smashing Security #132: CBP cyber attack, an iPhone privacy boost, and Twitter list abuse

June 13, 2019

United States Customs and Border Protection had sensitive data stolen, but the hackers didn’t have to breach its network. Apple has ambitious plans to make iPhone users safer online. And trolls are using Twitter lists to target their victims. All this and much more is discussed in the latest MULTI-AWARD-WINNING edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by…

Read More >>

BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows

June 10, 2019

I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world. For those who haven’t been following the security news over the last few weeks, BlueKeep (technically known by the unglamorous name of CVE-2019-0708) is a vulnerability in…

Read More >>

Umm.. that’s not a movies password update. That’s a downgrade

June 7, 2019

If you happen to find yourself in Michigan, and fancy going to the movies… don’t worry if you can’t remember your password for the online ticketing website. Because if you happen to visiting one of the multiplexes owned by the MJR Digital Cinemas group then they’ve made it really easy for you. In fact, they’ve not only made it really easy for you – they’ve also made it easy for…

Read More >>

Radisson Rewards may have leaked your data… again

June 6, 2019

If you’ve ever stayed at a Radisson Hotel and joined the Radisson Rewards loyalty program then your loyalty to the brand may be tested somewhat by an email they have been sending some members today. In an email, Radisson Rewards confesses that it “inadvertently sent some emails to the wrong members”. Information accidentally disclosed was apparently limited to: members’ first names the last four digits of the sixteen-digit member’s number…

Read More >>

Smashing Security named the Best Security Podcast

June 5, 2019

Carole Theriault celebrating Smashing Security’s second win for Best Security Podcast Last night security bloggers and podcasters congregated in a room above a London pub for the prestigious EU Security Blogger Awards. And, I’m delighted to say, “Smashing Security” won big! Yes, against our expectations (as the competition was tough!), the podcast I co-host with the fabulous Carole Theriault was named “Best Security Podcast” for the second year running. Thanks…

Read More >>