Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware. According to security journalist Catalin Cimpanu, who broke the story, the firm was hit by a targeted attack…

December 5, 2019
Read More >>

Smashing Security #157: A biometric knuckle duster

LastPass Enterprise makes password security effortless for your organization. LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps. But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users. Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand…

December 5, 2019
Read More >>

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

Maybe you’ve heard of HackerOne. It helps some of the world’s most famous companies and organisations run bug bounty programs – Starbucks, Goldman Sachs, Uber, Instagram, Twitter, Slack, the United States Department of Defense… the list goes on and on. Researchers find a security vulnerability in a product, service or website and HackerOne helps co-ordinate the report to the company concerned – and ultimately the person who found the bug…

December 5, 2019
Read More >>

Jail for bomb hoaxer who targeted Super Bowl, Houses of Parliament, and schools for Jewish children

The Guardian reports: Andreas Dowling’s hoaxes led to 35,000 pupils being evacuated from schools in Britain. He also unsuccessfully tried to disrupt the Super Bowl and the Houses of Parliament. Dowling, 24, taunted some schools for Jewish children by telling them that a bomb would go off at 4.20pm, a reference to Hitler’s birthday, 20 April. Dowling claimed to have planted bombs containing dynamite, sarin gas and radioactive material at…

December 3, 2019
Read More >>

Cryptocurrency exchange locks its cold wallet as CEO “goes missing”

Users of the Chinese cryptocurrency exchange IDAX must be feeling a little anxious right now. Just over a week ago, the exchange told users that withdrawals had “increased dramatically”, and that investors should “please wait patiently”. Now IDAX has officially announced that it has locked its cold wallet, suspending all deposits and withdrawals, after its CEO Lei Guorong allegedly disappeared: Following the official announcement “Announcement of IDAX withdrawal channel congestion”…

December 2, 2019
Read More >>

Customers complain after alarms go offline, as security firm hit by ransomware attack

Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection. The first reports that the company – which employs 170,000 staff worldwide, and operates a fleet of 10,000 armoured security vehicles transporting cash between banks, ATMs, and retailers – had suffered a serious security breach emerged in the early hours of Wednesday 27 November. By the afternoon the company had…

November 29, 2019
Read More >>

Sextortion with a twist of Litecoin

By now many of us are probably pretty familiar with the widespread phenomenon of sextortion email scams. Typically the emails arrive in your inbox, claiming to have secretly taken a video as you “enjoyed” an adult website. The blackmailer’s threat? To share the embarrassing video with your friends, family and colleagues unless you agree to pay a certain amount of Bitcoin into their cryptocurrency wallet. Of course, the truth is…

November 28, 2019
Read More >>

Smashing Security #156: Better safe than Sony

In this clip from a special bonus episode produced for our Patreon supporters, Graham Cluley and Carole Theriault discuss the 2014 hack of Sony Pictures – reportedly carried out by North Korea for the very oddest of reasons… Become one of our “bonus content” Patreon supporters to hear the full episode in all its glory, get early access to future episodes, occasional bonus content, and even receive stickers! Hosts: Graham…

November 27, 2019
Read More >>

Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

November 26, 2019

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts. According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets. CNBC says that amongst the…

Read More >>