Security threats

(get it in RSS or Atom)

Guy brags about gift card tinkering at new job, gets house raided by feds

Gift cards. Image courtesy of Shutterstock

The new recruit showed off to a colleague, calling the gift-card tinkering "research". We'll see what Homeland Security thinks about it after they scour the electronics they seized from his house.

SSCC 158 - What do you mean, "Don't knit your own remote authentication?" [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Police slap warning banner ads on 'pirate' sites

Pirate warning. Image courtesy of Shutterstock

The City of London Police has started swapping out legitimate ads on websites believed to be serving up pirated content, instead plastering them with warning banner ads.

One hoax press release, one $300 million hole in mining company

One hoax press release, one $300 million hole in Australian mining company

The fake press release was pretty convincing: it was sent from a domain that riffed on the ANZ Bank name, used the bank's logo, and included the name of a PR person, along with his (NOT!) phone number. It's yet another example of how easy it is to scam people online.

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

How to break into people's homes with your mobile phone

How to break into people's homes with your mobile phone

Having a tough time breaking into your neighbor's house? Not terribly conversant with key gauges or making clay molds? Don't worry, there's an app for that!

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

Car hackers build anti-car-hacking gadget

Cars. Image courtesy of Shutterstock.

Besides yet more white-knuckled car-jacking stunts, security researchers Charlie Miller and Chris Valasek also plan to unveil at next month's Black Hat conference a prototype device meant to foil the type of hacks they've been throwing at cars.

"Rickmote" box Rickrolls Chromecast, forcibly earworms hapless victims

Image courtesy of Dan Petro, Bishop Fox IT

Never gonna give you up, Never gonna let you down, Never gonna run around and desert you.

500,000-per-day SMS spammer gets just £4,000 fine

500,000-per-day SMS spammer gets just £4,000 fine

An Indian call-centre operator has been fined by a London court for breaching Data Protection laws, but despite his operation bombarding UK cell phones with spams, his punishment amounts to little more than a slap on the wrist.

Dirty Dozen Spampionship – which country is spewing the most spam?

The World Cup may be done and dusted, but the Spampionship continues!

Where did you come in our spam-sending league tables?

Your Gmail account is fair game for cops or feds, says US judge

US judge: your Gmail account is fair game for cops or feds

A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests.

New search engine Indexeus unmasks malicious hackers

New search engine Indexeus unmasks malicious hackers

Indexeus is a database of stolen names and passwords, many doxed from the hackers who've themselves doxed others' data. Is it poetic justice, exploitation of a lucrative market, a prototype of an educational tool, or all of the above?