Security threats

(get it in RSS or Atom)

Millions of Drupal websites at risk from failure to patch

Millions of Drupal websites at risk from failure to patch

You should assume that your Drupal 7 website has been compromised if you didn't patch it within 7 hours of the release of Drupal 7.32 on 15 October 2014.

Epidemic of medical data breaches leaking our most sensitive information

Medical instruments. Image courtesy of Shutterstock

Health data is considered among the most private of information, but continues to leak out in a dazzling range of ways.

3 ways to make your Gmail account safer

Secure your Gmail account in 3 easy steps

Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes, for users of Google's Gmail.

White House networks hacked

White House. Image courtesy of Shutterstock

Attackers broke into unclassified White House computer networks in the past 2-3 weeks. It's far from surprising, one unnamed official said, given that it's a "constant battle" between the government, trying to secure its sensitive systems, and bad actors seeking to intrude on them.

The "Dirty Dozen" SPAMPIONSHIP - who's got the biggest zombie problem?

Our latest quarterly SPAMPIONSHIP charts are out, showing which countries have the most zombies, and therefore send the most spam.

Take a look, and then ask yourself, "What can I do to help?"

Simple: kill-a-zombie today!

TeamDigi7al US navy hacker sentenced to 2 years in jail

Jail. Image courtesy of Shutterstock

One of the two leaders of the cyber criminal group known as Team Digi7al was last week sentenced to two years in federal prison for his role in breaking into the computer systems of a pretty random mix of targets.

SSCC 171 - Are you SURE that "1234" is a bad password? [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat podcast for your listening pleasure...

Enjoy.

Arrests made after 'specialist malware' used in £1.6 million ATM heist

£1.6 million ATM heist spree leads to 3 arrests

"Specialist malware" allowed a gang of crooks to empty the cash machines of large amounts of money, averaging over £30,000 per machine. Now, the police have made three arrests in connection with the incidents.

3 ways to make your Outlook.com account safer

Secure your Outlook.com account in 3 easy steps

Following up on our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes for users of Microsoft's Outlook.com (formerly known as Hotmail and, for a while, Windows Live Hotmail).

Cops swap arrested women's photos in nude-photo 'game'

California cops swap arrested women's photos in nude-photo 'game'

California Highway Patrol (CHP) cops have allegedly been forwarding pics from phones belonging to women in custody to their own phones and to each other.

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.

Enjoy...

Hackers who threaten national security could face life sentences

Hackers who threaten national security could face life sentences

Where damage to human welfare or national security is deemed serious enough, the proposed amendment to the UK's Computer Misuse Act 1990 could mean life in jail for hackers, and some experts believe the changes could be used to target whistleblowers.

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Twitter invites us to say goodbye to passwords, use Digits instead

Digits

Twitter's new credentials handling scheme is called Digits, and it's hoping that mobile app developers use it to enable their users to sign in with their phone numbers as identifiers, along with one-time passwords SMSed to the phones.

How to kill a troll

How to kill a troll

A new Pew study confirms what we already know: online harassment is a widespread disease afflicting the internet. Ignoring trolls and hoping they'll go away is actually quite effective, survey respondents said.

Then again, how about fighting back, instead? Change is possible, be it enabled by troll-blocking software, societal shift that sees trolling evolve into a stigma, or, if all else fails, calling their mothers.

Google goes beyond two-step verification with new USB Security Key

Google 2SV

Google's adding support for a physical USB second factor that will first verify the login site as being a true Google website, not a fake site pretending to be Google, before it hands over a cryptographic signature.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

Is your phone line a '6-figure liability waiting to happen'?

The company telephone: A '6-figure liability waiting to happen'

Premium-rate service scams are sticking businesses - particularly small ones using local carriers - with outrageous phone bills, to the tune of $4.73 billion globally for 2013. Many businesses aren't even aware that they can be stuck paying the bill (or fighting it in court).

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.