Thursday, July 9
Voice recordings from domestic violence alerting app exposed on the internet
Cyber Security

Voice recordings from domestic violence alerting app exposed on the internet

On the face of it, it sounded like a good idea. A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button. That was the idea behind the free Aspire News App, launched some years ago by When Georgia Smiled, a US non-profit founded by Robin McGraw and her husband US TV star “Dr Phil” to help victims of domestic violence and sexual assault. To be honest, that still sounds like a good idea to me – if the app is coded well, and if any data it collects is properly secured. But what isn’t a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Ser...
Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments
Cyber Security

Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments

An anonymous tip-off to BBC News enabled them to watch in real-time as an American medical university attempted to negotiate with the hackers who had infected its systems with ransomware.As reporter Joe Tidy describes, the University of California San Francisco (UCSF) was attacked by the notorious NetWalker ransomware on the first day of June.A ransom demand left by the gang directed the university dedicated to medical research to a payment page on the dark web, where they could find an FAQ, an offer of a “free” sample of a decrypted file (proving decryption was possible), and the ability – just like so many legitimate websites – to have a live chat with a support operator.NetWalker chat message. Source: BBC NewsOf course, negotiating the safe recovery of your encrypted files is so much mo...
Smashing Security podcast #185: Bieber fever, Roblox, and ransomware
Cyber Security

Smashing Security podcast #185: Bieber fever, Roblox, and ransomware

Industry veterans, chatting about computer security and online privacy. Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels…All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:John HawesShow notes:Sponsor: LastPassLastPass Enterprise makes password security effortless for your organization.LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure...
Websites of eight US cities poisoned by malware skimming the credit card details of residents
Cyber Security

Websites of eight US cities poisoned by malware skimming the credit card details of residents

What do they have in common? The Click2Gov online utility payment system Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.Security experts at Trend Micro report that they have identified eight cities in the USA where online payment portals have been compromised to host Magecart-style credit card skimming code.Magecart is a family of Javascript malware used to steal credit card details and personal information from unsuspecting internet users as they interact with websites – often as sensitive details are entered to make a purchase.What makes this type of attack often more serious than a conventional data breach, is that most companies do not store your full credit card details,...
How to better protect your Roblox account from hackers with two-step verification (2SV)
Cyber Security

How to better protect your Roblox account from hackers with two-step verification (2SV)

Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?First things first. Make sure that you are using a unique, hard-to-crack password for your Roblox account. That means not using a simple, easy-to-guess password, dictionary words, or passwords that you are using anywhere else online.That last point is particularly important, perhaps the biggest mistake internet users make when it comes to securing their accounts is to use the same password in multiple places. Reusing passwords across different services means that if a hacker breaches one website’s password database they can then use those passwords to see if they unlock your other online accounts.For instance, Mark Zuckerberg had his Twitter, LinkedIn, Instagram and Pinter...
Has your Roblox account been hacked to support Donald Trump?
Cyber Security

Has your Roblox account been hacked to support Donald Trump?

Bleeping Computer reports that over 2000 accounts on the Roblox gaming platform have been hacked……not to make money or steal information, but to support Donald Trump’s re-election as US President.Hacked Roblox profiles are being modified to read:“Ask your parents to vote for Trump this year! #MAGA2020.”At the same time hacked users’ avatars are being kitted out with red baseball caps, and a white t-shirt emblazoned with an eagle and the United States’s flag.Hacked Roblox profile. Source: Bleeping Computer.Unfortunately they’re not also being given face masks.Of course, the typical Roblox player is too young to vote in the US Presidential Race in November even if they were likely to be convinced by having their account hacked.Mystery surrounds who is responsible for the defaced accounts,...
Hackers hijack Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data
Cyber Security

Hackers hijack Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data

Normally the official Twitter account of Russia’s Foreign Ministry’s Crisis Management Centre does not make for the most fascinating read.Normally @MID_travel simply retweets messages from other Russian government departments or embassies, as it offers advice on how Russian citizens can remain safe abroad.But on July 2nd, the account was compromised by hackers who posted the following message:Now, I don’t speak Russian but I’m reliably informed that whoever posted the tweet is An advertisement was published, is offering a database for sale – containing details of tourist payments made during June 2020 to the Public Services Portal of the Russian Federation. Sign up to our newsletterSign up to Graham Cluley’s newsletter - "GCHQ"Security news, advice, and tips.Anyone interested in purchas...
Appearing on the Hacker Valley Studio podcast
Cyber Security

Appearing on the Hacker Valley Studio podcast

Early last month Ron Eddings and Chris Cochran were kind enough to invite me back on their podcast, “Hacker Valley Studio” – and now the episode has been published!If you want to hear us commiserate with eachother for not winning anything at the Security Blogger Awards, my legal run-ins with British security firms, and some of the secrets behind my own podcast (“Smashing Security” which I co-host with Carole Theriault each week) then you may well want to tune in.Find it in your favourite podcast app, or listen below. Your browser does not support this audio element. Hacker Valley Studio #75: Losing Graciously with Graham Cluley Thanks again to Ron and Chris for inviting me onto their show. Sign up to our newsletterSign up to Graham Cluley’s newsletter - "GCHQ"Security news, advice, an...
Ex-Yahoo employee avoids jail, despite hacking 6000 accounts, and stealing nude photos and videos
Cyber Security

Ex-Yahoo employee avoids jail, despite hacking 6000 accounts, and stealing nude photos and videos

A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women. As we previously reported, 34-year-old Reyes Daniel Ruiz, of Tracy, California, admitted last year that he had cracked account passwords and abused internal systems at Yahoo, copying stolen explicit images and videos onto a personal hard drive at his home. Amongst Ruiz’s more than 6000 victims were personal friends and work colleagues, And, having breached Yahoo email acccounts, Ruiz took advantage of the situation to also break into Dropbox, Facebook, Gmail, Hotmail, Apple iCloud, and PhotoBucket accounts – after requesting pass...
How to ensure the integrity of your encrypted drive while it’s hibernating in macOS
Cyber Security

How to ensure the integrity of your encrypted drive while it’s hibernating in macOS

Enabling full-disk encryption to keep documents secure is highly recommended. By default, macOS does not maintain integrity while hibernating. But there's a fix for that. Image: metamorworks, Getty Images/iStockphoto You value your data. You've gone to great lengths to use password managers to protect yourself by creating unique, complex passwords that are hard-to-guess. Your VPN connection is on and encrypting transmissions each time you go online--regardless of whether its downloading system updates (which you're on top of) or streaming the latest TV show of your favorite s...