Skip to main content

Search

Items tagged with: cybersecurity


#Amsterdam municipality bans #Telegram on work phones over criminal use, #espionage #threat


source: https://nltimes.nl/2024/08/19/amsterdam-municipality-bans-telegram-work-phones-criminal-use-espionage-threat

Telegram is a “safe haven for hackers, cybercriminals, and drug dealers,” a spokesperson for Amsterdam’s IT alderman Alexander Scholtes told the broadcaster. The city is also concerned about possible espionage through the app, even though it no longer has official ties to #Russia. Telegram was set up in Russia, but the head office has since moved to #Dubai, and the #company is officially located in the Virgin Islands.


#news #software #messenger #crime #cybercrime #cybersecurity #security #problem #Netherlands #hack #hacker


Recent #cybersecurity incident around #CrowdStrike and #Windows #Azure shows the problem around monocultures and control over its one technology.

It is important for Europe to evaluate own dependencies and support administrations, business and citizens alike to run secure IT. For this #softwarefreedom plays an important role.


Second Factor #SMS: Worse Than Its Reputation


Source: https://www.ccc.de/en/updates/2024/2fa-sms

IdentifyMobile, a provider of 2FA-SMS, shared the sent one-time passwords in real-time on the internet. The #CCC happened to be in the right place at the right time and accessed the data. It was sufficient to guess the subdomain "idmdatastore". Besides SMS content, recipients' phone numbers, sender names, and sometimes other account information were visible.


#news #security #internet #2fa #mobile #cybersecurity #problem #password


Turgid members of parliament are excited about their imminent election, but what's that waiting for them in WhatsApp? AI healthcare horrors, and Drew Barrymore.

All this and more in the latest episode of the "Smashing Security" podcast, with me, Carole Theriault, and special guest John Hawes.

Find it in all good podcast apps, or at https://grahamcluley.com/smashing-security-podcast-367/

Thanks to this episode's sponsors - Kolide by 1Password, Kiteworks, and Vanta - for their support!

#cybersecurity #podcast


Great news! Amazon has got back to me about the £700 iPhone they failed to deliver (and wouldn't refund or replace) Bad news: what they told me...

Based on this experience, why would anyone buy anything expensive from Amazon ever again? Please share, like and comment if you agree.

Watch my #video.

#amazon #delivery #scam #jeffbezos #cybersecurity



New podcast alert! "Smashing Security" ep 361 is out now, with special guest Paul Ducklin, yours truly, and my erstwhile co-host Carole Theriault.

We discuss how your smartphone may be toast – if you use a hacked wireless charger, we take a closer look at the latest developments in the unfolding LockBit ransomware drama, and Carole dips her toe into online AI romance apps.

https://grahamcluley.com/smashing-security-podcast-361/

@smashingsecurity

#cybersecurity #podcast #malware #ransomware #privacy #romance


A former CIA officer has been sentenced to 40 years in prison for leaking classified hacking tools to Wikileaks.

"On March 7, 2017, WikiLeaks began publishing classified data from the Stolen CIA Files. Between March and November 2017, there were a total of 26 disclosures of classified data from the Stolen CIA Files that WikiLeaks denominated as Vault 7 and Vault 8 (the 'WikiLeaks Disclosures'). The WikiLeaks Disclosures were one of the largest unauthorized disclosures of classified information in the history of the US, and Joshua Adam Schulte's theft and disclosure immediately and profoundly damaged the CIA's ability to collect foreign intelligence against America's adversaries; placed CIA personnel, programs, and assets directly at risk; and cost the CIA hundreds of millions of dollars."

Joshua Schulte: Former CIA hacker sentenced to 40 years in prison

#solidstatelife #cybersecurity


Bitlocker, the disk encryption system that is built into Windows, can be broken using hardware. Hardware that is cheap and can break Bitlocker's encryption quickly. This is in spite of the Trusted Platform Module (TPM) system that is part of the machine's hardware.

#solidstatelife #cybersecurity


In ads: Our apps mind their business. Not yours.

In court: Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.

#Privacy #Security #Cybersecurity #Apple #iPhone #InfoSec #dataprivacy



Excerpt from the court document:


"Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple."

Civil Case No.: 5:22-CV-07069-EJD
Case 5:22-cv-07069-EJD Document 122 Filed 12/08/23 Page 30 of 41


#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:

*please* write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)

the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief


What's that? A brand new episode of "Smashing Security"?

Oh, go on then...

https://www.smashingsecurity.com/335

#cybersecurity #podcast


#Microsoft comes under blistering criticism for “grossly irresponsible” #security


source: https://arstechnica.com/security/2023/08/microsoft-cloud-security-blasted-for-its-culture-of-toxic-obfuscation/
Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial #fix—and only for new applications loaded in the service.

#Azure #problem #software #bug #cybersecurity #econemy #cloud #news


Going for a jog can be bad for your privacy (but even worse for your health), and Britain's consumer finance champion finds his face is being faked.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

https://grahamcluley.com/smashing-security-podcast-330-deepfake-martin-lewis-and-a-deadly-jog-in-the-park/

#cybersecurity #podcast #deepfake #martinlewis #ukraine #russia
Smashing Security 332: Deepfake Martin Lewis, and a deadly jog in the park.


There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the #MOVEit #hack causes consternation.

It's a brand new "Smashing Security" podcast, with special guest @bittner from The CyberWire!

Find it in all good podcast apps, or at https://www.smashingsecurity.com/326

#cybersecurity #podcast



"I can't trust online password managers, it's way better to have a self-hosted version like Keepass... I'm a proud user of...
... what. the. fuck. " https://www.bleepingcomputer.com/news/security/keepass-exploit-helps-retrieve-cleartext-master-password-fix-coming-soon/

#infosec #cybersecurity #passwordmanagers


You could not design a worse "private messaging" app than #Converso if you tried.

https://crnkovic.dev/testing-converso/

#CyberSecurity #privacy #Signal #WhatsApp


Umm... may we suggest you don't listen to our latest podcast episode in the workplace, in front of your children, or while you're busy driving a truck...

Smashing Security episode 320: "City Jerks, AI animals, and is the BBC hacking again?"

With @gcluley, Carole Theriault, and special guest @ThomLangford

https://www.smashingsecurity.com/320-city-jerks-ai-animals-and-is-the-bbc-hacking-again/

#cybersecurity #podcast


A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by @gcluley and Carole Theriault, joined this week by @varmazis
Find it in all good podcast apps, or at https://www.smashingsecurity.com/319

#cybersecurity #finland #strava #privacy #databreach #mentalhealth #tiktok
Ville Tapio of Vastaamo, pursued by the media...


Check out the latest "Smashing Security" podcast, where @gcluley and Carole discuss how Tesla employees are sharing videos of customers, and sinister Operation Fox Hunt scams targeting Chinese citizens in the United States.

Find the show in all good podcast apps, or at https://grahamcluley.com/smashing-security-podcast-318/

#cybersecurity #podcast #Tesla #scam #China
A more traditional fox hunt.


Did you know, it's now possible to fingerprint by HTTP/2?

On Firefox, I recommend you to disable the protocoll until we find a solution to either spoof it or break the fingerprinting method. It works even without #javascript.

The whitepaper 👉 https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-Fingerprinting-Of-HTTP2-Clients-wp.pdf

#privacy #fingerprinting #infosec #opsec #cybersecurity #http #http2 #browserleaks

Test yourself at https://browserleaks.com/http2


Join me, Carole Theriault, and our special guest The CyberWire's @bittner in the latest "Smashing Security" podcast - Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?

https://grahamcluley.com/smashing-security-podcast-317/

#cybersecurity #juicejacking #ai #chatbot #chatgpt #uber #databreach #podcast
Uber car, chatbot, USB port.


In the latest @smashingsecurity podcast the irrepresible @ThomLangford joined me and Carole Theriault, as we discussed a possible aCropalypse for Google Pixel users, house buying scams, and just why TikTok is being singled out for attack by... well, everyone.

Find "Smashing Security" in your favourite podcast app such as Apple Podcasts or Spotify, or listen at
https://www.smashingsecurity.com/314

#cybersecurity #podcast #tiktok #android #vulnerability #scam
Smashing Security episode 314: Photo cropping bombshell, TikTok debates, and real estate scams.

With a relevant - if you listen to the podcast - picture of Elizabeth Hurley pouring a lovely cup of tea for naked international man of mystery Austin Powers.


The twisted tale of the two Teslas, Bollywood movies, and a deepfake sandwich.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by me and my partner-in-pod Carole Theriault.

Warning: This #cybersecurity #podcast may contain nuts, adult themes, and rude language.

https://grahamcluley.com/smashing-security-podcast-313/
Smashing Security episode 311 - picture of man unlocking a Tesla car.


The twisted tale of the two Teslas, and a deepfake sandwich.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans @gcluley and Carole Theriault.

https://player.captivate.fm/episode/721b532f-a9d8-4b0b-86cb-91f3f5b40e14/

#cybersecurity #podcast #tesla #deepfake


This #InternationalWomensDay we're celebrating the fabulous female guests we've had on the "Smashing Security" #podcast, shattering the stereotype that only men can have a successful career in #cybersecurity.

Not forgetting my co-host through over 300 episodes, Carole Theriault!

Find all their contributions at https://www.smashingsecurity.com, or in your favourite podcast app.
Smashing Security guests Anna Brading, Carolyn Crandall, Clare Blackwood, Dalia Hamzeh, Danielle Papadakis, Dinah Davis, Helen Patton, Jenny Radcliffe, Jessica Barker, Lisa Forte, Lisa Vaas, Mari DeGrazia, Maria Varmazis, Michelle Madsen, Nina Schick, Rachael Stockton, Vanessa Pegueros, Yvonne Eskenzi, Zoe Kleinman, and Zoë Rose.


The crazy story of the Ubiquiti hack! Police keep creating encrypted messaging systems for criminals! Apple Watch accused of crying wolf!

All this - and more - in the latest episode of the award-winning "Smashing Security" podcast, with me, Carole Theriault, and special guest Mark Stockley.

Thanks to our sponsors @bitwarden, NordLayer, and SecurEnvoy for their support!

https://grahamcluley.com/smashing-security-podcast-308/

#cybersecurity #podcast #ubiquti #databreach #apple #encryption #privacy


There's been a huge increase in malicious ads on Google lately. In some cases the first 4-5 search results for certain pieces of software have all been malicious ads leading to info stealers.

More details:
https://updatedsecurity.com/topic/291-huge-increase-in-malicious-advertising-on-google/?a=1
#infosec #cybersecurity #malware


Carole’s in her sick bed, which leaves Graham in charge of the SS Smashing Security as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information.

With special guest @bjmendelson!

https://player.captivate.fm/episode/3db07726-f55a-4742-b2d5-e197ac4cb185/

#cybersecurity #podcast


AI-generated phishing attacks are becoming more convincing.

Read my article on the Tripwire blog:

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

#GPT3 #cybersecurity #phishing #businessemailcompromise
VOC robot in front of a GPT-3 logo.  You don't know what a VOC robot is?  Well, shame on you... I'll never leave you in charge of a sandminer...


The first "Smashing Security" podcast of 2023. Oxford’s dating disaster, cheap security robots, and faking a suicide...

It's not your typical #cybersecurity #podcast.

https://grahamcluley.com/smashing-security-podcast-304/
Smashing Security podcast #304.

Skyline of Oxford with a Dalek-like robot security guard trundling around...  It will make sense if you listen to the podcast.



First time I read about open-source "star" jacking on Github and the much more nefarious usage of open-source python packages to install malwares.

Interesting read: https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/

#Python #CyberSecurity #OpenSource


Beware your Roomba’s roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a cab in Dublin…

It's the last "Smashing Security" #podcast of the year!

Thanks to special guest @iainthomson for joining us for the fun. 😀

Find it in all good podcast apps, or at
https://grahamcluley.com/smashing-security-podcast-303/

#cybersecurity
Smashing Security episode 303.  A Roomba vacuum cleaner with large googly eyes that look deep into your soul...


This week on #osspodcast @kurtseifried and I chat about #stylometry

There's a tool to look at #HackerNews authors and see if their writing is similar to another user (sock puppets anyone?)

This of course leads to larger discussions about #privacy, #cybersecurity, #impersonation, and of course, #shakespeare

https://opensourcesecurity.io/2022/12/04/episode-352-stylometry-removes-anonymity/


In episode 300 🥳 of the "Smashing Security" podcast, original co-host @vanjasvajcer returns to the show...

We discuss why deleting your Twitter account may be a very bad idea, how the police unravelled the #iSpoof fraud gang, and take a trip into interplanetary file-systems.

Find "Smashing Security" in your favourite podcast app, or listen at https://www.smashingsecurity.com/300

Thanks to everyone who has listened, appeared on the show, or supported us! 🙏

#cybersecurity #twitter #ipfs #phishing #privacy
Smashing Security episode 300.  Picture of a spacesuited astronaut floating weightlessly above the Earth...


I reckon it's time for another episode of the "Smashing Security" podcast, don't you?

This week #deepfake shenanigans strike users of troubled crypto firm #FTX, the perils of charging your electric vehicle, and is Microsoft’s takeover of Activision good news for video game fanatics.

All this and much much more...

Find @smashingsecurity in your favourite #podcast app or listen to the latest episode at https://www.smashingsecurity.com/299

#cybersecurity #cryptocurrency
Smashing Security 299: EV Charging risks, FTX, and an ancient apocalypse


Content warning: birdsite, threat actors, reputation