Vulnerability

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.

Read more in my article on the Hot for Security blog.

Thousands of websites at risk from critical WordPress commenting plugin vulnerability

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.

If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped.

Read more in my article on the Hot for Security blog.

A free iPhone from Apple? It’s possible, but there are some catches

Who wouldn’t want the latest and greatest iPhone for free?

Well, if you’re a security researcher then you might be able to get just that…

Insecure IoT devices could be banned and destroyed if they fail to meet UK security standards

IoT devices could be banned from sale and destroyed if they fail to meet basic security standards, according to proposals put forward by the UK Government.

Read more in my article on the Bitdefender BOX blog.

Find a Playstation 4 vulnerability and earn over $50,000

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network?

You could be heading towards a sizeable sum of money, after Sony announced details of its new bug bounty program. Just be sure to play by the rules…

Read more in my article on the Tripwire State of Security blog.

Credit-card skimming malware hit websites as Coronavirus lockdown forced retailers to close high street stores

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

Your “smart” household appliance might have a short lifespan

Are you itching for an internet fridge? Hankering for a smart washing machine? Thirsting for an IoT-enabled thermostat?

Well, think twice before you make a potentially costly mistake when deciding what appliance you will be next be purchasing for your home.

Read more in my article on the Bitdefender BOX blog.

Pablo Escobar’s brother says FaceTime flaw revealed his address, sues Apple for a publicity stunt (and $2.6 billion)

As YouTubers warn the public not to buy smartphones from Escobar Inc, the notorious drug lord’s brother orchestrates a publicity stunt.

Read more in my article on the Hot for Security blog.

Mitsubishi hackers may have stolen details of prototype missile

Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric.

Now, the Japanese Defense Ministry believes the state-sponsored hackers may have been after details of a prototype missile.

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

The most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may make the biggest headlines, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.

This week, US-CERT has published its list of the “Top 10 Routinely Exploited Vulnerabilities”.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

Read more in my article on the Tripwire State of Security blog.

Ghost blogging platform suffers security breach

Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers.

A GIF image could have let hackers hijack Microsoft Teams at your firm

A critical vulnerability has been patched in the Microsoft Teams work collaboration platform after security researchers discovered a way in which hackers could compromise accounts and steal data with a seemingly harmless .GIF image.

Read more in my article on the Bitdefender Business Insights blog.

Hackers’ malicious script skimmed credit card details off Robert Dyas website

UK DIY, electricals, and houseware chain Robert Dyas has revealed that malicious code on Robert Dyas’s payment page was secretly skimming the credit card details of customers and sending them to hackers.