News

The inside story of the Maersk NotPetya ransomware attack, from someone who was there

Gavin Ashton was an IT security guy working at Maersk at the time of it was hit hard by the NotPetya ransomware. Now he’s written an article about his experiences, and shares advice for others.

Smashing Security podcast #184: Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy

A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades’ worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by the BBC’s Zoe Kleinman.

DDoSecrets thrown off Twitter after distributing 269GB BlueLeaks data dump

The activist group Distributed Denial of Secrets, perhaps better known by their shorter but clumsy moniker DDoSecrets, has been permanently banned from Twitter.

Read more in my article on the Hot for Security blog.

HEY pulls feature which could expose email threads without participants’ knowledge

HEY, a new service which aims to revolutionise users’ inboxes, admits it made a mistake which could have made it too easy for private messages to be exposed.

Pubs and restaurants left guessing after being told to collect customer data as lockdown eases

In just ten days, the UK Government says English pubs, restaurants, and cafes can open again for business.

However, they are told that they should collect contact information about every customer and visitor to their premises. But what they’re not told is how they should do this in a way that protects people’s security and privacy.

Stalker Online hacked! Over one million gamers’ passwords made available for download

More than one million players of the video game Stalker Online have been put at risk after hackers offered them for sale on the darknet.

Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Read more in my article on the Hot for Security blog.

Aussie surfer’s hacked Instagram sent sexually explicit images to her 40,000 followers

18-year-old Blaze Angel Roberts is a talented surfer with 40,000 Instagram followers.

Unfortunately, her popularity also seems to have drawn the unwanted attention of hackers, who successfully tricked her into clicking on a phishing link, and handing over the password to her email account.

Copied master key forces South African bank to replace 12 million cards

Fraudsters stole more than $3.2 million from the banking division of South Africa’s post office, after – in a catastrophic breach of security – employees printed out the bank’s master key.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #183: MAMILs, gameshows, and a surprise from eBay

A TV gameshow with cash prizes if you’re obeying Coronavirus lockdown rules, ex-Ebay staff charged in crazy cyberstalking case, and when the wrong cyclist was accused by the internet bearing pitchforks.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

New Mac malware spreads disguised as Flash Player installer via Google search results

Apple Mac users are warned of a new in-the-wild malware threat which masquerades as an installer for Adobe Flash Player.

NHS Test & Trace sends text to wrong person, telling them they tested negative for Coronavirus

A former MP warns that she received a message intended for someone else, with the results of their Coronavirus test.

Credit-card skimming malware hit websites as Coronavirus lockdown forced retailers to close high street stores

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

“Rebooting” – a video chat with Lisa Forte

Lisa Forte interviews me about how someone once turned me into a computer virus, some of the ethical issues that come out of blogging about security, and what you say when hackers contact you asking for help in blackmailing their victims.

Despite resolution not to give in to hackers’ ransom demands, some cities are still paying up after attacks

The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware.

And they’re not the only US city finding themselves dealing with the aftermath of a ransomware outbreak this week…

Read more in my article on the Hot for Security blog.

Suspicious wife fails to get good password advice from The Guardian

The Guardian offers relationship advice over an unwise password choice, but fails to give any good password advice.