Smashing Security podcast #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.

US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you’re patched!

US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activities.

Read more in my article on the Hot for Security blog.

Citrix hackers may have stolen six terabytes worth of files

The FBI suspects that the hackers used a technique known as “password spraying”.

US charges Iranian hackers for SamSam ransomware attacks

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.

Read more in my article on the Tripwire State of Security blog.

Spyware abuses Telegram messaging app to target Iranian Android users

Unsuspecting Iranian users of the Telegram app, best watch out – or they could find themselves the target of Android spyware.

David Bisson reports.

Targeted malware attack spends decade sliding under the radar

Researchers have uncovered a cybercrime operation that spent close to a decade infecting targets with dozens of previously unknown malware variants.

David Bisson reports.

Iranian hackers believed to have targeted US dam

Iranian hackers are believed to have gained accessed to a flood control dam in New York State, back in 2013.

David Bisson reports.

United States blames Iran for hack of world’s largest gambling company

Iran has been blamed by a senior US intelligence official, for launching a damaging attack against the Las Vegas Sands casino corporation.

FBI warns firms of sophisticated Iranian hacker threat

The FBI has privately warned US energy and defence firms to be on the lookout for a sophisticated attack against their computer systems by sophisticated Iranian hackers.

Read more in my article on the Hot for Security blog.

Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on USA and others

Hackers posed as journalists on Facebook and other social networks, in three-year campaign to spy on United States and others.

Read my article on the Hot for Security blog for more information.

Stuxnet “badly infected” Russian nuclear plant, claims Kaspersky

Eugene Kaspersky has claimed that the Stuxnet virus – widely believed to have been built by the United States and Israel to disrupt Iran’s nuclear plans – managed to also infect the internal network of a Russian nuclear plant.

No, Iran didn’t really hack and down a foreign military spy drone

A report by the Islamic Republic News Agency has raised eyebrows, as it appeared to claim that Iranˈs Revolutionary Guard Corps had managed to hack and down a foreign spy drone.

But did it really happen?

Internet Explorer zero-day exploit found on more websites. Fingers point towards Elderwood Project

SophosLabs, has uncovered two new sites which have been hit by the recently discovered Internet Explorer zero-day vulnerability – a community seeking independence from China, and an Iranian oil firm’s website.

Stuxnet: How USA and Israel created anti-Iran virus, and then lost control of it

The Stuxnet virus was created by the USA to target an Iranian nuclear facility, but accidentally escaped into the wider world, claims the New York Times.

Flame malware – The biggest? The baddest? A little perspective

Is Flame a big malware threat?

Well, yes it is. But perhaps not in the way you think.

Flame malware – more details of targeted cyber attack in Middle East

Skywiper, Flame, Flamer – whatever you want to call it, this malware is making the headlines today.

Find out more.