Graham Cluley

Graham Cluley
Share

Graham Cluley

 •  October 17

Mathy Vanhoef has discovered what may be the biggest vulnerability of the year - a flaw in the WPA2 protocol used to encrypt Wi-Fi communications. In the wrong hands, an attacker could exploit the vulnerability in WPA2's handshake protocols to intercept sensitive information such as passwords. At risk-devices include those running Android, Apple,...

Graham Cluley

 •  October 12

It’s all too easy for a malicious app developer to determine a user’s Apple ID password – just by asking for it. Developer Felix Krause warns users to be on their guard against password-stealing apps that dupe users into entering their sensitive passwords by using fake login dialogs disguised as legitimate requests from the underlying iOS operating...

Graham Cluley

 •  October 11

Equifax has confirmed that a recent data breach exposed a file containing 15.2 million UK personal information records. On 10 October 2017, the National Cyber Security Centre (NCSC) confirmed the Equifax data breach disclosed in September 2017 actually compromised 15.2 million UK records. That's considerably more than 400,000, the number of...

Graham Cluley

 •  October 11

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...

Graham Cluley

 •  October 10

Browsers can use something called the Payment Request API to save users' credit card data and shipping information as they would passwords. The API in essence designates browsers as intermediaries in an online transaction. When a "payer" makes a purchase at an online store operated by a "payee" using a supported web browser like Google Chrome or...

Graham Cluley

 •  October 8

Disqus has publicly announced that its user database leaked in 2012, exposing the usernames, email addresses, sign-up dates, and last login dates of more than 17 million users. In addition, the data included crackable SHA1-hashed passwords of “about one-third” of users. Presumably many accounts registered with the popular blog-commenting service do...

Graham Cluley

 •  October 8

Many thanks to the great folks at VASCO, who have sponsored my writing for the last week. More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems. Before the internet, customers who wanted to perform a bank transaction had...

Graham Cluley

 •  October 6

Vulnerability researchers at Google have uncovered exploitable software flaws in code running on internet-connected devices that could allow a malicious hacker to run remotely any code of their choosing. The Dnsmasq network services software, popular because of its easy configuratiuon and low impact on resources, is commonly pre-installed on a wide...

Graham Cluley

 •  October 5

American fast food restaurant chain Sonic has publicly confirmed a payment card breach affecting some of its Drive-In locations. On 4 October 2017, the Oklahoma City headquarters of the chain released a statement acknowledging the incident: "Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without...

Graham Cluley

 •  October 5

A Chinese Bitcoin trading exchange has denied rumors that it suffered a hacking attack after its users lost a total of $2.5 million in Bitcoins to unknown actors. On 4 October 2017, OKex, a cryptocurrency exchange which functions as part of the Chinese Bitcoin company OKcoin, acknowledged that several of its users have experienced "abnormal logins"...