grahamcluley.com

The news that Windows users could potentially be at risk from an Internet Explorer vulnerability (even if they didn’t use Internet Explorer as their browser) was made all the more worrying by Microsoft’s seeming lack of urgency to produce a patch. Maybe Microsoft will produce a fix in due course, but in the meantime the smartypants at ACROS Security say that they have developed a micropatch that can protect against the XML eXternal Entity (XXE) attack in boobytrapped .MHT files. In a blog post, the researchers say that they have uncovered a mix of documented and undocumented security features that may have led to a confusion in Internet Explorer’s code, and resulted in the vulnerability. The third-party patch is free for personal and educational use, and covers Windows 10 version 1803 and Windows 10 version 1809.

Because a CIA operative working on the case has sent you this email, saying that he knows you’re good for a few quid and that for the knock down price of just $10,000 in Bitcoin he’ll remove our details! You may like the idea that someone else is backing up your data for you (saves you a job, right? ), but it’s not so good to hear that they have snooped through your files, and determined that your company has been cheating the taxman. The alleged hackers say they will send the incriminating information they uncovered to the authorities, lock computers, DDoS your network, and install the WannaCry ransomware for good measure. It’s easy for anybody with an internet account to send you an email claiming that they have done something, or found out some incriminating information about you.

John Villavicencio, the school’s director of student activities, was suspicious that a teensy-weensy bit of electoral fraud may have taken place and - with the help of senior student Robert Ezra Stern - discovered that the candidate whose popularity was rocketing had teamed up with a pal to rig the vote by casting fake online ballots. Villavicencio and Stern discovered that the suspicious votes had been cast en masse from the same computer, and in alphabetical order - suggesting an automated script might have been at work. The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

I’m delighted to announce that I’ll be speaking at the next RavenPack Symposium, “Big Data is the new currency”, where you can see a host of speakers discussing data privacy and how to protect against a data breach, followed by talks and case studies about how fund managers can acquire and use data to enhance investments. You can probably guess which part of the event I’ll be speaking during in my talk entitled “How to make a billion dollars through cybercrime”. Here is the blurb about my talk: The FIN7 cybercrime gang (also known as Carbanak) are responsible for stealing over one billion dollars from banks and financial institutions around the world, targeting individuals involved in SEC filings. Other speakers at the event include Glenn Greenwald, best known for his key role in the reporting of surveillance programs run by United States and British intelligence agencies, based upon documents leaked by Edward Snowden.