Monday, September 25, 2023
Graham Cluley

Snatch ransomware – what you need to know

The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Learn more about the threat in my article for the Tripwire State of Security blog.
Graham Cluley

Donald Trump Jr’s hacked Twitter account announces his father has died

Donald Trump Jr may not have just inherited his famous father's name. He may also have inherited his bad password security.
Graham Cluley

Smashing Security podcast #340: Heated seats, car privacy, and Graham’s porn video

Do you know what data your car is collecting about you? Do you think it’s right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham...
Graham Cluley

What a mess! Clorox warns of “material impact” to its financial results following cyberattack

Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a "material impact" after hackers attacked its systems. Read more in my article on the Hot for Security blog.
Graham Cluley

The Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2. Download it now.

Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all...
Graham Cluley

Yikes! My sex video has been uploaded to YouPorn, apparently

Apparently YouPorn's AI algorithm has detected me in an uploaded sex video. All I have to do is pay hundreds of dollars worth of Bitcoin to prevent it from being published.
Graham Cluley

BLASTPASS: Government agencies told to secure iPhones against spyware attacks

CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. Read more in...
Graham Cluley

Greater Manchester Police latest force to suffer serious data breach

Uh-oh, yet another UK police force has suffered a serious data breach. After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding...
Graham Cluley

Automation is key to effective and efficient pentest reporting

Graham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! Getting high-quality, actionable pentesting reports doesn’t have to take hours. In fact, automating your processes with PlexTrac...
Graham Cluley

Car companies are collecting data on your sex life, and apparently you’re fine with that

It seems modern cars are gobbling up all kinds of data about their drivers including - astonishingly - details of their sex lives.
Graham Cluley

Smashing Security podcast #339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?

Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865. Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...) All this...
Graham Cluley

North Korean hackers targeting vulnerability researchers with zero-day attacks, Google warns

State-sponsored hackers, backed by the regime in North Korea, are believed to be using zero-day exploits to target cybersecurity researchers working in the field of vulnerability research and development. Read more in my article on the Hot for Security blog.
Graham Cluley

Thousands of dollars stolen from Texas ATMs using Raspberry Pi

A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. Read more in my article on the Tripwire State of Security blog.
Graham Cluley

Smashing Security podcast #338: Catfishing services, bad sports, and another cockup

AI news is bad news, an online service to catch your cheating partner, and an IoT-enabled dick cage fails to keep a grip on its own security. All this and much much more is discussed in the latest edition of...

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
Infosecurity Magazine

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...