Danger USB! Journalists sent exploding flash drives
If you were sent a USB stick anonymously through the post, would you plug it into your computer?
Perhaps you'll think twice when you hear what happened to these Ecuadorian journalists.
Read more in my article on the Hot for Security...
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat.
Read more in my article...
Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts
The world has gone ChatGPT bonkers.
Which makes it an effective lure for cybercriminals who may want to break into accounts...
Smashing Security podcast #314: Photo cropping bombshell, TikTok debates, and real estate scams
It could be a case of aCropalypse now for Google Pixel users, there’s a warning for house buyers, and just why is TikTok being singled out for privacy concerns?
All this and much much more is discussed in the latest...
The hidden danger to zero trust: Excessive cloud permissions
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! What is one of the leading causes of breaches in the cloud? OMG, it’s still phishing! It’s...
aCropalypse now! Cropped and redacted images suffer privacy fail on Google Pixel smartphones
Have you ever shared a photograph where you've redacted some sensitive information?
Perhaps you've cropped out part of the image you didn't want others to see?
Well, users of Google's Pixel Android smartphone might be alarmed to learn that pictures they've...
Free decryptor released for Conti-based ransomware following data leak
Security researchers have released a new decryption tool which should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free.
Read more in my article on...
Android phones can be hacked just by someone knowing your phone number
Well, this isn’t good.
Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.
Smashing Security podcast #313: Tesla twins and deepfake dramas
The twisted tale of the two Teslas, and a deepfake sandwich.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Microsoft has another go at closing security hole exploited by Magniber ransomware
In its latest Patch Tuesday bundle of security fixes, Microsoft has patched a security flaw that was being used by the Magniber cybercrime gang to help them infect computers with ransomware.
Read more in my article on the Hot for...
Software supply chain attacks are on the rise — are you at risk?
Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! Attacks targeting the software supply chain are on the rise and splashed across the news. SolarWinds raised...
STALKER 2 hacker demands Ukrainian game developer reinstates Russian language support, or else…
A Ukrainian video game developer has revealed that a hacker has leaked development material stolen from the company's systems, and is threatening to release tens of gigabytes more if their unorthodox ransom demands are not met.
FBI reveals that more money is lost to investment fraud than ransomware and business email compromise combined
The latest annual FBI report on the state of cybercrime has shown a massive increase in the amount of money stolen through investment scams.
Read more in my article on the Hot for Security blog.
WhatsApp and UK government on collision course, as app vows not to remove end-to-end encryption
The boss of WhatsApp, the most popular messaging platform in the UK, says that it will not remove end-to-end encryption from the app to comply with requirements set out in the UK government's online safety bill.
Learn more in my...
Pirated copies of Final Cut Pro infect Macs with cryptojacking malware
Torrents on The Pirate Bay which claim to contain Final Cut Pro are instead being used to distribute malware, designed to infect your Mac with cryptojacking malware.
New Zealand budget details leaked due to website sloppiness, not hackers
Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents.
But that’s not what had really happened…
HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
Read more in my article on the Tripwire State of...
Smashing Security #130: Doctored videos, Bcc blunders, and a diva
You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...
Hackers stole Flipboard users’ email addresses and hashed passwords
Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.
Free eBook: A Business Owner’s Guide to Cybersecurity
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability.
Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
The glitch, which came to light on...
US Charges 20-Year-Old Head of Hacker Site BreachForums
The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers.
The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
Dish customers struggle with service disruptions weeks after ransomware attack
Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
CISA announced the Pre-Ransomware Notifications initiative
The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs.
The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...
