Tuesday, August 3, 2021
Graham Cluley

Ransomware via a call centre? BazaCall means no email attachment or link required for infection

Unsuspecting users of Office 365 are being tricked by a cybercriminal gang into calling a bogus call centre, with the eventual intention of installing ransomware onto their computers. Read more in my article on the Hot for Security blog.
Graham Cluley

Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million

Ramon Olorunwa Abbas, also known as "Ray Hushpuppi," might have imagined he had it all. The self-proclaimed "Billionaire Gucci Master", flamboyantly boasted about his luxurious life of expensive cars, private jets, and designer clothes to his 2.3 million Instagram followers. But...
Graham Cluley

BlackMatter rises from the ashes of notorious cybercrime gangs to pose new ransomware threat

A new ransomware gang that calls itself BlackMatter has launched itself on the dark web, and is actively attempting to recruit criminal partners and affiliates to attack large organisations in the United States, UK, Canada, and Australia. Read more in...
Graham Cluley

Smashing Security podcast #238: Fashion captain, fraud family, and DEF CON. D’oh!

Pygmy hippopotamus bugs, DEF CON's data slip-up, and phishing fraudsters have their collars felt. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault,...
Graham Cluley

Despite all the advice, 97.7% of Twitter users have still not enabled two-factor authentication

Twitter has revealed that the vast majority of its users have ignored advice to protect their accounts with two-factor authentication (2FA) - one of the simplest ways to harden account security. Read more in my article on the Hot for...
Graham Cluley

Patch your iPhones and Macs against “actively exploited” zero-day right now

Apple has released a major security update for its devices, after finding a zero-day flaw that the company indicates has been the focus of in-the-wild attacks by hackers, and might have been used to plant malware. Read more in my...
Graham Cluley

Who us??? Kaseya says it hasn’t paid anybody for its ransomware decryption key

Kaseya hasn't paid anyone for the decryptor it managed to get its paws on last week, and is offering to customers hit by a massive ransomware attack. Which only raises the question - who did?
Graham Cluley

Average ransomware payments decline… but that’s not good news

The latest research finds that ransomware attackers are attempt to extort, on average, a smaller amount of money through their criminal activities.
Graham Cluley

No More Ransom website celebrates five years of providing free ransomware recovery tools and advice

The No More Ransom website has become one of the first ports of call for any individual or company whose computer has been hit by a ransomware attack.
Graham Cluley

Good news! I’m getting a salary increase!

It seems my boss here at “Grahamcluley” has decided that I deserve a wage increase. This is not only terrific news for my bank balance, but also terribly exciting as I never knew I even had a boss –...
Graham Cluley

Stay sharp this summer with security tips from the experts – sign up to 1Password’s Security Summer School today

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! Learn from security experts at top organizations, hear about new security and technology trends, and get quick...
Graham Cluley

Vikings hack Instagram account of SBS News in Australia

The Instagram account of SBS Australia - a group of free-to-air TV and radio stations down under - has been hacked by someone who clearly loves "Vikings".
Graham Cluley

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands

Dutch police have arrested suspected members of a notorious cybercrime gang known as "Fraud Family," following a spate of sophisticated phishing attacks that have targeted users in the Netherlands and Belgium. Read more in my article on the Hot for...
Graham Cluley

Kaseya offers universal decryptor to customers following ransomware attack

IT service firm Kaseya says that it has "obtained" a universal decryptor for customers hit by the REvil ransomware gang earlier this month. REvil had earlier offered to sell the decryptor for $70 million...
Graham Cluley

British man arrested in connection with Twitter mega-hack that posted cryptocurrency scam from celebrity accounts

Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter's history. Read more in my article on the Tripwire State of Security blog.

New Zealand budget details leaked due to website sloppiness, not hackers

Earlier this week, the New Zealand government was claiming that it had suffered a “deliberate and systematic” hacking attack that resulted in budget details ending up in the hands of its political opponents. But that’s not what had really happened…

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. Read more in my article on the Tripwire State of...

Smashing Security #130: Doctored videos, Bcc blunders, and a diva

You won’t believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware…...

Hackers stole Flipboard users’ email addresses and hashed passwords

Flipboard warns that hackers gained access to its systems and accessed hashed passwords for nine months.

Free eBook: A Business Owner’s Guide to Cybersecurity

Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
The Register

Do you have a grip on the lifecycle security of your AWS-deployed applications?

Learn how to manage the risks of cloud native environments with Aqua and AWS Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and...

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...