Threat Note

From Graham Cluley – Ransomware group demands $51 million from Johnson Controls after cyber attack

Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack. Read more in my…

Samir K September 28, 2023

Podcast

From Graham Cluley – Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.…

Samir K September 27, 2023

Podcast

Smashing Security – Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.All…

Samir K September 27, 2023

Breaches

From Graham Cluley – British charities warn supporters their personal data has been breached

UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following…

Samir K September 27, 2023

Research

From Cybercrime Magazine – Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

Female representation expected to reach 35 percent by 2031 – Charlie Osborne, Cybercrime Magazine Editor-at-Large London – Sep. 27, 2023 Women In Cybersecurity Report is sponsored by KnowBe4. Women held…

Samir K September 27, 2023

Articles

From Krebs on Security – ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors,…

Samir K September 27, 2023

Research

From Schneier on Security – Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers…

Samir K September 27, 2023

Articles

From Graham Cluley – Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware

The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind…

Samir K September 26, 2023

Articles

From Schneier on Security – Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal…

Samir K September 26, 2023

Webinars

From Graham Cluley – “The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others

Graham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for their support! AI and cybersecurity are colliding now more than…

Samir K September 25, 2023

Breaches

From Krebs on Security – LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by…

Samir K September 22, 2023

News

From Cybercrime Magazine – The Past, Present, and Future of Cybersecurity

Hacking in the Hamptons, Sponsored by Evolution Equity Partners – David Braue Melbourne, Australia – Sep. 22, 2023 Sometimes, it takes that little something special for the name of a…

Samir K September 22, 2023

Podcast

Smashing Security – Heated seats, car privacy, and Graham’s porn video

Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And…

Samir K September 20, 2023

Articles

From Krebs on Security – Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information…

Samir K September 19, 2023

Research

From Cybercrime Magazine – Software Supply Chain Attacks To Cost The World $60 Billion By 2025

Damages predicted to grow by 15 percent year-over-year through 2031 Download Report – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Oct. 3, 2023 The 2023 Software Supply Chain Attack Report is…

Samir K September 18, 2023

From Security Week – Iranian Hackers Target Defense and Government Officials in Ongoing Campaign

From Cyber Security News – TaskHound Tool – Detects Windows Scheduled Tasks Running with Elevated Privileges and Stored Credentials

From Cybercrime Magazine – Official 2026 Cybersecurity Market Report: Predictions And Statistics

From Cyber Security News – Hackers Leverages Microsoft Entra Tenant Invitations to Launch TOAD Attacks

From Cyber Security News – CISA Warns of Fortinet FortiWeb WAF Vulnerability Exploited in the Wild to Gain Admin Access

From Security Week – DoorDash Says Personal Information Stolen in Data Breach

From Security Week – 5 Plead Guilty in US to Helping North Korean IT Workers

From The Hacker News – ⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More

From Cyber Security News – EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT

From Cyber Security News – Critical RCE Vulnerabilities in AI Inference Engines Exposes Meta, Nvidia and Microsoft Frameworks

From Security Week – Iranian Hackers Target Defense and Government Officials in Ongoing Campaign

From Cyber Security News – TaskHound Tool – Detects Windows Scheduled Tasks Running with Elevated Privileges and Stored Credentials

From Cybercrime Magazine – Official 2026 Cybersecurity Market Report: Predictions And Statistics

From Cyber Security News – Hackers Leverages Microsoft Entra Tenant Invitations to Launch TOAD Attacks

From Cyber Security News – CISA Warns of Fortinet FortiWeb WAF Vulnerability Exploited in the Wild to Gain Admin Access

From Security Week – DoorDash Says Personal Information Stolen in Data Breach

From Graham Cluley – Ransomware group demands $51 million from Johnson Controls after cyber attack

From Graham Cluley – Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Smashing Security – Another T-Mobile breach, ThemeBleed, and farewell Naked Security

From Graham Cluley – British charities warn supporters their personal data has been breached

From Cybercrime Magazine – Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

From Krebs on Security – ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

From Schneier on Security – Critical Vulnerability in libwebp Library

From Graham Cluley – Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware

From Schneier on Security – Signal Will Leave the UK Rather Than Add a Backdoor

From Krebs on Security – LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

From Cybercrime Magazine – The Past, Present, and Future of Cybersecurity

Smashing Security – Heated seats, car privacy, and Graham’s porn video

From Krebs on Security – Who’s Behind the 8Base Ransomware Website?

From Cybercrime Magazine – Software Supply Chain Attacks To Cost The World $60 Billion By 2025