Threat Note

From Graham Cluley – Three men found guilty of laundering $2.5 million in Target gift card tech support scam

Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my…

Samir K September 29, 2023

Articles

From Graham Cluley – ZeroFont trick makes users think that message has been scanned for threats

Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire…

Samir K September 29, 2023

Articles

From Graham Cluley – Ransomware group demands $51 million from Johnson Controls after cyber attack

Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack. Read more in my…

Samir K September 28, 2023

Podcast

From Graham Cluley – Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.…

Samir K September 27, 2023

Podcast

Smashing Security – Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.All…

Samir K September 27, 2023

Breaches

From Graham Cluley – British charities warn supporters their personal data has been breached

UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following…

Samir K September 27, 2023

Research

From Cybercrime Magazine – Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

Female representation expected to reach 35 percent by 2031 – Charlie Osborne, Cybercrime Magazine Editor-at-Large London – Sep. 27, 2023 Women In Cybersecurity Report is sponsored by KnowBe4. Women held…

Samir K September 27, 2023

Articles

From Krebs on Security – ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors,…

Samir K September 27, 2023

Research

From Schneier on Security – Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers…

Samir K September 27, 2023

Articles

From Graham Cluley – Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware

The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind…

Samir K September 26, 2023

Articles

From Schneier on Security – Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal…

Samir K September 26, 2023

Webinars

From Graham Cluley – “The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others

Graham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for their support! AI and cybersecurity are colliding now more than…

Samir K September 25, 2023

Breaches

From Krebs on Security – LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by…

Samir K September 22, 2023

News

From Cybercrime Magazine – The Past, Present, and Future of Cybersecurity

Hacking in the Hamptons, Sponsored by Evolution Equity Partners – David Braue Melbourne, Australia – Sep. 22, 2023 Sometimes, it takes that little something special for the name of a…

Samir K September 22, 2023

Podcast

Smashing Security – Heated seats, car privacy, and Graham’s porn video

Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And…

Samir K September 20, 2023

From Cyber Security News – Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

From Security Week – eScan Antivirus Delivers Malware in Supply Chain Attack

From The Hacker News – Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

From Graham Cluley – FBI takes notorious RAMP ransomware forum offline

From Cyber Security News – AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems

From Cyber Security News – SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations

From The Hacker News – Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

From The Hacker News – CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

From Cyber Security News – Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail

From Dark Reading – Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation

From Cyber Security News – Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

From Security Week – eScan Antivirus Delivers Malware in Supply Chain Attack

From The Hacker News – Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

From Graham Cluley – FBI takes notorious RAMP ransomware forum offline

From Cyber Security News – AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems

From Cyber Security News – SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations

From Graham Cluley – Three men found guilty of laundering $2.5 million in Target gift card tech support scam

From Graham Cluley – ZeroFont trick makes users think that message has been scanned for threats

From Graham Cluley – Ransomware group demands $51 million from Johnson Controls after cyber attack

From Graham Cluley – Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security

Smashing Security – Another T-Mobile breach, ThemeBleed, and farewell Naked Security

From Graham Cluley – British charities warn supporters their personal data has been breached

From Cybercrime Magazine – Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

From Krebs on Security – ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

From Schneier on Security – Critical Vulnerability in libwebp Library

From Graham Cluley – Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware

From Schneier on Security – Signal Will Leave the UK Rather Than Add a Backdoor

From Krebs on Security – LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

From Cybercrime Magazine – The Past, Present, and Future of Cybersecurity

Smashing Security – Heated seats, car privacy, and Graham’s porn video

From Cyber Security News – Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys

From Security Week – eScan Antivirus Delivers Malware in Supply Chain Attack

From The Hacker News – Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

From Graham Cluley – FBI takes notorious RAMP ransomware forum offline