Author Archives: Graham CLULEY

Hundreds of thousands of cryptocurrency investors put at risk after BuyUCoin security breach

Another day, and another report that a cryptocurrency exchange has been breached by malicious hackers. Indian cryptocurrency exchange BuyUCoin says that is investigating claims that sensitive data related to hundreds of thousands of its users has been published on the dark web, where it is available for free download. Read more in my article on the Hot for Security blog.

Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack

The Conti ransomware gang has published corporate plans, contracts, spreadsheets, and personal information about staff, amongst other files stolen in a ransomware attack against the Scottish Environment Protection Agency (SEPA). Read more in my article on the Hot for Security blog.

Google Chrome wants to fix your unsafe passwords

Most security breaches are the result of one thing: sloppy password practices. Too many people make the mistake of choosing weak passwords, or reusing passwords that they have used elsewhere on the internet – making life too easy for malicious hackers trying to gain unauthorised access. So I was pleased to see Google announce that […]… Read More

The post Google Chrome wants to fix your unsafe passwords appeared first on The State of Security.

Smashing Security podcast #211: Fleeking, COVID-19 hacking, and Bitcoin balls-ups

Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming... All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Hacker Valley Studio's Ron Eddings.

Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety of […]… Read More

The post Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services appeared first on The State of Security.

Orca Security public cloud security report reveals how most large cloud breaches happen

Graham Cluley Security News is sponsored this week by the folks at Orca Security. Thanks to the great team there for their support! You’re probably familiar with the shared responsibility model. The basic idea is that public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) keep their platforms … Continue reading "Orca Security public cloud security report reveals how most large cloud breaches happen"

Smashing Security podcast #210: DC rioters ID’d, Energydots, and ransomware gets you in a pickle

Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with CrowdSec's Philippe Humeau.

Donald Trump’s presidency ended today, claims altered US State Department website

The biographies of outgoing US President Donald Trump and his Vice President Mike Pence were mysteriously changed on the official US State Department website at some point on Monday. Visitors to www.state.gov were unable to view facts about the country's top politicians, as somebody appeared to have mysteriously wiped them - only to be replace them with a solitary line detailing the end of their term.

Ransomware gangs scavenge for sensitive data by targeting top executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gang know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom. Read more in my article on the Tripwire State of Security blog.

Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope […]… Read More

The post Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives appeared first on The State of Security.

Elite security intelligence at zero cost – use Recorded Future Express!

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and … Continue reading "Elite security intelligence at zero cost – use Recorded Future Express!"

One month after ransomware attack, Metro Vancouver’s transit system still not up to speed

TransLink, Metro Vancouver’s public transportation agency, has warned its staff that hackers accessed their personal bank account details and other information. The warning came in an internal email to workers approximately one month after Translink was struck by the Egregor ransomware and passengers had their journeys disrupted. Read more in my article on the Hot for Security blog.

Business and enterprise anti-virus products put through a long-term test – which performed the best?

Many thanks to the great folks at AV-Comparatives, who have sponsored my writing for the past week. Anti-malware testing lab AV-Comparatives carries out independent intensive tests of security software, and has just published its long-term test report into the performance of business and enterprise endpoint security products, taking a close look 19 products designed to … Continue reading "Business and enterprise anti-virus products put through a long-term test – which performed the best?"