Author Archives: Graham CLULEY

Fake Instagram follower services slapped with lawsuit

Facebook has filed federal lawsuits against four individuals who it claims have been selling fake Instagram followers. Read more in my article on the Hot for Security blog.

Donald Trump’s Twitter password is “maga2020!”, and there’s no 2FA, claims hacker

According to Dutch ethical hacker Victor Gevers, as recently as last week the US President's @realDonaldTrump account was protected by the incredibly-dumb password "maga2020!" and did not have two-factor authentication (2FA) enabled.

Fort Bragg fails to keep a firm grip on its Twitter account, as it blames hacker for saucy tweets

The Twitter account of the Fort Bragg US military base was deleted last night, after what it claimed was a hack. But whether it really was hacked or not is up for debate.

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to […]… Read More

The post Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered appeared first on The State of Security.

Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware

European IT services group Sopra Steria has been hit by a cyber attack. Which would be unfortunate for any business at the best of times, but is possibly even more galling for a firm like Sopra Steria which has a specialist cybersecurity branch which claims to help customers “protect sensitive information, and prevent costly data breaches.”

Smashing Security podcast #201: Robin Hood, Flippy, and the web ad bubble

The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Tim Hwang.

The Recorded Future Express browser extension – elite security intelligence for zero cost

Many thanks to the fab folks at Recorded Future, who are sponsoring my writing this week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and … Continue reading

Albion Online gamers told to change passwords following forum hack

Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database. Read more in my article on the Hot for Security blog.

Google reveals the most powerful DDoS attack in history… albeit three years late

At the end of last week, Google slipped out a blog post that probably went under the radars of some folks. In it, they revealed that they had mitigated against the largest known distributed denial-of-service (DDoS) attack, when its infrastructure blocked a whopping 2.5 Tbps (Terabits per second) attack.

Hackney Council can’t pay housing benefit after cyber attack

The trials and tribulations of London's Hackney Council continue after it suffered a "serious cyber attack" last week. The real-life victims of a cyber attack are the thousands of innocent residents, some of whom may desperately need money in their pocket to pay their rent, living in fear of eviction and homelessness.

Celebrating 200 episodes of the “Smashing Security” podcast

Carole and I have been producing a light-hearted look at the world of cybersecurity and privacy just about every week since December 2016. And this week, after millions of downloads, we released our 200th episode! We wanted to celebrate reaching that milestone, and thank the many many people who listen each week, by doing something special... and so last night we met up on YouTube for a livestream party.

Having saved credit card details in plaintext since 2015, British Airways is fined £20 million

British Airways has been fined £20 million (US $26 million) following a data breach which saw its systems hacked and the personal and payment card information of 400,000 customers stolen. Read more in my article on the Hot for Security blog.

Beware COVID-19 charity fraudsters, warns the FBI

From the as-if-you-didn’t-have-enough-to-worry-about-in-2020 department, the FBI has warned that scammers are attempting to defraud the public by exploiting the COVID-19 pandemic. Read more in my article on the Hot for Security blog.

Barnes & Noble warns customers it has been hacked, customer data may have been accessed

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October […]… Read More

The post Barnes & Noble warns customers it has been hacked, customer data may have been accessed appeared first on The State of Security.

Elite security intelligence for zero cost. Meet the Recorded Future Express browser extension

Many thanks to the great folks at Recorded Future, who are sponsoring my writing this week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and … Continue reading

Smashing Security podcast #200: Two flipping hundred

We're in celebratory mood as we celebrate our 200th episode, but there's still time to discuss Fatima the ballerina who the UK government wants to become a cybersecurity expert, why women are quitting the tech industry, and a smartwatch which might be putting your kids at risk. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Hackney Council’s cyber attack update is more interesting for what it doesn’t say than what it does

Hackney Council in London is keeping surprisingly schtum about what is actually going on behind-the-scenes of its "serious cyber attack".

Hackney hacked. Council hit by “serious cyber attack”, data breached

Hackney Council says it has suffered a "serious cyber attack," which has impacted many of its IT systems and services. The London borough council has informed UK regulators that data has been breached as a result of the attack, but it's not known if ransomware is to blame.

Home security cams hacked in Singapore, and stolen footage sold on adult websites

Video clips stolen from more than 50,000 hacked cameras have been uploaded to pornographic websites, and X-rated footage sold to people prepared to pay a subscription fee of US $150. Read more in my article on the Bitdefender BOX blog.

Android ransomware learns new tricks to lock devices

Microsoft security experts claim to have uncovered the latest trick being used by Android ransomware, subverting the operating system's built-in protection mechanisms to lock devices and hold them to ransom.

Taking a screwdriver to unlock your IoT sex toy is nuts

The Bluetooth Qiui Cellmate attaches itself to a man's penis, allowing a remote partner to lock up your proverbials if they think you don't deserve to use them for a while. And with no umm.. manual over-ride, you could find your pickle in a right pickle if an unauthorised third-party exploits the flaws to lock the cage without your permission. Built from a mixture of polycarbonate and toughened steel, removal is non-trivial and might involve taking an angle grinder or bolt cutters to a delicate part of your anatomy. That's not when you want to find out that there is a security flaw in the sex toy's API that means anyone can hijack your cock lock.

Twitter closing my account for copyright violation? No, it’s a phishing attack

I received a direct message (DM) on Twitter, bearing some worrying news. Apparently my @gcluley Twitter account is in danger of being permanently deleted due to copyright violation. Crikey!

Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness

The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has – understandably – made headlines around the world. And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status. It’s […]… Read More

The post Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness appeared first on The State of Security.

Smashing Security podcast #199: A few tech cock-ups, and one cock lock-up

An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.

Recorded Future Express gives you elite security intelligence at zero cost

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and … Continue reading

John McAfee arrested on US tax evasion charges

Anti-virus veteran John McAfee has been arrested in Spain on US tax evasion charges. According to the US Department of Justice, McAfee is charged with failing to file tax returns despite making millions of dollars promoting cryptocurrencies.

See me keynote at the (ISC)² Security Congress in November 2020

Graham Cluley will be delivering a keynote address at (ISC)²'s tenth annual Security Congress. And the entire event is virtual - so there's no excuse not to show up!

UK loses 16,000 COVID-19 cases due to Excel spreadsheet snafu

Some 16,000 Coronavirus cases in the UK went missing after the Excel spreadsheet they were being recorded in reached its maximum limit, and did not allow the automated process to add any more names.

Google warns of security holes in other vendors’ Android phones

Google has announced it will be publicising security issues it finds in third-party Android devices, in the hope that they will be fixed more quickly.

Grindr security hole made it easy to hijack accounts

Gay dating app Grindr had a serious security vulnerability that could have allowed anyone to hijack control of a Grindr user's account. All you would need to seize control of a user's account would be their email address.

M	T	W	T	F	S	S
« Sep
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

A Box in Space

Contents from some of my favorite Websites