Cyber News & Articles

Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024.

Read more in my article on the Tripwire State of Security blog.

There’s a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.

Plus – don’t miss our featured interview with Maya Irvine of Sysdig.

All this, and a very bad Cockney accent, in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and Carole Theriault.

In episode 14 of “The AI Fix”, Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the computer game Doom.

Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world’s best LLMs think there are two Rs in “strawberry”.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.

A former IT engineer is facing federal charges in the United States after his former employer found it had been locked out of its computer systems and received a demand for $750,000.

Read more in my article on the Hot for Security blog.

Who doesn’t fancy earning US $2.5 million?

That’s the reward that’s on offer from US authorities for information leading to the arrest and/or conviction of the man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit.

Read more in my article on the Tripwire State of Security blog.

Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.

Read more in my article on the Hot for Security blog.

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.