News & Updates

Jetpack. an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012.

Read more in my article on the Tripwire State of Security blog.

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

height=”315″ class=”aligncenter size-full wp-image-292324″ />

ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for “a website that moves you”?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Plus don’t miss our featured interview with David Ahn of Centripetal.

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Scandinavian Airlines (SAS) has received a US $3 million ransom demand following a prolonged campaign of distributed denial-of-service (DDoS) attacks against its online services.

Read more in my article on the Hot for Security blog.

The BBC reports that the Venezuelan government is paying people to tweet in support of it, in an attempt to drown out the noise of its critics.

I know this will come as a shock to many of you, but scammers have once again succeeded in stealing a lot of money from cryptocurrency investors.

Read more in my article on the Hot for Security blog.

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.

Graham Cluley Security News is sponsored this week by the folks at PureDome. Thanks to the great team there for their support! PureDome offers a secure, quick, reliable solution that enhances and safeguards business network security. With seamless deployment, you can effortlessly expand your corporate network without sacrificing performance. By consolidating critical aspects of user … Continue reading “Protect your business network with PureDome”

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.