What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption.
Find out more about the threat in my article on the Tripwire State of Security blog.
A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.
In episode 26 of The AI Fix, an AI does surgery on pork chops, holographic Jesus wants your consent to use cookies, Mark opens the pod bay doors, our hosts discover OpenAI’s couch potato health coach, and Graham finds a robot made of drain pipes.
Graham pits Mark against an AI in a morality quiz that asks “would you kill sentient robots?”, and “are lobsters more delicious than cats?”, while a surprisingly useful answer from ChatGPT leads Mark on a quest for world peace.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals – including the leak of 1.1 million NHS employee records.
Read more in my article on the Hot for Security blog.
Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users.
Read more in my article on the Hot for Security blog.
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
A hacker calling themselves “nears” claims to have compromised the systems of multiple healthcare facilities across France, claiming to have gained access to the records of over 1.5 million people.
Read more in my article on the Tripwire State of Security blog.
In our latest episode we discuss how a woman hid under the bed after scammers told her she was under “digital arrest”, how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.