Cybersecurity

The US Department of Justice has arrested a member of the US Air Force National Guard in connection with a high profile leak of classified Pentagon documents.

Here are my thoughts…

Everyone’s talking juice-jacking – but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn’t been hacked. And Carole hosts the “AI-a-go-go or a no-no?” quiz for Dave and Graham.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Travellers are being told to be wary when plugging their smartphones and laptops into USB chargers.

But has anyone ever actually been juice-jacked in the real world?

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

A pro-Russian blogger who raised $25,000 for drones to assist Russian troops fighting in Ukraine, has received a huge delivery of sex toys instead.

Read more in my article on the Hot for Security blog.

An Elon Musk-worshipping college principal gets schooled, and rapper Afroman turns the tables after armed police raid his house.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! Here’s an uncomfortable fact: at most companies, employees can download sensitive company data onto any device, keep it there forever, and never even know that they’re doing something wrong. Kolide’s new report, “The … Continue reading “That ticking noise is your end users’ laptops”

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “CodesToYou,” which purports to be a “full cycle software development company” based in the U.K.

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.