Cyber News & Articles
US offers $10 million bounty for members of Iranian hacking gang
A US $10 million reward is being offered to anyone who has information about four members of an Iranian hacking group.
The US government’s Rewards for Justice initiative is making the reward available for information about four men believed to be members of Shahid Hemmat, a hacking gang backed by Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
Read more in my article on the Hot for Security blog.
NotLockBit: ransomware discovery serves as wake-up call for Mac users
Historically, Mac users haven’t had to worry about malware as much as their Windows-using cousins.
But that doesn’t mean that Mac users should be complacent. And the recent discovery of a new malware strain emphasises that the threat – even if much smaller than on Windows – remains real.
Read more in my article on the Tripwire State of Security blog.
Smashing Security podcast #390: When security firms get hacked, and your new North Korean remote worker
The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired… but what’s their plan?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.
AI chatbots can be tricked by hackers into helping them steal your private data
Security researchers have uncovered a new flaw in some AI chatbots that could have allowed hackers to steal personal information from users.
The flaw, which has been named “Imprompter”, which uses a clever trick to hide malicious instructions within seemingly-random text.
Read more in my article on the Hot for Security blog.
The AI Fix #21: Virtual Trump, barking mad AI, and a robot dog with a flamethrower
In episode 21 of “The AI Fix””, Mark and Graham comfort themselves with a limbless AI pet as they learn about a terrifying robot dog with a flamethrower, fission-powered data centres, AI suicide pods, and a multi-limbed robot with a passion for classical music.
Graham finds out what happens if you sellotape an Alexa to a Chihuahua, and Mark asks AI Trump and AI Harris how many Rs there are in “strawberry”.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.
A glimmer of good news on the ransomware front, as encryption rates plummet
No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom.
And boy do we need some good news – amid reports that 389 US-based healthcare institutions were hit by ransomware last year – more than one every single day.
Read more in my article on the Tripwire State of Security blog.
Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.