Cyber News & Articles

Three men found guilty of laundering $2.5 million in Target gift card tech support scam
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams.
Read more in my article on the Hot for Security blog.

ZeroFont trick makes users think that message has been scanned for threats
Attackers are using the “ZeroFont” technique to manipulate the preview of a message to suggest it had already been scanned for threats.
Read more in my article in the Tripwire State of Security blog.

Ransomware group demands $51 million from Johnson Controls after cyber attack
Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack.
Read more in my article on the Hot for Security blog.

Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security
Mix TikTok with facial recognition, and you’ve got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

British charities warn supporters their personal data has been breached
UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.

‘Snatch’ Ransom Group Exposes Visitor IP Addresses
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware
The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware.
Read more in my article on the Hot for Security blog.

“The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others
Graham Cluley Security News is sponsored this week by the folks at Abnormal. Thanks to the great team there for their support! AI and cybersecurity are colliding now more than ever. The positive power of AI is apparent with increased efficiency, cost savings, and more. Unfortunately, the same is true when those benefits get into … Continue reading ““The good and the bad that comes with the growth of AI” – watch this series of webinars with Abnormal, OpenAI, and others”

iOS 17 update secretly changed your privacy settings; here’s how to set them back
Many iPhone users who upgraded their iPhones to the recently-released iOS 17 will be alarmed to hear that they may have actually downgraded their security and privacy.
Read more in my article on the Hot for Security blog.

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.