Cyber News & Articles

A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff.

Read more in my article on the Hot for Security blog.

In episode 13 of “The AI Fix””, meat avatar Cluley learns that AI doesn’t pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird. Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody’s voice, and discover an AI that rick rolls its users.

Graham tells Mark about AI’s political ambitions and discovers what ChatGPT has in common with the reluctant ruler of the universe, while Mark introduces Graham to the Campaign to Stop Killer Robots.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

A production partner of Netflix has suffered a serious security breach which has resulted in yet-to-be-released episodes of popular shows to be leaked online.

Read more in my article on the Hot for Security blog.

Cybercriminals have succeeded in stealing the payment card information from over 110,000 animal lovers over several months after meddling with Oregon Zoo’s online ticket payment system.

Read more in my article on the Hot for Security blog.

In episode 12 of The AI Fix, Mark and Graham meet an LLM having an existential crisis, ChatGPT speaks Welsh for no reason, Graham does an impression of a water spout, Eric Schmidt shares a new and unexpected take on “do no evil”, and our hosts feel like David Attenborough as they witness herds of Waymo robotaxis honking their late-night mating calls at each other.

Our hosts discover why it’s OK to make AIs out of human brains, Mark takes Graham on an emotional roller coaster through the AI afterlife, and Graham comes last in a “who’s the best Graham on the podcast?” competition.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.

An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world’s most prolific Russian-speaking cybercriminal gangs.

The UK’s National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle “J P Morgan” since 2015, alongside parallel investigations run by the United States FBI and Secret Service.

Read more in my article on the Tripwire State of Security blog.