Cyber News & Articles

Graham Cluley Security News is sponsored this week by the folks at ManageEngine. Thanks to the great team there for their support! It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival. This year has seen some of the most severe cyber … Continue reading “Cybersecurity and compliance: The dynamic duo of 2024”

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified… in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump’s curious relationship with cryptocurrency is explored.

All this and Demi Moore is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

In episode 16 of The AI Fix, Mark and Graham meet GPT-4o1 and ask if it knows how many cousins Alice’s sister has, a top cop wants AI injected into his colleagues “like heroin”, Mark finds an AI that might actually be able to help with that, and our hosts start a conspiracy theory about an AI that stops you believing in conspiracy theories.

Graham peers into his crystal ball and discover’s Reddit’s bargain basement John Connor, and Mark is tired of waiting for the “tens of millions” of driverless cars we were promised.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information.

Read more in my article on the Hot for Security blog.

A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

Starting October 1, WordPress plugin and theme developers must enable 2FA. This move aims to boost security and help prevent supply-chain attacks from targeting millions of websites.

Read more in my article on the Tripwire State of Security blog.

It’s a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details.

Read more in my article on the Hot for Security blog.