Category: data breach

Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure

Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions…

September 6, 2025
Sweden scrambles after ransomware attack puts sensitive worker data at risk

Sweden scrambles after ransomware attack puts sensitive worker data at risk Municipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

August 30, 2025
TransUnion Hack Exposes 4M+ Customers Personal Information

TransUnion Hack Exposes 4M+ Customers Personal Information TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a…

August 29, 2025
Cephalus ransomware: What you need to know

Cephalus ransomware: What you need to know Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Read more about it in my article on the Fortra blog. Graham Cluley Go to grahamcluley

August 28, 2025
Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances

Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift third-party application. The threat actor, designated as UNC6395, systematically harvested credentials and sensitive data between August 8-18,…

August 27, 2025
Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine

Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine A critical security vulnerability has been discovered in Microsoft’s VS Code Remote-SSH extension that allows attackers to execute malicious code on developers’ local machines through compromised remote servers. Security researchers have demonstrated how this attack, dubbed “Vibe Hacking,” exploits the inherent trust…

August 21, 2025
HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM

HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform. The company emphasized that the…

August 18, 2025
Threat Actor Allegedly Claiming Access to 15.8 Million PayPal Email and Passwords in Plaintext

Threat Actor Allegedly Claiming Access to 15.8 Million PayPal Email and Passwords in Plaintext A threat actor operating under the alias “Chucky_BF” has posted a concerning advertisement on a well-known cybercrime forum, claiming to possess and sell a “Global PayPal Credential Dump 2025” containing over 15.8 million email and plaintext password pairs. The dataset, measuring…

August 18, 2025
Google Confirms Data Breach – Notifying Users Affected By the Cyberattack

Google Confirms Data Breach – Notifying Users Affected By the Cyberattack Tech giant Google has officially acknowledged a significant data breach affecting its corporate Salesforce database, with the company completing email notifications to affected users as of August 8, 2025. Google revealed on August 5 that one of its corporate Salesforce instances was compromised in…

August 10, 2025
TeaOnHer copies everything from Tea – including the data breaches

TeaOnHer copies everything from Tea – including the data breaches TeaOnHer hasn’t stopped at copying the functionality of the original Tea app (albeit skewed towards men rating women). It also appears to have carelessly mimicked the Tea dating advice app’s recklessness when it comes to data security. Read more in my article on the Hot…

August 9, 2025
Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds

Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds Threat actors successfully compromised corporate systems within just five minutes using a combination of social engineering tactics and rapid PowerShell execution. The incident, investigated by NCC Group’s Digital Forensics and Incident Response (DFIR) team, demonstrates how cybercriminals are weaponizing trusted business applications to…

August 7, 2025
Hospital fined after patient data found in street food wrappers

Hospital fined after patient data found in street food wrappers A hospital in Thailand has been fined after patient’s printed records were recycled as snack bags to hold crispy crepes. Graham Cluley Go to grahamcluley

August 7, 2025
Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine

Ukraine claims to have hacked secrets from Russia’s newest nuclear submarine Ukraine’s Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky.” Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

August 7, 2025
Ransomware plunges insurance company into bankruptcy

Ransomware plunges insurance company into bankruptcy Collapsed company’s founder says that its fortunes were hampered by the refusal of authorities to release the criminals’ seized funds to victims. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley

August 7, 2025
Fashion Giant Chanel Hacked in Wave of Salesforce Attacks

Fashion Giant Chanel Hacked in Wave of Salesforce Attacks French luxury fashion house Chanel has become the latest victim in a sophisticated cybercrime campaign targeting major corporations through their Salesforce customer relationship management systems. The company confirmed on July 25, 2025, that unauthorized threat actors had breached a database containing personal information of U.S. customers…

August 5, 2025
Smashing Security podcast #428: Red flags, leaked chats, and a final farewell

Smashing Security podcast #428: Red flags, leaked chats, and a final farewell The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole…

July 31, 2025
Allianz Life hit by hackers, customer and staff personal data stolen

Allianz Life hit by hackers, customer and staff personal data stolen The US insurance giant has admitted that hackers stole personal info of the “majority” of its customers and staff earlier this month. Graham Cluley Go to grahamcluley

July 29, 2025
French submarine secrets surface after cyber attack

French submarine secrets surface after cyber attack European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

July 29, 2025
Tea Dating Advice app spills sensitive data

Tea Dating Advice app spills sensitive data A woman’s dating app designed to enhance safety and vet potential dating partners has itself suffered a serious security breach. Graham Cluley Go to grahamcluley

July 29, 2025
Allianz Life Insurance Data Breach – 1.4 Million Customers Data at Risk

Allianz Life Insurance Data Breach – 1.4 Million Customers Data at Risk Major U.S. insurance provider Allianz Life Insurance Company confirmed on Saturday that hackers compromised the personal information of the “majority” of its 1.4 million customers following a sophisticated cyberattack on July 16, 2025. The breach, disclosed in a mandatory filing with Maine’s attorney…

July 27, 2025
Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack

Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients. The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses,…

July 22, 2025
Paddy Power and BetFair have suffered a data breach

Paddy Power and BetFair have suffered a data breach Paddy Power and BetFair have warned customers that “an unauthorised third party” gained access to “limited betting account information” relating to up to 800,000 of their customers. Graham Cluley Go to grahamcluley

July 12, 2025
Best SOC 2 Type 2 Certified Complaint Solutions – 2025

Best SOC 2 Type 2 Certified Complaint Solutions – 2025 In today’s digital-first business landscape, SOC 2 Type 2 compliance is no longer optional for organizations handling sensitive customer data. As cyber threats escalate and regulatory scrutiny intensifies, demonstrating robust security controls and continuous monitoring is essential for trust, growth, and competitive advantage. This comprehensive…

July 10, 2025
Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin

Catwatchful stalkerware app spills secrets of 62,000 users – including its own admin Another scummy stalkerware app has spilled its guts, revealing the details of its 62,000 users – and data from thousands of victims’ infected devices. Graham Cluley Go to grahamcluley

July 5, 2025
Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix

Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix The Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information stolen from its systems and leaked onto the dark web. Read more in my article on the Fortra blog. Graham Cluley Go…

July 3, 2025
BreachForums broken up? French police arrest five members of notorious cybercrime site

BreachForums broken up? French police arrest five members of notorious cybercrime site Suspected high-ranking members of one of the world’s largest online marketplaces for leaked data have been arrested by French police. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

June 29, 2025
Marks & Spencer ransomware attack was good news for other retailers

Marks & Spencer ransomware attack was good news for other retailers When Marks & Spencer paused online orders after it was hit by ransomware, it was bad news for them… but GOOD news for other big online retailers. Fashion rivals like Next, John Lewis, and Zara saw a nice little bump while M&S sales floundered.…

June 25, 2025
Krispy Kreme hack exposed sensitive data of over 160,000 people

Krispy Kreme hack exposed sensitive data of over 160,000 people Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. Read more in my article…

June 21, 2025
Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers

Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers A new report has uncovered a staggering 16 billion login credentials from major platforms, including Apple, Facebook, Google, GitHub, Telegram, and government services. The massive leak, discovered through 30 separate datasets, represents an unprecedented threat to global cybersecurity and digital…

June 20, 2025
Smashing Security podcast #422: The curious case of the code copier

Smashing Security podcast #422: The curious case of the code copier A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment,…

June 19, 2025
Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen

Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen A threat actor named “hensi” has reportedly claimed unauthorized access to Scania Financial Services’ insurance[.]scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. While these claims remain unconfirmed by official sources, the incident highlights ongoing vulnerabilities in corporate digital infrastructure and…

June 18, 2025
Bert ransomware: what you need to know

Bert ransomware: what you need to know Bert is a recently-discovered strain of ransomware that encrypts victims’ files and demands a payment for the decryption key. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley

June 14, 2025
South African man imprisoned after ransom demand against his former employer

South African man imprisoned after ransom demand against his former employer Lucky Erasmus and a company insider installed software without authorisation on Ecentric’s systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers’ passwords. Read more in my article on the Hot for Security blog. Graham…

June 14, 2025
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers

Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the “Smashing Security” podcast obviously. Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force…

June 12, 2025
Marks & Spencer’s ransomware nightmare – more details emerge

Marks & Spencer’s ransomware nightmare – more details emerge Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to…

June 7, 2025
Interlock ransomware: what you need to know

Interlock ransomware: what you need to know “We don’t just want payment; we want accountability.” The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn more about what you need to know about Interlock in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

May 31, 2025
Adidas customers’ personal information at risk after data breach

Adidas customers’ personal information at risk after data breach Lovers of Adidas clothes would be wise to be on their guard against phishing attacks, after the German sportswear giant revealed that a cyber attack had exposed the personal information of customers. Read more in my article on the Hot for Security blog. Graham Cluley Go…

May 28, 2025
3AM ransomware attack poses as a call from IT support to compromise networks

3AM ransomware attack poses as a call from IT support to compromise networks Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. Find out how they do it in my article on the Tripwire State of Security blog.…

May 24, 2025
Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks

Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked her daughter’s account –…

May 22, 2025
Prescription for disaster: Sensitive patient data leaked in Ascension breach

Prescription for disaster: Sensitive patient data leaked in Ascension breach Ascension, one of the largest private healthcare companies in the United States, has confirmed that the personal data of some 437,329 patients has been exposed following an attack by cybercriminals. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley

May 17, 2025
Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump

Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump GlobalX Airlines, a charter airline being used by the US government for deportation flights, has been attacked by hacktivists who have made off with what they claim are detailed flight records and passenger manifests. Read more in my article…

May 10, 2025
LockBit ransomware gang breached, secrets exposed

LockBit ransomware gang breached, secrets exposed Oh dear, what a shame, never mind. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

May 10, 2025
NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked The UK’s National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts. Read more…

May 9, 2025
TeleMessage, the Signal clone used by US government officials, suffers hack

TeleMessage, the Signal clone used by US government officials, suffers hack TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of “an abundance of caution” after a hacker reportedly gained access to US government communications. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

May 8, 2025
Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams

Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams He’s not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and…

May 1, 2025
21 million employee screenshots leaked in bossware breach blunder

21 million employee screenshots leaked in bossware breach blunder If you thought only your boss was peeking at your work screen, think again. Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required.…

April 30, 2025
Insurance firm Lemonade warns of breach of thousands of driving license numbers

Insurance firm Lemonade warns of breach of thousands of driving license numbers A data breach at insurance firm Lemonade left the details of thousands of drivers’ licenses exposed for 17 months. According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that…

April 17, 2025
RansomHouse ransomware: what you need to know

RansomHouse ransomware: what you need to know RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley

April 16, 2025
Medusa ransomware gang claims to have hacked NASCAR

Medusa ransomware gang claims to have hacked NASCAR The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States’ National Association for Stock Car Auto Racing, and made off with more than 1TB of data. Read more in my article on the Hot for Security blog. Graham Cluley Go to…

April 15, 2025
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors

King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts which have netted hundreds of thousands of dollars. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

April 8, 2025
£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack

£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack A UK firm has been hit by a £3.07 million fine after being hit by a ransomware attack that exposed sensitive data related to almost 80,000 people, and disrupted NHS services. Read more in my article on the Exponential-e…

April 1, 2025
Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand

Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps? Find out about this, and more, in the latest edition of the “Smashing Security” podcast…

March 13, 2025
US charges two Russian men in connection with Phobos ransomware operation

US charges two Russian men in connection with Phobos ransomware operation Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. Read more in my article on the Hot for Security blog. Graham Cluley Go…

February 15, 2025
US woman faces years in federal prison for running laptop farm for N Korean IT workers

US woman faces years in federal prison for running laptop farm for N Korean IT workers Christian Marie Chapman, of Litchfield Park, Arizona, helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. Read more in my article on the Hot for…

February 14, 2025
Smashing Security podcast #404: Podcast not found

Smashing Security podcast #404: Podcast not found The story of how hackers managed to compromise the US Government’s official SEC Twitter account to boost the price of Bitcoins, AI isn’t helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware? All this and more is discussed in the latest…

February 13, 2025
Secret Taliban records published online after hackers breach computer systems

Secret Taliban records published online after hackers breach computer systems The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online. Read more in my article on the Hot for Security blog. Graham Cluley Go…

February 10, 2025
Data breaches at UK law firms are on the rise, research reveals

Data breaches at UK law firms are on the rise, research reveals British legal professionals have seen a “significant surge” in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector. Read more in my article on the Tripwire State of Security blog. Graham…

February 8, 2025
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR…

February 6, 2025
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks

Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. But might it stifle journalism and free speech? Read more in my article on the…

January 25, 2025
Half a million hotel guests at risk after hackers accessed sensitive data

Half a million hotel guests at risk after hackers accessed sensitive data The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world’s best known hotel brands. Read more in my article on the Hot for Security…

January 23, 2025
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT

Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk…

January 17, 2025
Space Bears ransomware: what you need to know

Space Bears ransomware: what you need to know The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

January 10, 2025
United Nations aviation agency hacked, recruitment database plundered

United Nations aviation agency hacked, recruitment database plundered The ICAO, the UN aviation agency tasked with keeping our skies safe, just got hacked… again. This time, a hacker is offering to sell the personal data of 42,000 job applicants. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

January 10, 2025
Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested

Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested. Read more in my article on the Hot for Security blog. Graham Cluley Go…

December 17, 2024
Smashing Security podcast #397: Snowflake hackers, and under the influence

Smashing Security podcast #397: Snowflake hackers, and under the influence A Canadian man is arrested in relation to the Snowflake hacks from earlier this year – after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law. All this and more is discussed in the latest…

December 13, 2024
Doughnut orders disrupted! Krispy Kreme suffers hack attack

Doughnut orders disrupted! Krispy Kreme suffers hack attack Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security…

December 13, 2024
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records Wotnot, An Indian AI startup that helps businesses build custom chatbots, has leaked almost 350,000 sensitive files after the data was left unsecured on the web. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 6, 2024
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets

North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets In itslust for stealing cryptocurrency and sensitive information, North Korean hackers are disguising themselves as remote IT workers, recruiters, and even venture capitalists. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 4, 2024
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital

No guarantees of payday for ransomware gang that claims to have hacked children’s hospital What is the point of INC Ransom’s attack on Alder Hey? They are not likely to be paid, and the attack on a children’s hospital only increases the chances that they will one day find their collars felt by law enforcement.…

December 4, 2024
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals – including the leak of 1.1 million NHS employee records. Read more in my article on the Hot for Security blog.…

November 28, 2024
750,000 patients’ medical records exposed after data breach at French hospital

750,000 patients’ medical records exposed after data breach at French hospital A hacker calling themselves “nears” claims to have compromised the systems of multiple healthcare facilities across France, claiming to have gained access to the records of over 1.5 million people. Read more in my article on the Tripwire State of Security blog. Graham Cluley…

November 28, 2024