Tag: grahamcluley

Cactus ransomware: what you need to know

Cactus ransomware: what you need to know Cactus is a ransomware-as-a-service (RaaS) group that encrypts victim’s data and demands a ransom for a decryption key. Read more about it in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

March 6, 2025
The AI Fix #40: ChatGPT saved my life, and making evil AIs by accident

The AI Fix #40: ChatGPT saved my life, and making evil AIs by accident In episode 40 of the AI Fix, Graham meets a shape-shifting GOAT, a robot dog gets wet, Mark likes Claude 3.7 Sonnet, OpenAI releases its dullest model yet, Grok 3 needs to go home and have a lie down, and everyone…

March 5, 2025
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

CISA refutes claims it has been ordered to stop monitoring Russian cyber threats It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

March 5, 2025
Stop targeting Russian hackers, Trump administration orders US Cyber Command

Stop targeting Russian hackers, Trump administration orders US Cyber Command The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot…

March 4, 2025
Warning issued as hackers offer firms fake cybersecurity audits to break into their systems

Warning issued as hackers offer firms fake cybersecurity audits to break into their systems Companies are being warned that malicious hackers are using a novel technique to break into businesses – by pretending to offer audits of the company’s cybersecurity. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go…

February 28, 2025
Smashing Security podcast #406: History’s biggest heist just happened, and online abuse

Smashing Security podcast #406: History’s biggest heist just happened, and online abuse In episode 406 of the “Smashing Security” podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls’ safety online. All this…

February 27, 2025
The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere

The AI Fix #39: AIs value their lives over yours, and flattery gets you nowhere In episode 39 of the AI Fix, our hosts watch a drone and a robot dog shoot fireworks at each other, xAI launches Grok 3, Mark explains that AIs can design genomes now, a robot starts a punch up, Zuck…

February 26, 2025
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon

Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people. Read more in my article on the Hot for Security blog. Graham…

February 25, 2025
Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams

Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are…

February 20, 2025
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks

Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. Read more in my article on the Tripwire…

February 19, 2025
The AI Fix #38: AI proves time travel is impossible (but still can’t draw fingers)

The AI Fix #38: AI proves time travel is impossible (but still can’t draw fingers) In episode 38 of “The AI Fix”, our hosts discover a robot they actually like, Sam Altman teases GPT-5 and trolls Elon Musk, a robot dog grows arms, an AI compliments Graham, Mark worries about “gradual disempowerment”, an octopus pretends…

February 19, 2025
US charges two Russian men in connection with Phobos ransomware operation

US charges two Russian men in connection with Phobos ransomware operation Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. Read more in my article on the Hot for Security blog. Graham Cluley Go…

February 15, 2025
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day

US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read…

February 14, 2025
US woman faces years in federal prison for running laptop farm for N Korean IT workers

US woman faces years in federal prison for running laptop farm for N Korean IT workers Christian Marie Chapman, of Litchfield Park, Arizona, helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. Read more in my article on the Hot for…

February 14, 2025
Smashing Security podcast #404: Podcast not found

Smashing Security podcast #404: Podcast not found The story of how hackers managed to compromise the US Government’s official SEC Twitter account to boost the price of Bitcoins, AI isn’t helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware? All this and more is discussed in the latest…

February 13, 2025
Toll booth bandits continue to scam via SMS messages

Toll booth bandits continue to scam via SMS messages North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls. Do you know what to tell your friends and family to watch out for? Read more in my article on the Hot for…

February 11, 2025
Secret Taliban records published online after hackers breach computer systems

Secret Taliban records published online after hackers breach computer systems The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online. Read more in my article on the Hot for Security blog. Graham Cluley Go…

February 10, 2025
Data breaches at UK law firms are on the rise, research reveals

Data breaches at UK law firms are on the rise, research reveals British legal professionals have seen a “significant surge” in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector. Read more in my article on the Tripwire State of Security blog. Graham…

February 8, 2025
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs Well, this is a different approach to the scam problem… The government of Thailand has cut the power supply to areas near its border with Myanmar that are known to host brutal scam compounds. These heavily-guarded fraud factories house armies of people,…

February 7, 2025
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR…

February 6, 2025
Man sentenced to 7 years in prison for role in $50m internet scam

Man sentenced to 7 years in prison for role in $50m internet scam A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars. Read more in my article on the Tripwire State of Security blog. Graham…

February 6, 2025
The AI Fix #36: A DeepSeek special

The AI Fix #36: A DeepSeek special In episode 36 of The AI Fix, Graham and Mark take a long look at DeepSeek, an upstart AI out of China that was trained on a shoestring, shook up Wall Street, kneecapped Nvidia, and challenged America’s AI hegemony. Graham also discovers a remarkably f***ing effective way to…

February 5, 2025
Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps

Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee’s actions led to chaos and raise urgent questions about the security of cultural treasures. And…

January 30, 2025
Ex-worker arrested after ‘shutdown’ of British Museum computer systems

Ex-worker arrested after ‘shutdown’ of British Museum computer systems London’s world-famous British Museum was forced to partially close its doors at the end of last week, following a serious security breach involving a former IT contractor. Police were called to the museum on Friday after a recently dismissed worker allegedly trespassed onto the museum site…

January 30, 2025
The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics

The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics In episode 35 of The AI Fix, our hosts learn who the 175th best programmer in the world is, the AI supervillains put on suits for President Trump, a “not imaginary” AI turns out to be imaginary, OpenAI releases Operator and teases…

January 29, 2025
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government

Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute. As they boarded their public transport buses, they were greeted by a barrage of sound emanating from the vehicles’ speakers. Read more in my article…

January 28, 2025
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks

Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. But might it stifle journalism and free speech? Read more in my article on the…

January 25, 2025
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose

Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams. All this and more is discussed in the latest edition of the award-winning “Smashing Security”…

January 23, 2025
Half a million hotel guests at risk after hackers accessed sensitive data

Half a million hotel guests at risk after hackers accessed sensitive data The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world’s best known hotel brands. Read more in my article on the Hot for Security…

January 23, 2025
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs

The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs In episode 34 of The AI Fix, our hosts watch in horror as a vacuum cleaner sprouts a robotic arm and legs, a rivet embedded in the side of your head claims it will be able to read your…

January 22, 2025
Medusa ransomware: what you need to know

Medusa ransomware: what you need to know Medusa is a ransomware-as-a-service (RaaS) platform that has targeted organisations around the world. Read more about it in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

January 22, 2025
No, Brad Pitt isn’t in love with you

No, Brad Pitt isn’t in love with you No, Brad Pitt isn’t in love with you. A French woman was duped into believing a hospitalised Brad Pitt had fallen in love with her. The scammers even faked a “breaking news” report announcing the revelation of Brad’s new love… Read more in my article on the…

January 18, 2025
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT

Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon Musk…

January 17, 2025
The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode

The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode In episode 33 of The AI Fix, our hosts watch a robot fall over, ChatGPT demonstrates that it can’t draw a watch face but it can fire a gun, a man without a traffic cone gets trapped in his Waymo taxi, Graham discovers what…

January 16, 2025
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam

Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam Imagine trusting your pastor with your savings, only to find out he’s running a crypto scam. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

January 14, 2025
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you A Canadian man lost a $100,000 cryptocurrency fortune – all because he did a careless Google search. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

January 11, 2025
Smashing Security podcast #399: Honey in hot water, and reset your devices

Smashing Security podcast #399: Honey in hot water, and reset your devices Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and…

January 10, 2025
Space Bears ransomware: what you need to know

Space Bears ransomware: what you need to know The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

January 10, 2025
United Nations aviation agency hacked, recruitment database plundered

United Nations aviation agency hacked, recruitment database plundered The ICAO, the UN aviation agency tasked with keeping our skies safe, just got hacked… again. This time, a hacker is offering to sell the personal data of 42,000 job applicants. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

January 10, 2025
The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution

The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution In episode 32 of The AI Fix, our hosts learn the meaning of “poronkusema”, Mark discovers his dream job, a school tries using AI instead of teachers, the “Godfather of AI” says AI will see us as toddlers, and Graham lifts the…

January 8, 2025
Fireside chat with Graham Cluley about risks of AI adoption in 2025

Fireside chat with Graham Cluley about risks of AI adoption in 2025 Join me, and the experts from Rubrik, on Weds January 15 2025, where we’ll be having a fireside chat with Dark Reading all about the known and unknown risks of adopting AI. Graham Cluley Go to grahamcluley

January 3, 2025
The AI Fix #31: Replay: AI doesn’t exist

The AI Fix #31: Replay: AI doesn’t exist Mark and I took a break for the new year, but we’ll be back for a new episode of “The AI Fix” podcast at the usual time next week. In the meantime, here is another chance to hear one of our favourite episodes again. The very first…

January 3, 2025
The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!) In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who haven’t left the 1970s, our hosts regret to inform you that an AI artist now…

December 25, 2024
Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing…

December 20, 2024
It’s time to stop calling it “pig butchering”

It’s time to stop calling it “pig butchering” Online romance and investment scams are painful enough without its victims being described as “pigs.” Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 19, 2024
The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaire

The AI Fix #29: AI on OnlyFans, and the bot that wants to be a billionaire In episode 29 of The AI Fix, an AI company makes the bold step of urging us to “stop hiring humans”, Graham is wrong about GB AI, parents prepare their kids for the imminent Moxie-mageddon, Google releases Gemini 2.0,…

December 18, 2024
Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested

Rydox cybercrime marketplace seized by law enforcement, suspected admins arrested Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested. Read more in my article on the Hot for Security blog. Graham Cluley Go…

December 17, 2024
Smashing Security podcast #397: Snowflake hackers, and under the influence

Smashing Security podcast #397: Snowflake hackers, and under the influence A Canadian man is arrested in relation to the Snowflake hacks from earlier this year – after a cybersecurity researcher managed to track his identity, and a cryptocurrency-trading Instagram influencer is in trouble with the law. All this and more is discussed in the latest…

December 13, 2024
27 DDoS-for-hire services disrupted in run-up to holiday season

27 DDoS-for-hire services disrupted in run-up to holiday season Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen “booter” or “stresser” websites offline. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to…

December 13, 2024
Doughnut orders disrupted! Krispy Kreme suffers hack attack

Doughnut orders disrupted! Krispy Kreme suffers hack attack Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security…

December 13, 2024
“CP3O” pleads guilty to multi-million dollar cryptomining scheme

“CP3O” pleads guilty to multi-million dollar cryptomining scheme A man faces up to 20 years in prison after pleading guilty to charges related to an illegal cryptomining operation that stole millions of dollars worth of cloud computing resources. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 11, 2024
The AI Fix #28: Robot dogs with bombs, and who is David Mayer?

The AI Fix #28: Robot dogs with bombs, and who is David Mayer? In episode 28 of The AI Fix, the new version of ChatGPT does a surprisingly good job of telling Mark how to defend himself from a flame thrower-wielding robot dog in his living room, Graham loses 30,000 robots on the head of…

December 11, 2024
3AM ransomware: what you need to know

3AM ransomware: what you need to know The 3AM ransomware first emerged in late 2023. Like other ransomware, 3AM exfiltrates victims’ data (demanding a ransom is paid) and encrypts the copies left behind. Here’s what you need to know. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to…

December 11, 2024
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests

Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests The UK’s National Crime Agency (NCA) has revealed details of Operation Destabilise, a years-long international law enforcement investigation into a giant Russian money laundering enterprise that handled billions of dollars for drug traffickers and ransomware gangs worldwide. Read more in my article on the…

December 6, 2024
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data

Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data A CEO is arrested for turning satellite receivers into DDoS attack weapons! Then, we’ll journey into the world of bossware and “affective computing” and explore how AI is learning to read our emotions – is this the future of work, or a…

December 6, 2024
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records Wotnot, An Indian AI startup that helps businesses build custom chatbots, has leaked almost 350,000 sensitive files after the data was left unsecured on the web. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 6, 2024
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

Ransomware-hit vodka maker Stoli files for bankruptcy in the United States Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame. The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the…

December 5, 2024
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users

Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

December 5, 2024
The AI Fix #27: Why is AI full of real-life Bond villains?

The AI Fix #27: Why is AI full of real-life Bond villains? In episode 27 of The AI Fix, robots catch a ball, lead a revolt, and enjoy a juicy steak. Or do they? Graham struggles with a Micro USB cable, a student struggles with a school’s anti-AI rules, and OpenAI’s Sora video generation AI…

December 4, 2024
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets

North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets In itslust for stealing cryptocurrency and sensitive information, North Korean hackers are disguising themselves as remote IT workers, recruiters, and even venture capitalists. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

December 4, 2024
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital

No guarantees of payday for ransomware gang that claims to have hacked children’s hospital What is the point of INC Ransom’s attack on Alder Hey? They are not likely to be paid, and the attack on a children’s hospital only increases the chances that they will one day find their collars felt by law enforcement.…

December 4, 2024
UK hospital, hit by cyberattack, resorts to paper and postpones procedures

UK hospital, hit by cyberattack, resorts to paper and postpones procedures A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

November 30, 2024
Mimic ransomware: what you need to know

Mimic ransomware: what you need to know What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

November 29, 2024
Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout

Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Australia mulls…

November 28, 2024
The AI Fix #26: Would AI kill sentient robots, and is water wet?

The AI Fix #26: Would AI kill sentient robots, and is water wet? In episode 26 of The AI Fix, an AI does surgery on pork chops, holographic Jesus wants your consent to use cookies, Mark opens the pod bay doors, our hosts discover OpenAI’s couch potato health coach, and Graham finds a robot made…

November 28, 2024
FlipaClip animation app data breach exposes details of almost 900,000 users

FlipaClip animation app data breach exposes details of almost 900,000 users Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

November 28, 2024
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals – including the leak of 1.1 million NHS employee records. Read more in my article on the Hot for Security blog.…

November 28, 2024
750,000 patients’ medical records exposed after data breach at French hospital

750,000 patients’ medical records exposed after data breach at French hospital A hacker calling themselves “nears” claims to have compromised the systems of multiple healthcare facilities across France, claiming to have gained access to the records of over 1.5 million people. Read more in my article on the Tripwire State of Security blog. Graham Cluley…

November 28, 2024