Graham Cluely

Shibu Philip has done a great service. Now everyone knows to steer well clear of working for him or his company Transcend.

The Coronavirus pandemic has pretty much killed off office romances, and the chances of a snog in the stationery cupboard, but now at least one firm might be pooping over romance outside of the workplace as well. Do you think relationships outside the office should be vetted for whether they pose a cybersecurity threat?

Many thanks to the great folks at Recorded Future, who have sponsored my writing for the past week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open … Continue reading "Elite security intelligence at zero cost – use Recorded Future Express… for FREE!"

Various media outlets are reporting that the source code for the legacy operating systems Windows XP and Windows Server 2003 have leaked online. Do they pose a risk?

If there are active attacks in the wild, if the DHS is ordering federal agencies to defend themselves, and if Zerologon is so easy to exploit, don't you think your business should be patching itself as soon as possible?

A critical vulnerability in Instagram's Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. Read more in my article on the Tripwire State of Security blog.

Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Shopify, the major ecommerce platform which powers many online stores, has revealed that it suffered a serious breach of security at the hands of two rogue employees. Read more in my article on the Hot for Security blog.

A ransomware attack detected and blocked at ArbiterSports, but only after sensitive data was exfiltrated. Read more in my article on the Hot for Security blog.

Reusing passwords is a recipe for disaster, as hackers will use a password breached in one place to break into other online accounts. Password reuse is one of the biggest mistakes you can make on the internet. Always use unique passwords and (whenever available) enable two-factor authentication.

If you're a business which has a website that customers access via a password, spend a few minutes create your own .well-known/change-password which points users to the correct place. Read more in my article on the Bitdefender Business Insights blog.

I'm sure their food is lovely, but I don't think they're going to deliver to me in Oxford, England, are they? Or if they did I'd have to give the delivery driver a stonking tip.

Graham Cluley Security News is sponsored this week by the folks at Immersive Labs. Thanks to the great team there for their support! Attacks and breaches are a fact of life. They happen. What’s most important is how well your organisation responds. And technology isn’t enough. Your staff must be ready too. Immersive Labs delivers … Continue reading "Free ebook: Aligning cyber skills with the MITRE ATT&CK framework"

Google gets in a muddle about its stalkerware policy, after making an unfortunate typo.

When a ransomware attack knocked out systems at a major hospital in Düsseldorf, Germany, there were tragic consequences.

Despite repeated warnings Dunkin' Donuts failed to investigate evidence of a significant data breach, didn't reset passwords, and didn't warn customers... for years.

US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. Read more in my article on the Tripwire State of Security blog.

Kalashnikov unveils its “smart” shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined … Continue reading "Smashing Security podcast #196: Smart guns, smart cars, and smart street lights – oh my!"

This weekend US Customs and Border Protection at New York’s JFK airport seemed proud to announce that it had “seized 2,000 counterfeit Apple AirPods” coming in from Hong Kong. But take another look...

Do you think you can crack Monero's layers of privacy? The IRS would like to hear from you. Read more in my article on the Hot for Security blog.