-
NY Man Pleads Guilty in $20 Million SIM Swap Theft
PRIVACY PRIVACY A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent “SIM swaps,”…
-
Free eBook! Ransomware – how to stop it, and how to survive an attack
PRIVACY PRIVACY Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Ransomware attacks dominate the cybersecurity news headlines, with businesses all over the world wondering if they will be the next victim. It’s a legitimate, and growing fear, as the attackers…
-
The DHS is inviting hackers to break into its systems, but there are rules of engagement
PRIVACY PRIVACY The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. Read more in my article on the Tripwire State of Security blog. Read More
-
Smashing Security podcast #256: Virgin Media just won’t take no for an answer, NFT apes, and bad optics
PRIVACY PRIVACY After a brief discussion of the Log4Shell vulnerability panic, we chat about how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your sleeping girlfriend’s facial recognition. All this and more is discussed in the latest edition of the award-winning…
-
How to Defend Against Windows Management Instrumentation Attacks
PRIVACY PRIVACY The Windows Management Instrumentation (WMI) protocol – infrastructure on a Windows-based operating system – is used for management data and operations. It provides a uniform interface for local or remote applications or scripts to obtain management data from a computer system, network, or enterprise; the interface is designed so that WMI client applications…
-
Microsoft Patch Tuesday, December 2021 Edition
PRIVACY PRIVACY Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing…
-
Inside Ireland’s Public Healthcare Ransomware Scare
PRIVACY PRIVACY The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousands of…
-
Log4Shell: The race is on to fix millions of systems and internet-connected devices
PRIVACY PRIVACY Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. Read More
-
Top 10 Malware November 2021
PRIVACY PRIVACY In November 2021, the Top 10 stayed consistent with the previous month with the exception of Gh0st, Mirai, and Ursnif, which returned to the Top 10. The Top 10 Malware variants comprise 69% of the total malware activity in November 2021, decreasing 2% from October 2021. Shlayer and CoinMiner continue to lead the…
-
End-of-Support Software Report List
PRIVACY PRIVACY The importance of replacing software before its End-of-Support (EOS) is critical. EOS occurs when software updates, patches, and other forms of support are no longer offered, resulting in software becoming prone to future security vulnerabilities. Using unsupported software and firmware/hardware, puts organizations at risk in the following ways: Subsequent vulnerability disclosures place your…