An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists.
Read more in my article on the Hot for Security blog.
Author: Graham Cluley
I can't tell you not to seek ethical hacking certification from EC-Council. But I can suggest that if you are looking for an online university to boost your cybersecurity career, you don't settle for an outfit that has proven itself to be of questionable ethics and utterly clueless.
NFT artist DeeKay Kwon had his Twitter account hacked at the end of last week by scammers who managed to steal NFTs valued at $150,000 from his followers.
Read more in my article on the Hot for Security blog.
A self-proclaimed "super hacker" causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.
All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don't miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.
Turn on a PC running Microsoft Windows 8.1 and you're likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and - critically - will no longer be receiving any security updates.
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.
Read more in my article on the Tripwire State of Security blog.
Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! IT and DevOps teams were presented with new challenges with the mass-migration to home working, and found themselves forced to perform infrastructure monitoring and management remotely. What is clearly needed is a … Continue reading "Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security"
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into […]… Read More
The post 10,000 organisations targeted by phishing attack that bypasses multi-factor authentication appeared first on The State of Security.
Even the Magic Kingdom isn't immune from hackers.
Late last week, millions of followers of Disneyland's Facebook and Instagram accounts were greeted by a series of offensive messages posted by a hacker.
Read more in my article on the Hot for Security blog.
Things haven't gone as smoothly as Microsoft (and, indeed, the rest of us) might have hoped...