Security Risks of Client-Side Scanning
Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic backdoor, but it’s still a backdoor — and brings…
Acer hacked (for the second time this year)
Hardware and electronics giant Acer has suffered a data breach, with hackers claiming they have stolen 60GB worth of files from the company's Indian servers.
Disrupt adversaries and prevent identity fraud with Recorded Future Identity Intelligence
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Strong identity authentication is more important than ever as organizations face an unprecedented level of attacks targeting their dynamic and remote ecosystem of employees, partners, and customers.…
Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page.
The Ultimate SaaS Security Posture Management (SSPM) Checklist
Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps,…
Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries
Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33% increase from 2020, the internet giant…
Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones
Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German…
Analysis of 80 million ransomware samples reveals a world under attack
VirusTotal's first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020. Read more in my article on the Tripwire State of Security blog.
Recovering Real Faces from Face-Generation ML System
New paper: “This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website http://thispersondoesnotexist.com, taunts users with GAN generated images that seem too real to believe. On the other hand, GANs…
VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples
As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has…
Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information
A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus…
8 Beginner Tips To Elevate Your Gaming Skills [From A Game Addict]
This post will show you beginner tips to elevate your gaming skills… Many video games are very challenging and demanding. That’s why you must hone your skills to match the requirements. Even though these games differ in gameplay, mechanics, play style, or objectives, there’re still some aspects where they’re similar.…
Smashing Security podcast #247: Rickrolling submarine secrets
A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans…
BrandPost: Fighting Video Piracy Is Strengthened by Collaboration
Here’s what I know: My personal email has been “pwned” or stolen at least 18 times. Here’s what I don’t know: if any of the times I have been unable to log in to one of my OTT subscription services was due to my kids sharing our credentials or because…