BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025. Read more in my article on the Tripwire State of Security blog.
Category: Guest blog
CAPTCHA, clipboard, Global Security News, Guest blog, malware, supply chain
Supply-chain CAPTCHA attack hits over 100 car dealerships
A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read more in my article on the Hot for Security blog.
Coinbase, CryptoCurrency, Global Security News, Guest blog, phishing
Mandatory Coinbase wallet migration? It’s a phishing scam!
An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog.
fbi, Global Security News, Guest blog, Law & order, malware
Free file converter malware scam “rampant” claims FBI
Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog.
ChromeCast, Global Security News, Google, Guest blog
Borked Chromecasts are beginning to receive their update – just hope you didn’t do a factory reset
The news can’t have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media. Read more in my article on the Hot for Security blog.
ChromeCast, Global Security News, Google, Guest blog
Chromecast chaos – 2nd gen devices go belly-up as Google struggles to fix certificate issue
Has your old Chromecast suddenly developed a problem? You’re not alone it seems. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, malware, Medusa, Ransomware
Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat
The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released – with at least one organisation hit with a “triple-extortion” threat. Read more in my article on the Tripwire State of Security blog.
Global Security News, Guest blog, insider threat, Law & order, logic bomb, malware
Man found guilty of planting infinite loop logic bomb on ex-employer’s system
Davis Lu had planted malicious Java code onto his employer’s network that would cause “infinite loops” that would ultimate result in the server crashing or hanging. Read more in my article on the Hot for Security blog.
Black Basta, Data loss, Global Security News, Guest blog, malware, Ransomware
Cactus ransomware: what you need to know
Cactus is a ransomware-as-a-service (RaaS) group that encrypts victim’s data and demands a ransom for a decryption key. Read more about it in my article on the Tripwire State of Security blog.
Action Fraud, CryptoCurrency, Global Security News, Guest blog, Law & order, police, Scam
Fake police call cryptocurrency investors to steal their funds
Have you had a phone call from police about your cryptocurrency wallet? Be on your guard – you could be about to be scammed. Read more in my article on the Hot for Security blog.
CISA, Global Security News, Guest blog, Law & order, malware, Russia, Security threats, united states
CISA refutes claims it has been ordered to stop monitoring Russian cyber threats
It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog.
CISA, Donald Trump, Global Security News, Guest blog, Law & order, malware, Ransomware, Russia, Security threats, Ukraine, united states
Stop targeting Russian hackers, Trump administration orders US Cyber Command
The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot for Security blog.
Anydesk, belgium, Global Security News, Guest blog, malware, Security threats, Ukraine
Warning issued as hackers offer firms fake cybersecurity audits to break into their systems
Companies are being warned that malicious hackers are using a novel technique to break into businesses – by pretending to offer audits of the company’s cybersecurity. Read more in my article on the Tripwire State of Security blog.
Android, Global Security News, Guest blog, malware, Spyware, stalkerware, vulnerability
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, Microsoft, Microsoft Teams, North America, phishing, WhatsApp
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks
Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. Read more in my article on the Tripwire State of Security blog.
data breach, Data loss, Global Security News, Guest blog, Law & order, malware, North America, phobos, Ransomware
US charges two Russian men in connection with Phobos ransomware operation
Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. Read more in my article on the Hot for Security blog.
critical infrastructure, Global Security News, Guest blog, Security threats, vulnerability
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day
The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read more in my article on the Tripwire State of Security blog.
data breach, Data loss, Global Security News, Guest blog, Laptop, Law & order, North Korea, remote working, Security threats
US woman faces years in federal prison for running laptop farm for N Korean IT workers
Christian Marie Chapman, of Litchfield Park, Arizona, helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, North America, phishing, SMS
Toll booth bandits continue to scam via SMS messages
North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls. Do you know what to tell your friends and family to watch out for? Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, Taliban
Secret Taliban records published online after hackers breach computer systems
The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, law, Ransomware
Data breaches at UK law firms are on the rise, research reveals
British legal professionals have seen a “significant surge” in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector. Read more in my article on the Tripwire State of Security blog.
Global Security News, Guest blog, Law & order, Myanmar, Romance baiting, Scam, Thailand
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs
Well, this is a different approach to the scam problem… The government of Thailand has cut the power supply to areas near its border with Myanmar that are known to host brutal scam compounds. These heavily-guarded fraud factories house armies of people, coerced into defrauding innocent people through bogus investment and romance-baiting scams. Read more…
domain, Financial services, Global Security News, Guest blog, Law & order, Scam
Man sentenced to 7 years in prison for role in $50m internet scam
A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars. Read more in my article on the Tripwire State of Security blog.
British Museum, Global Security News, Guest blog, insider threat, Law & order, Security threats
Ex-worker arrested after ‘shutdown’ of British Museum computer systems
London’s world-famous British Museum was forced to partially close its doors at the end of last week, following a serious security breach involving a former IT contractor. Police were called to the museum on Friday after a recently dismissed worker allegedly trespassed onto the museum site and was able to shut down various systems, including…
Georgia, Global Security News, Guest blog, hacking, Law & order, Security threats
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government
Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute. As they boarded their public transport buses, they were greeted by a barrage of sound emanating from the vehicles’ speakers. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, law, Law & order, Turkey
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks
The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. But might it stifle journalism and free speech? Read more in my article on the Tripwire State of Security blog.
data breach, Data loss, Global Security News, Guest blog, Hotel
Half a million hotel guests at risk after hackers accessed sensitive data
The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world’s best known hotel brands. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, malware, Ransomware
Medusa ransomware: what you need to know
Medusa is a ransomware-as-a-service (RaaS) platform that has targeted organisations around the world. Read more about it in my article on the Tripwire State of Security blog.
AI, Brad Pitt, Celebrities, celebrity, deepfake, Global Security News, Guest blog, Romance baiting, Scam
No, Brad Pitt isn’t in love with you
No, Brad Pitt isn’t in love with you. A French woman was duped into believing a hospitalised Brad Pitt had fallen in love with her. The scammers even faked a “breaking news” report announcing the revelation of Brad’s new love… Read more in my article on the Hot for Security blog.
CryptoCurrency, Global Security News, Guest blog, Romance baiting, Scam
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam
Imagine trusting your pastor with your savings, only to find out he’s running a crypto scam. Read more in my article on the Hot for Security blog.
2FA, CryptoCurrency, Global Security News, Google, Guest blog, Kraken, password manager, phishing
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
A Canadian man lost a $100,000 cryptocurrency fortune – all because he did a careless Google search. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, malware, Ransomware
Space Bears ransomware: what you need to know
The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site. Read more in my article on the Tripwire State of Security blog.
data breach, Data loss, Global Security News, Guest blog, United Nations
United Nations aviation agency hacked, recruitment database plundered
The ICAO, the UN aviation agency tasked with keeping our skies safe, just got hacked… again. This time, a hacker is offering to sell the personal data of 42,000 job applicants. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, Romance baiting
It’s time to stop calling it “pig butchering”
Online romance and investment scams are painful enough without its victims being described as “pigs.” Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, Law & order, pii, rydox
Rydox cybercrime marketplace seixed by law enforcement, suspected admins arrested
Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, Krispy Kreme, malware, North America, Ransomware
Doughnut orders disrupted! Krispy Kreme suffers hack attack
Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security blog.
DDoS, Denial of Service, Global Security News, Guest blog, Krispy Kreme, Law & order, Operation PowerOff, Ransomware
27 DDoS-for-hire services disrupted in run-up to holiday season
Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen “booter” or “stresser” websites offline. Read more in my article on the Tripwire State of Security blog.
AI, data breach, Data loss, Global Security News, Guest blog, Operating Systems, privacy
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
Wotnot, An Indian AI startup that helps businesses build custom chatbots, has leaked almost 350,000 sensitive files after the data was left unsecured on the web. Read more in my article on the Hot for Security blog.
Global Security News, Guest blog, malware, North America, Ransomware, Russia
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States
Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame. The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the Kentucky Owl bourbon brand it purchased in 2017, was hit by…
Fake anti-virus, Global Security News, Google, Google ads, Guest blog, malvertising, malware, phishing, Ransomware, Scam, seo, technical support scam
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning. Read more in my article on the Tripwire State of Security blog.
CryptoCurrency, data breach, Data loss, Global Security News, Guest blog, North Korea
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets
In itslust for stealing cryptocurrency and sensitive information, North Korean hackers are disguising themselves as remote IT workers, recruiters, and even venture capitalists. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, hospital, INC Ransom, malware, Ransomware
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital
What is the point of INC Ransom’s attack on Alder Hey? They are not likely to be paid, and the attack on a children’s hospital only increases the chances that they will one day find their collars felt by law enforcement. Read more in my article on the Hot for Security blog.
Data loss, Global Security News, Guest blog, hospital, malware, NHS, Ransomware
UK hospital, hit by cyberattack, resorts to paper and postpones procedures
A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog.
Conti, Exploits, Global Security News, Guest blog, malware, Ransomware, vulnerability
Mimic ransomware: what you need to know
What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog.
CCTV, DNA, Global Security News, Guest blog, Law & order, Podcast, Smashing Security, social media, Social networks, vulnerability
Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout
A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters. All this and much much more…
data breach, Data loss, Global Security News, Guest blog, Microsoft, NHS, Power Pages, privacy
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records
A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals – including the leak of 1.1 million NHS employee records. Read more in my article on the Hot for Security blog.
data breach, Data loss, Global Security News, Guest blog, privacy
FlipaClip animation app data breach exposes details of almost 900,000 users
Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users. Read more in my article on the Hot for Security blog.