Graham Cluley 🇺🇦’s Tweets

mastodon.greenGraham Cluley (@gcluley@mastodon.green)334 Posts, 600 Following, 10.8K Followers · Computer #security chap. Public speaker, blogger, #DoctorWho fan since 1972. Author of Jacaranda Jim and Humbug games. Co-host of @SmashingSecurity...

Dec 12, 2022

Occasional reminder that if Twitter is ever taken over by an utter cockwomble*, you can also find me on Mastodon: mastodon.green/@gcluley * Oh, too late.

The following media includes potentially sensitive content. Change settings

View

10h

LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital tripwire.com/state-of-secur

12h

Second UK cabinet minister says Twitter account hacked

Second cabinet minister says Twitter account hacked

Northern Ireland secretary Chris Heaton-Harris says sorry after account posts ‘deeply unpleasant stuff’

LostPass: after the LastPass hack, here’s what you need to know

Jan 4

r/t LostPass? After the LastPass hack, here’s what you need to know...

grahamcluley.com

Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk? You do now. Here's what you need to know.

Google Home smart speaker bug could have allowed hackers to spy on your conversations

Jan 4

Google Home smart speaker bug could have allowed hackers to spy on your conversations

bitdefender.com

A security researcher has won a $107,500 bug bounty after discovering a way in which hackers could install a backdoor on Google Home devices to seize control of their microphones, and secretly spy...

Katie Marcotte, a 10-year Twitter employee and the company's acting head of human resources, just announced that she is leaving the company in a tweet on her private account. "Rooting for all my people still left," she wrote. "Tonight, the good wine. 🍷💙"

663

3,565

Data of over 200 million Deezer users stolen, leaks on hacking forum

Jan 3

Data of over 200 million Deezer users stolen, leaks on hacking forum. Not that they've bothered to contact you to let you know, of course...

grahamcluley.com

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

Jan 3

LostPass: after the LastPass hack, here’s what you need to know grahamcluley.com/lostpass-after

Farmer's Insurance TV AD SPOT 0:30 August 2022 Featuring J. K. Simmons

Jan 3

I hope Steven Moffat is getting some cash from whoever ripped off the start of Blink for this TV ad. youtu.be/1onqHhJxP88 #DoctorWho

youtube.com

I’m told The Guardian newspaper’s ransomware problems continue. Non-essential staff will be working from home for at least three weeks.

Twitter in data-protection probe after '400 million' user details up for sale

Dec 29, 2022

Ireland's Data Protection Commission probes Twitter after hacker puts '400 million' user details up for sale

bbc.co.uk

Politicians and celebrities are said to be affected but the scale of the data breach is unverified.

Hey

, since you don't seem to have much a media/comms team anymore, can you address the apparently legitimate claim that someone scraped & is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply.

531

2,244

Either LastPass is recommending users choose "404" as their master password, or they don't want to recommend anyone a new master password right now... lastpass.com/generate

read image description

ALT

This analysis by

of LastPass's PR statement about its data breach is pretty damning... :( I do hope LastPass users who need to take action haven't missed what's going on amid all this Christmas/New Year malarkey

palant.info

What’s in a PR statement: LastPass breach explained

The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.

2 executives of crypto exchange AAX arrested in Hong Kong: Report

Dec 28, 2022

Two executives of cryptoexchange AAX - which claimed it was down for "system maintenance" - have been arrested

cointelegraph.com

Hong Kong police arrested two executives of the crypto exchange AAX.

Dec 27, 2022

Apparently Piers Morgan has had his Twitter hacked.

GIF

read image description

ALT

Dec 26, 2022

UK cabinet minister’s Twitter account hacked to promote cryptocurrencies

‘Hack’ of UK cabinet minister’s Twitter account changes profile picture to Elon Musk

Education secretary Gillian Keegan’s account was completely altered, with profile picture showing Elon Musk

Hackers exploit bug in WordPress gift card plugin with 50K installs

Dec 25, 2022

Hackers exploit bug in WordPress gift card plugin with 50K installs

bleepingcomputer.com

Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.

Alfred Hitchcock impression

Dec 24, 2022

It's the night before Christmas, so here's something rather different and non-security-related for you.... My impression of Alfred Hitchcock. soundcloud.com/gcluley/alfred (Carole Theriault hasn't ever let me do it on the

@SmashinSecurity

podcast)

soundcloud.com

Graham Cluley's impression of Alfred Hitchcock

Dec 24, 2022

Just when you thought he couldn’t get any worse… Elon Musk ‘orders Twitter to remove suicide prevention feature’

Elon Musk ‘orders Twitter to remove suicide prevention feature’

Sources say new owner sought removal of the #ThereIsHelp feature which appeared at the top of certain searches

Eileen Guo | Eileenguo@journa.host

Retweeted

@eileenguo

Dec 23, 2022

Chuckled at this...erm, graphic discussion of

@techreview

's Roomba story. Thx

@caroletheriault

Smashing Security podcast

for covering. Just 1 note: the gig workers that saw the images were horrified, + covered the top img of woman on toilet's face b4 sharing online (which iRobot didn't do.)

Quote Tweet

@SmashinSecurity

Roombas taking photos of their owners on the loo! Finns warn of how hackers will exploit AI! And a Christmas story about scamming taxi cabs! It can only be the final "Smashing Security" podcast episode of the year! player.captivate.fm/episode/d989a2 Thanks @iainthomson for joining us!

Dec 23, 2022

Unfortunate timing with this latest disclosure. I’m sure LastPass wanted to be as transparent as possible about what occurred, and get the news out there as quickly as possible to users. It’s just unfortunate some might not see it due to proximity to Christmas.

Quote Tweet

Notice of Recent Security Incident - The LastPass Blog

Dec 23, 2022

LastPass hacker accessed backup of customer vault data including unencrypted website URLs and *encrypted*website usernames and passwords, secure notes, and form-filled data. Thank goodness LastPass doesn’t know its users’ master passwords. blog.lastpass.com/2022/12/notice

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

Childrens hospital hit by ransomware just before Christmas... I wouldn't wish any parent the experience of having a seriously sick kid, but it seems some ransomware gangs simply don't give a damn.

Quote Tweet

SickKids_TheHospital

@SickKidsNews

Update on SickKids response to cybersecurity incident: sickkids.ca/en/news/archiv

Show this thread

ThreeUK is blocking Tutanota. While ThreeUK says the applied adult filter was standard for any...

Tuatona is understandably not happy that ThreeUK customers are blocked from accessing it...

tutanota.com

ISPs must not have the power to decide which online services users can or can not access.

Don't click too quick! FBI warns of malicious search engine ads | tripwire.com/state-of-secur

Smashing Security podcast #303: Secret Roomba snaps, Christmas cab scams, and the future of AI

Beware your Roomba’s roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a cab in Dublin… It's the latest "Smashing Security" podcast of the year! Thanks to special guest

@iainthomson

for joining us for the fun. :)

grahamcluley.com

Beware your Roomba's roving eye, the Finns warn of AI threats around the corner, and watch out when hailing a cab in Dublin… All this and much more is discussed in the latest edition of the award…

Anker’s Eufy breaks its silence on security cam security

Dec 21, 2022

Still no apology, but Anker’s Eufy breaks its silence on security cam security

theverge.com

But we still don’t know what’s actually encrypted

NE Ohio Regional Sewer District

Retweeted

@neorsd

Dec 21, 2022

Dear followers

read image description

ALT

1,423

7,463

The Guardian has now confirmed that it believes it has suffered a ransomware attack.

Guardian hit by serious IT incident believed to be ransomware attack

Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

I've been told that

has suffered a "serious IT incident" which is affecting access to all its offices. Staff are being told to work from home, and not to use VPN to log in to any systems... :( Wishing the Guardian IT team well, especially at this time of year.

read image description

ALT

249

Replying to

236

777

Dec 19, 2022

What are we going to do for 🍿entertainment now?

Quote Tweet

Elon Musk

@elonmusk

Dec 18, 2022

Should I step down as head of Twitter? I will abide by the results of this poll.

Show this poll

T-Mobile hacker gets 10 years for $25 million phone unlock scheme

Dec 19, 2022

T-Mobile hacker gets 10 years for $25 million phone unlock scheme

bleepingcomputer.com

Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's...

Teaching Twitter users that malware warnings should be ignored by abusing them to scare people away from your competition is disgusting, disturbing and incredibly dangerous.

Total Fleet Visibility with Kolide

Dec 18, 2022

Thanks to the fab folks at

@kolide

who have been sponsoring my website for the last week, supporting independent blogging. Kolide gives you real-time fleet visibility across Mac, Windows, and Linux, answering questions MDMs can’t. Learn more now:

kolide.com

Kolide gives you accurate, valuable, and complete fleet visibility across Mac, Windows, and Linux endpoints.