Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.



6096 Stories by Graham Cluley

A scam letter! Warn your vulnerable loved ones to be on their guard

The good news is that if scammers are having to use techniques like this to get in front of potential victims, anti-spam defences and user awareness about email scams must be better than ever.

The bad news is that if such letters continue to be sent, someone somewhere obviously thinks scams like this can still make them a tidy profit.

Porn-wielding Zoom bombers disrupt Twitter hack court hearing

Uh-oh… someone didn’t lock their Zoom meeting down properly. That’s probably particularly important when the person charged is an alleged hacker.

Smashing Security podcast #190: Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition

Special guest Geoff White can’t resist using the podcast to promote his new book, “Crime Dot Com”, but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don’t give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes – the technology fighting back at facial recognition.

Business anti-virus products put to the test – which received the highest score?

Anti-malware testing lab AV-Comparatives carries out intensive tests of security software, and has just published its long-term test report into the performance of business anti-virus products, taking a close look 19 products designed to defend enterprises from malware attack.

Twitter says a “phone spear phishing” attack helped hackers – what’s that?

What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.

Read more in my article on the Hot for Security blog.

Smashing Security podcast #189: DNA cock-up, Garmin hack, and virtual kidnappings

Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray REDACTED.

Thousands of websites at risk from critical WordPress commenting plugin vulnerability

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.

If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped.

Read more in my article on the Hot for Security blog.

Hacker plays cat-and-mouse with the EBRD’s Twitter account

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.

Bank of Ireland fined €1.66 million after being tricked by fraudster

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.

Read more in my article on the Hot for Security blog.

Google blames algorithm for adding porn titles to train station search results

If you searched on Google for details of your nearest train station in parts of New York state, you might be in for a rude surprise.

Garmin staggers back online after ransomware attack

Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week.

But did it pay a ransom to its attackers or not?

Over 1000 Twitter staff and contractors had access to internal tools that helped hackers hijack accounts

As Twitter and law enforcement agencies investigate the high profile attack against Twitter accounts, there is a clear lesson for other businesses to learn.

Read more in my article on the Bitdefender Business Insights blog.

Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension

Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities?

You need Recorded Future Express, a new browser extension from the experts at Recorded Future that delivers elite security intelligence at zero cost.

Garmin knocked out by ransomware attack

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.

A free iPhone from Apple? It’s possible, but there are some catches

Who wouldn’t want the latest and greatest iPhone for free?

Well, if you’re a security researcher then you might be able to get just that…