How protected am I online? Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise
Month: May 2022
A former banking IT security boss has been named as the co-chair of the government’s National Cyber Advisory Board, a key institution created as part of its new cybersecurity strategy. Sharon Barber was until recently chief resilience and security officer at Lloyds Banking Group, and will now lead efforts to shape a dialogue between society and
SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below – CVE-2022-22282 (CVSS score: 8.2) –
The cyber implications of the Russia-Ukraine conflict were discussed by a panel of international security leaders during the opening plenary session at CYBERUK 2022. The discussion was moderated by NCSC’s CEO Lindy Cameron, who was joined on the stage by the director of the US’ National Security Agency (NSA), Robert Joyce, head of the Australian Cyber
by Paul Ducklin You may not have heard of Curl (or curl, as it is more properly written), but it’s one of those open source toolkits that you’ve almost certainly used anyway, probably very often, without knowing. The open source world provides numerous tools of this sort – ubiquitous, widely used in software projects all over
Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect
Hands down, children look to their parents to keep them safe online more than anyone else, which begs the question—what’s a parent to do? Our recent study on connected families found that nearly three-quarters of children said their parents were best suited to teach them about staying safe online, nearly twice than teachers at school
The European Union (EU) has reached political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations. The new directive will replace the EU’s existing rules on the security of network and information systems (NIS Directive), which requires updating because “of the increasing degree of digitalization and interconnectedness of our society and the
by Paul Ducklin What does the word Glib mean to you? Does it make you think of a popular programming library from the GNOME project? Do you see it as a typo for glibc, a low-level C runtime library used in many Linux distros? Do you picture someone with the gift of the gab trying
Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit? Did you know that some 90 percent of successful cyberattacks start with a phishing email? This helps show why learning to recognize and avoid phishing attacks is such an important skill to
Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect
How do parents and children connect and protect themselves online? We spoke with thousands of them around the world to find out. In December 2021 we conducted a study about beliefs and behaviors about life online among members of connected families—as individuals and as a family unit. Parents and children were surveyed together, with parents
Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals. According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system. To investigate the incident, OKCIC enlisted the help
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other.
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed
A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used phishing and other means to obtain user credentials from January 2011 to
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? We all know there’s a cybersecurity skills shortage. Across the globe, the shortfall of talent is now measured in the millions. We’ve also all heard about the Great Resignation: a once-in-a-generation period of
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in
The Spanish government has sacked its spy chief Paz Esteban amid a dual phone-hacking scandal involving Pegasus spyware, the country’s defense minister said today. The National Intelligence Center (CNI) that Esteban headed faced controversy recently for reportedly using Pegasus, developed by Israel’s NSO Group, to spy on leaders of the Catalan independence movement. CNI was
by Paul Ducklin If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline. The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide. DarkSide is
The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. “Analysis of these samples indicates that the developer has access to REvil’s source code, reinforcing the likelihood that the threat group has reemerged,” researchers from Secureworks Counter Threat Unit
Russians tuning in to view the country’s Victory Day parade today were shocked to find anti-war messages after the country’s television listings system was hacked. The hack affected several major networks, including Channel One, Rossiya-1 and NTV-Plus, the BBC reported. The name of every program was replaced with a message stating, per the BBC’s translation: “On your
by Paul Ducklin Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with
LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform Job hunting is hard work, a kind of full-time job in itself. It requires focus and patience to go from one job posting to another
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are
A trainee solicitor and special police constable has been handed a two-year suspended sentence after using encrypted channels to post messages about child sexual abuse. Jack Mallinson, 26, who was employed by West Yorkshire Police while training to be a solicitor, was arrested on January 7 2021 by officers from the UK’s National Crime Agency
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. “It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week. The
Like most things in life, online privacy is a 2-way street. As consumers, we expect the companies we deal with online to manage and safeguard our data to a super professional level however we also have a role to play here too. So, this Privacy Awareness Week (PAW), let’s focus on what we can do