In today’s connected world, you can do so much on the internet. It’s never been easier to stay entertained (Netflix, anyone?), informed, and productive. But it’s important to keep your online activities private and safe, whether you’re checking social media, using a streaming service, or banking online. With the right solutions, you can have a
Month: June 2022
Organizations are still neglecting to secure their supply chains, according to panellists at a session during Infosecurity Europe 2022. Panel chair and security consultant Peter Yapp warned that fewer than 10% of organizations have reviewed their suppliers’ security. “Attacks on the supply chain will only increase,” he said. Firms face a growing volume of attacks
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled “MEGA: Malleable Encryption Goes Awry,” the researchers point out how MEGA’s system does not
Authored by Lakshya Mathur An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut
Organizations face three emerging threats that compromise identities, exploit the use of accomplices or insiders and evade current detection and defenses, according to security researcher Oliver Rochford. During his insight stage talk at Infosecurity Europe, Rochford, security evangelist at Securonix, said that a growing number of criminal groups are acting as initial access brokers (IABs).
by Paul Ducklin Remember the Capital One breach? We did, though we felt sure it had happened a long time ago. Indeed, when we checked, it had: the story first broke almost three years ago, back in July 2019. At the time, the company reported: Capital One Financial Corporation announced […] that on July 19,
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders Security by design has long been something of a holy grail for cybersecurity professionals. It’s a simple concept: ensure products are designed to be as secure as possible in order to minimize the chances of compromise further down the
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft Exchange servers in Taiwan and Vietnam using an unknown exploit to
Web developer ‘z0ccc’ has created a website designed to generate a fingerprint of devices based on Google Chrome extensions installed on the visiting browser. In an exclusive email interview with Bleeping Computer, z0ccc said while the website does not store the fingerprint of visiting devices, the testing shows that information could be potentially used by
by Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to
How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money Coined during Al Capone’s times, the term ”money laundering” has since entered the general lexicon as criminals have been busy obscuring the source of their ill-gotten assets and making it appear as if the funds have come from
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that’s where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we’ll
Content management system (CMS) provider WordPress has forcibly updated over a million sites to patch a critical vulnerability affecting the Ninja Forms plugin. The flaw was spotted by the Wordfence threat intelligence team in June and documented in an advisory by the company on Thursday. In the document, Wordfence said the code injection vulnerability made it
In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides
A California man was sentenced to time in prison Wednesday after hacking thousands of iCloud accounts, stealing people’s nude images and videos and sharing them with conspirators. Hao Kuo Chi, acting under the online name of ‘icloudripper4you’, would have illegally obtained the iCloud credentials of approximately 4700 victims and shared their content with other people
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. “The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote
Microsoft added a new known issue affecting its operating systems’ Wi-Fi hotspot feature to its official Health Dashboard page. Affecting Windows 10 and 11 machines, the bug would have been introduced with a Windows update the company released earlier this month. “After installing KB5014697, Windows devices might be unable [to] use the Wi-Fi hotspot feature.”
As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam According to the latest ESET Threat Report, email threats grew by 37 percent in the first four months of the year compared to the last four months of 2021. This was also the largest
An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom
Online banking puts the ability to pay bills, check your balance, or transfer money at your fingertips. Unfortunately, it can also make you vulnerable to scammers who may try to trick you into giving them access to your account. By remaining vigilant, though, you can avoid common scams. This article discusses mobile banking scams and
A group of cybersecurity researchers from Dr. Web claims to have spotted a number of apps on the Google Play Store in May with built-in adware and information-stealing malware. The most dangerous of these apps, according to the report, is spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’24”] Computer Science in the 1800s. [02’56”] Fixing Follina. [08’15”] AirTag stalking. [16’22”] ID theft site seizure. [19’41”] The Law of Big Numbers versus SMS scams. With Doug Aamoth and Paul Ducklin. Intro
Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? One of the key findings from the ESET Threat Report T1 2022 is that the Emotet botnet has risen, Phoenix-like, from the ashes, pumping out vast amounts of
Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the
The topic most top of mind today for HR professionals is keeping and acquiring great talent. One of the most important elements of doing both is providing a desirable and meaningful set of employee benefits. Digital Wellness is a New Pillar in the Employee Benefits Space The idea of Digital Wellness isn’t exactly brand new,
Free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public, according to an investigation by Cybernews. The cache of 18.5GB connection logs allegedly contained more than 25 million records, which included user device and Play Service IDs, connection timestamps, IP addresses and more. Cybernews said it found the
by Paul Ducklin A few hours ago, we recorded this week’s Naked Security podcast, right on Patch Tuesday itself. It was just after 18:00 UK time when we hit the mics, which meant it was just after 10:00 Microsoft HQ time, which meant we had access to this month’s official June 2022 Security Updates bulletin
How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer At the RSA Conference 2022, the techno-geekery center of the security universe, the halls once more pulse with herds of real aching-feet attendees slurping up whatever promises to be the
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware “utilizes its built-in concurrency features to maximize spreadability and execute malware modules” and “harvests SSH keys to perform lateral movement.” The feature-packed botnet, which
Authored by Jyothi Naveen and Kiran Raj McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam operations is