by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
admin
by Paul Ducklin If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you’ll know that the version numbers of these products are currently at 97 and 98 respectively. And if you’ve ever looked at your browser’s User-Agent string, you’ll know that these version numbers are, by default, transmitted to
by Paul Ducklin We monitor a range of email addresses related to Naked Security, so we receieve a regular (a word we are using here to mean “unrelenting”) supply of real-world spams and scams. Some of our email addresses are obviously directly associated with various Sophos-related social media accounts; others are more general business-oriented addresses;
by Paul Ducklin Just over a year ago, graphics card behemoth Nvidia announced an unexpected software “feature”: anti-cryptomining code baked into the drivers for its latest graphics processing units (GPUs). Simply put, if the driver software thinks you’re using the GPU to perform calculations related to Ethereum cryptocurrency calculations, it cuts the execution speed of
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
by Paul Ducklin Mozilla has published Firefox 97.0.2, an “out-of-band” update that closes two bugs that are officially listed as critical. Mozilla reports that both of these holes are already actively being exploited, making them so-called zero-day bugs, which means, in simple terms, that the crooks got there first: We have had reports of attacks
by Paul Ducklin Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data… …via the GitHub account of a former employee. As you’ve probably figured out already, Adafruit is named after after Ada Lovelace, a nineteenth-century British intellectual who was a computer programmer long before any programmable computers existed. As mysterious as that might
by Paul Ducklin Max Kellermann, a coder and security researcher for German content management software creators CM4all, has just published a fascinating report about a Linux kernel bug that was patched recently. He called the vulnerability Dirty Pipe, because it involves insecure interaction between a true Linux file (one that’s saved permanently on disk) and
Summary The ShadowPad advanced modular remote access trojan (RAT) has been deployed by the Chinese government-sponsored BRONZE ATLAS threat group since at least 2017. A growing list of other Chinese threat groups have deployed it globally since 2019 in attacks against organizations in various industry verticals. Secureworks® Counter Threat Unit™ (CTU) analysis of ShadowPad samples
Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see. Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via
Authored by Oliver Devane and Vallabh Chole Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously blogged about how to change desktop browser settings to stop malicious notifications. This blog focuses on Chrome notifications on Android mobile devices such as phones and tablets, and
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent
You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. I you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being
Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the
Editor’s Note: This is the first in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely
When Aussie school opened their doors this year, the lifespan of parents around the country drastically improved. The combination of homeschooling, working from home, and not going anywhere has completely drained many Aussie working parents, me included!! Many of us have been in survival mode – just focusing on the basics to get through! Well,
International Women’s Day serves as an important reminder that each and every one of us plays a role in recognizing and addressing gender bias. Together, we can make a difference in creating a more equitable world for all. At McAfee, we know that genuine change requires continuous commitment. And while we’re proud of the efforts
What can social movements of the past teach you about the future – and about protecting your digital self? Being African American and working at a cybersecurity company doesn’t seem at first glance to provide fertile ground for pondering about the historical past. So, when asked in August 2021 if I could write something for
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts
As the conflict in Ukraine heightens the risk of cyberattacks globally, what can organizations do to improve their resiliency? Due to the current attack by Russian forces on Ukraine, do you expect there to be more cyberattacks? This is the most common question I am being asked post Russia unleashing its offensive in Ukraine. The
ESET researchers uncover a new wiper that attacks Ukrainian organizations and a worm component that spreads HermeticWiper in local networks As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. On February 23rd, 2022, a destructive campaign using HermeticWiper targeted multiple Ukrainian organizations. This cyberattack preceded, by
Press play to hear Aryeh Goretsky, Jean-Ian Boutin and Robert Lipovsky discuss how recent malware attacks in Ukraine tie into years of cyberattacks against the country Long before the first Russian soldier set foot on Ukrainian soil, the country had been a target of sophisticated digital operations spying on its officials, and sabotaging its critical
Here are a few tips that will help you get your ‘go bag’ ready if you have to leave at a moment’s notice and need your communications and data to survive If you live in an area where emergencies aren’t rare (like I do; our area has one of the highest rates of fire evacuations
Organizations worldwide should remain on high alert for cyberattacks as the risk of major cyber-spillover from the crisis in Ukraine continues to loom large Contests between states in the so-called gray zone between war and peace have been increasing for some time in cyberspace. In Ukraine, cyberattacks have been recorded more frequently over the past
No sector or organization is immune to rapidly escalating cyberthreats, but when it comes to healthcare, the stakes couldn’t be higher Even prior to Russia’s invasion of Ukraine, there was considerable fear that military escalation would bleed (further) into cyberspace and be followed by a rash of impactful digital assaults with international implications. Organizations worldwide
A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine. Google’s Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed
Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP’s UEFI firmware. The variety of devices affected includes HP’s laptops, desktops, point-of-sale (PoS) systems, and
Microsoft’s Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as