The volume of publicly reported data breaches and leaks remained at a near-record level in 2022, although consumers and businesses are being let down by the paucity of information provided by breached companies, according to the Identity Theft Resource Center (ITRC). The non-profit’s 2022 Data Breach Report is compiled from company announcements, mainstream news media,
admin
by Paul Ducklin Over the years, we’ve written and spoken on Naked Security many times about the thorny problem of DNS hijacking. DNS, as you probably know, is short for domain name system, and you’ll often hear it described as the internet’s “telephone directory” or “gazetteer”. If you’re not familiar with the word gazeteer, it
Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other. From restructuring their workforces to facing big fines, big tech companies have been on a roller coaster ride recently – but certainly none quite as much as Twitter. Indeed, Twitter has
Jan 26, 2023Ravie LakshmananThreat Detection / Endpoint Security Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022. “This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and
A leading US gaming company is primed to respond to any new cheats that may emerge for its titles following a ransomware compromise last week. California-based Riot Games said yesterday that it had received a ransom demand, which it would not pay. However, the data taken by its extorters may create problems for the firm in
by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a
Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future Videogames are now so popular that the number of players worldwide topped 3 billion last year! The boom goes far beyond gaming consoles and the most recognized gaming platforms, such as PlayStation,
Jan 25, 2023Ravie LakshmananData Breach / Remote Work Tool LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted
The UK’s data protection regulator has shared seven tips for SMBs, designed to save them time and money and boost customer confidence. The UK’s SMB community numbers over 5.5 million firms – amounting to over 99% of all businesses in the country. Yet many don’t have the in-house knowledge and resources to ensure they stay
by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps
Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play? First social apps, now gaming? The growth of cloud-powered apps like Telegram and Teams has created mega communities out of their users. Many of these apps have opened the door
Jan 24, 2023Ravie LakshmananMobile Security / 0-Day Attack Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
A leading California-based gaming developer has admitted that a serious cyber-attack on its systems has halted all updates. Tencent-owned Riot Games, which produces popular titles like League of Legends and Valorant, explained briefly what happened in a series of tweets on Friday. “Earlier this week, systems in our development environment were compromised via a social
Jan 23, 2023Ravie LakshmananThreat Detection / Infosec The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity
UK postal service Royal Mail announced on January 18, 2022, that it has resumed some “limited” international shipping following the ransomware attack that hit the company on January 11. These limited services include “International Standard and International Economy letters which do not require a customs declaration” and “International Business Standard (untracked) and International Business Economy
Jan 20, 2023Ravie LakshmananCyber War / Cyber Attack The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim
WhatsApp has been hit with a €5.5m ($5.9m) fine for GDPR violations by Ireland’s Data Protection Commission (DPC). In addition to the fine, WhatsApp Ireland has been directed to bring its data processing operations into compliance within six months. The case showcased significant disagreements between European data protection authorities about the extent of WhatsApp’s liability.
by Paul Ducklin US mobile phone provider T-Mobile has just admitted to getting hacked, in a filing known as an 8-K that was submitted to the Securities and Exchange Commission (SEC) yesterday, 2023-01-19. The 8-K form is described by the SEC itself as “the ‘current report’ companies must file […] to announce major events that
Ransomware revenue plunges to $456 million in 2022 as more victims refuse to pay up. Here’s what to make of the trend. Ransomware gangs extorted at least $456 million from victims in 2022, which represents a drop of 40 percent from$765 million the year prior, according to research by Chainalysis. Couple this with a fall
Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the
T-Mobile has admitted that tens of millions of customers had their personal and account information accessed by a malicious actor via an API. The US mobile carrier explained in an SEC filing yesterday that the attack began “on or around” November 25 2022, but was not discovered until January 5 2023, after which time T-Mobile
by Paul Ducklin GUESS YOUR PASSWORD? NO NEED IF IT’S STOLEN ALREADY! Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? Click-and-drag on the soundwaves below to skip to any point. You can
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
Hello, is it me you’re looking for? Fraudsters still want to help you fix a computer problem you never had in the first place. Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years. Using a range of tried-and-tested social engineering tricks, they’ve
Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October
Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted 422 malicious npm packages focused mainly on data exfiltration via typosquatting or “dependency confusion attacks.” Additionally, it found 58 malicious packages in PyPI,
Summary In August 2022, Secureworks® Counter Threat Unit™ (CTU) researchers discovered a vulnerability in Azure Active Directory (Azure AD) that allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application after the user assignment was removed. Using a backdoor application that was given consent to access the SAML application, a
Written by James Schmidt Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,”
Jan 19, 2023Ravie LakshmananEmail Security / Security Breach Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. “The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained
Some 94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA. The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice. It found that, although
- « Previous Page
- 1
- …
- 59
- 60
- 61
- 62
- 63
- …
- 116
- Next Page »