A team of security researchers from CloudSEK has discovered a new phishing tactic used by threat actors (TA) to target Indian banking customers via preview domains from Hosting Provider Hostinger. The new feature enables access to a site before it is accessible globally. In other words, it enables the viewing of website content without a
admin
by Paul Ducklin We’ve written about PQC, short for post-quantum cryptography, several times before. In case you’ve missed all the media excitement of the past few years about so-called quantum computing… …it is (if you will pardon what some experts will probably consider a reckless oversimplification) a way of building computing devices that can keep
Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization. This week, ESET’s security evangelist Tony Anscombe participated in a panel on zero-trust architecture during ChannelCon. He explains what zero-trust means, and the basic practises any organisation should implement to protect themselves. Watch the video to learn more.
A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. “This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers
Your digital footprint grows with every internet account you make. While your old Tumblr account may be fun for reminiscing, dormant accounts are actually one of the most significant sources of user data on the internet. These accounts can be used by data brokers or third parties to access your personal information. To improve your
ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems in South Korea. Dubbed GwisinLocker, the malware was detected by ReversingLabs on July 19 while undertaking successful campaigns targeting firms in the industrial and pharmaceutical space. “In those incidents, it often launched attacks on public holidays and during the early morning hours (Korean time) – looking to
by Paul Ducklin The word “protocol” crops up all over the place in IT, usually describing the details of how to exchange data between requester and replier. Thus we have HTTP, short for hypertext transfer protocol, which explains how to communicate with a webserver; SMTP, or simple mail transfer protocol, which governs sending and receiving
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a “geographic expansion of Iranian disruptive cyber operations.” The July 17 attacks, according to Albania’s National Agency
Whether using the internet for play or work, you want to spend your time online enjoying the peace of mind that comes with having a secure network. You don’t want to contend with someone taking your personal data — whether it’s credit card information, passwords, or bank account details — via malware or a data
Cybersecurity experts from Deepwatch spotted activity from threat actors (TA) that “highly likely” exploited a security flaw in the Atlassian Confluence server (CVE-2022-26134) to deploy a new backdoor dubbed “Ljl” against a number of unnamed organizations. Deepwatch’s Adversary Tactics and Intelligence group (ATI) described the findings in an advisory published on Tuesday. After gaining initial
by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just
Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers. “It’s a match” is now a common expression in the dating scene, and
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of
A recent report by Javelin Strategy and Research found that identity theft cost Americans $56 billion in 2020, with imposter scams accounting for 20% of online fraud. While most internet platforms have stringent data security measures in place to curb cyber fraud, they aren’t always fool-proof. Your user information is available online as a result
Security researchers from ThreatLabz have uncovered a new strain of a large-scale phishing campaign using adversary-in-the-middle (AiTM) techniques along with several evasion tactics. According to an advisory published by the company on Tuesday, similar AiTM phishing techniques were used in a separate phishing campaign described by Microsoft last month. Now, ThreatLabz revealed that using intelligence
by Paul Ducklin Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the
Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too. Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with
A Sentinel One investigation revealed threat actors (TA) have been abusing the Windows Defender command line tool to decrypt and load Cobalt Strike payloads. The cybersecurity experts detailed their findings in an advisory last week, in which they said the TA managed to carry out the attacks after obtaining initial access via the Log4Shell vulnerability
by Paul Ducklin Cryptocurrency protocol Nomad (not to be confused with Monad, which is what PowerShell was called when it first came out) describes itself as “an optimistic interoperability protocol that enables secure cross-chain communication,” and promises that it’s a “security-first cross-chain messaging protocol.” In plain English, it’s supposed to let you swap cryptocurrency tokens
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamer’s pc, learn the steps to protect your new PC from cyberthreats. With Windows 11 making headlines for all the right reasons, it could be a great time to invest in a new PC for the family or the
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 – 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize
Security experts from online platform Zscaler have published an analysis of the new variant of the known Raccoon Stealer malware. Writing in an advisory last Friday, Zscaler said the new version of the malware is written in C, unlike previous versions which were mainly written in C++. Raccoon Stealer 2.0 features a new back-end and
by Paul Ducklin The best-known cryptographic library in the open-source world is almost certainly OpenSSL. Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly. Secondly, it’s probably the most widely-publicised, sadly because of a rather nasty bug
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm
The Federal Communications Commission (FCC) has noticed “substantial increases” in complaints about scam robotexts, it warned this week. The Commission issued an alert warning consumers that these texts are on the rise. It added that it was also seeing more reports of scam texts from robocall and robotext blocking services. The FCC tracks consumer complaints rather than
The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. “In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files,” Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The
A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday. Nadler said three hostile actors had breached the Public Access to Court Electronic Records
Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web. Web browsers are our gateway to the digital world. We spend hours on them each day, which makes them not only a vital tool for legitimate users, but a valuable target
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest
- « Previous Page
- 1
- …
- 77
- 78
- 79
- 80
- 81
- …
- 111
- Next Page »