A vulnerability in Chromium-based browsers allows web-pages to replace the content of the system clipboard without the user’s consent or interaction. The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post on August 28. The security expert also said the issue affects Apple Safari and Mozilla Firefox as well, but
admin
by Paul Ducklin We don’t often write obituaries on Naked Security, but this is one of the times we’re going to. You might not have heard of Peter Eckersley, PhD, but it’s very likely that you’ve relied on a cybersecurity innovation that he not only helped to found, but also to build and establish across
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for
Various law enforcement agencies in Southern California and North Carolina have deployed an obscure cellphone tracking tool dubbed ‘Fog Reveal,’ sometimes without search warrants, a new investigation by the Associated Press (AP) has revealed. The tool gave police offers the ability to search billions of records from 250 million mobile devices and harness the ensuing data
by Paul Ducklin Here’s an interesting paper from the recent 2022 USENIX conference: Mining Node.js Vulnerabilities via Object Dependence Graph and Query. We’re going to cheat a little bit here by not digging into and explaining the core research presented by the authors of the paper (some mathematics, and knowledge of operational semantics notation is
What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack? As cyber-insurance is, and will continue to be, a budget item for organizations looking to protect themselves from the escalating and unforeseen consequences of cyberattacks, one important question arises –
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. “In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On
“But everyone else has one.” Those are familiar words to a parent, especially if you’re having the first smartphone conversation with your tween or pre-teen. In their mind, everyone else has a smartphone so they want a one too. But does “everyone” really have one? Well, your child isn’t wrong. Our recent global study found
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022. The majority of the victim
by Paul Ducklin LISTEN NOW With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators’ connections to the Russia-based Evil Corp group. The findings suggest that “Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks,” IBM Security X-Force researcher Kevin Henson
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies. With news of data breaches and hacking crusades filling
A leading industry standards community has published its first guidelines for the testing of IoT security products, in a bid to drive independent benchmarking and certification efforts. The Anti-Malware Testing Standards Organization (AMTSO) said its Guidelines for Testing of IoT Security Products document was produced with input from testers and vendors. AMTSO board member, Vlad
by Paul Ducklin Well, we didn’t expect this! Our much-loved iPhone 6+, now nearly eight years old but in pristine, as-new condition until a recent UDI (unintended dismount incident, also known as a bicycle prang, which smashed the screen but left the device working fine otherwise), hasn’t received any security updates from Apple for almost
Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services. There’s no easy way to put it: We’re all going to die. And once dead, why would we care about
Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. “Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services,” Symantec’s Threat Hunter team, a part of Broadcom Software, said in a report shared with The
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today. For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop
A US cybersecurity non-profit has launched a new program designed to encourage more diverse candidates into the profession, while tackling persistent skills shortages. The National Cybersecurity Alliance (NCA) announced its Historically Black Colleges and Universities (HBCU) Career Program yesterday. It has been launched in partnership with top HBCUs and cybersecurity vendors including Prairie View A&M, Southern
by Paul Ducklin Google’s latest Chrome browser, version 105, is out, though the full version number is annoyingly different depending on whether you are on Windows, Mac or Linux. On Unix-like systems (Mac and Linux), you want 105.0.5195.52, but on Windows, you’re looking for 105.0.5195.54. According to Google, this new version includes 24 security fixes,
Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit of retail affiliate programs. “The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,” McAfee researchers Oliver Devane
Authored by Oliver Devane and Vallabh Chole A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000 The extensions offer
Google today announced a new program designed to reward researchers that find bugs in its open source projects. The Open Source Software Vulnerability Rewards Program (OSS VRP) will incentivize ethical hackers to make open source code more secure in major projects that Google maintains such as Golang, Bazel, Angular, Fuchsia and Protocol buffers. The OSS
by Paul Ducklin As you no doubt already know, because the story has been all over the news and social media recently, the widely-known and widely-used password manager LastPass last week reported a security breach. The breach itself actually happened two weeks before that, the company said, and involved attackers getting into the system where
Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of details such as names, gender, email addresses, and phone numbers. The bug
Our phones store a lot of personal data, including contacts, social media account details, and bank account logins. We use our smartphones for everything under the sun, from work-related communication to online shopping. However, like computer viruses, our phones can be vulnerable to malware. Viruses are a type of malware that replicate themselves and spread
Security researchers have revealed a new phishing campaign targeting Okta identity credentials and connected two-factor authentication (2FA) codes. The analysis comes from the Group-IB, who said it was particularly interesting because despite using low-skill methods, the campaign was able to compromise a large number of well-known companies. In fact, attackers sent employees of the targeted companies text
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to
Data brokers are companies that collect your information from a variety of sources to sell or license it out to other businesses. Before they can pass your data along, brokers analyze it to put you into specific consumer profiles. Consumer profiles help businesses suggest products you might like and create targeted marketing campaigns based on
The threat actor known as TeamTNT has been targeting cloud instances and containerized environments on systems around the world for at least two years. The findings come from CloudSEK security researchers, who posted an advisory on Thursday detailing a timeline of TeamTNT attacks from February 2020 until July 2021. According to the report, the group’s Github
- « Previous Page
- 1
- …
- 85
- 86
- 87
- 88
- 89
- …
- 123
- Next Page »