by Paul Ducklin Cryptocurrency protocol Nomad (not to be confused with Monad, which is what PowerShell was called when it first came out) describes itself as “an optimistic interoperability protocol that enables secure cross-chain communication,” and promises that it’s a “security-first cross-chain messaging protocol.” In plain English, it’s supposed to let you swap cryptocurrency tokens
admin
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamer’s pc, learn the steps to protect your new PC from cyberthreats. With Windows 11 making headlines for all the right reasons, it could be a great time to invest in a new PC for the family or the
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 – 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize
Security experts from online platform Zscaler have published an analysis of the new variant of the known Raccoon Stealer malware. Writing in an advisory last Friday, Zscaler said the new version of the malware is written in C, unlike previous versions which were mainly written in C++. Raccoon Stealer 2.0 features a new back-end and
by Paul Ducklin The best-known cryptographic library in the open-source world is almost certainly OpenSSL. Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly. Secondly, it’s probably the most widely-publicised, sadly because of a rather nasty bug
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm
The Federal Communications Commission (FCC) has noticed “substantial increases” in complaints about scam robotexts, it warned this week. The Commission issued an alert warning consumers that these texts are on the rise. It added that it was also seeing more reports of scam texts from robocall and robotext blocking services. The FCC tracks consumer complaints rather than
The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. “In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files,” Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The
A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday. Nadler said three hostile actors had breached the Public Access to Court Electronic Records
Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web. Web browsers are our gateway to the digital world. We spend hours on them each day, which makes them not only a vital tool for legitimate users, but a valuable target
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest
A bill designed to increase visibility of foreign ransomware attackers has passed in the US House of Representatives. The Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (also known as the RANSOMWARE Act) will make it easier for the US to respond to ransomware attacks from foreign
by Paul Ducklin If you’ve ever watched a professional plumber at work, or a plasterer, or a bricklayer, or the people who deftly use those improbably long sticks to craft paper-thin pancakes the size of a bicycle wheel… …you’ve probably had the same thoughts that we have. I could do that. I really could. But
Cybercriminals exploited a vulnerability to steal the equivalent of 18M$ from the NFT music streaming platform Audius, while other cyberthreats related to crypto makes the news. This week, the NFT music streaming platform Audius was the victim of a cyberattack. Criminals exploited a vulnerability to steal the equivalent of 18M$ from the platform. This type of attack
A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that’s capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize their batteries for device management. However, this malware hides and continuously show advertisements to victims. In addition, they run malicious services automatically
Police in Spain have arrested two people on suspicion of hacking the country’s Radioactivity Alert Network (RAR). The RAR, operated by Spain’s General Directorate of Civil Protection and Emergencies, is a network of gamma radiation sensors. It monitors parts of Spain – which operates nuclear power plants – for excessive radiation. The two individuals are
by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could
A database containing 5.4m Twitter users’ data is reportedly for sale on a popular criminal forum. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems reported in January. The seller, using the nickname ‘devil,’ advertised the data on the Breached Forums site and demanded at least $30,000 for it.
by Paul Ducklin Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. The name, in case you’ve ever wondered, is a happy-sounding and easy-to-say derivation from
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash For today’s consumers, convenience is king. And at the heart of the digital experiences that make our lives easier sits the
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. “All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others,” Dr.Web said in a Tuesday write-up. While
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may
Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cybersecurity company Vade today. The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.
by Paul Ducklin It’s time for this month’s scheduled Firefox update (technically, with 28 days between updates, you sometimes get two updates in one calendar month, but July 2022 isn’t one of those months)… …and the good news is that the worst bugs listed, which get a risk category of High, are those found by
Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what’s the very
We all love to spend time surfing the web — whether we’re shopping, paying bills, or reacting to funny memes. The internet has also allowed many of us to keep working from home even during the pandemic. The internet is great, but the best way to keep enjoying it is to know where and how
The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for protecting healthcare data. The draft update will provide a more practical guide for healthcare providers to comply with government rules on personal health data security, it claimed. The initial draft of the document is titled ‘Implementing the Health Insurance Portability and
by Paul Ducklin Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have
- « Previous Page
- 1
- …
- 87
- 88
- 89
- 90
- 91
- …
- 120
- Next Page »