LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. “The affiliates that use LockBit’s services conduct their attacks according to their preference and use different tools and techniques to achieve their goal,” Cybereason security analysts Loïc Castel
admin
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have
Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom. The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool. “The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they
Scammers don’t take the summer off – be on your guard when buying your Crit’Air sticker If you drive your own vehicle in certain regions of France at certain times, you will need to purchase a special ‘clean air sticker’ called Crit’Air or risk facing a fine from the French government. Similar schemes already exist
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. “Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker’s machine,” Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as
A fake LinkedIn job offer was the reason behind Axie Infinity’s $600m hack, according to a new investigation by The Block. The digital assets-focused outlet said on Wednesday that while the US government attributed the attack to the North Korean hacker group Lazarus, full details of how the exploit was executed had not been disclosed. The Block said that according
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Vacations are a great time to unwind, but if you’re not careful, you may face a digital disaster. Here’s how to keep your devices and data secure while you’re on the move Vacations are the perfect time to unwind, but if you’re not careful, you may face a digital disaster. Being outside of their normal
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that’s behind a Windows malware with worm-like capabilities. Describing it as a “persistent” and “spreading” threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable
Fewer people carry cash these days, kids included. This growing paperless reality fast-forwards the parenting task of educating kids on financial responsibility. As of 2021, most cash apps allow kids 13 and up to open accounts (previously, the age was 18). Kids can also get a cash app debit card for retail purchases. But while
Apple has announced a new set of iPhone features called “Lockdown Mode.” Unveiled in a blog post on Wednesday, Lockdown Mode will land on iOS 16, iPadOS 16, and macOS Ventura devices in the fall of this year, and offer a number of security features. Apple called the mode an “extreme, optional level of security
by Paul Ducklin Remember the Log4Shell bug that showed up in Apache Log4j late in 2021? Log4j is one of the Apache Software Foundation’s many software projects (more than 350 at current count), and it’s a programming library that Java coders can use to manage logfiles in their own products. Logfiles are a vital part
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. “North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records
It’s a question we get a lot from parents: “How can I keep my kids safe when they are constantly hopping between so many different apps?” We get it, there’s a lot to stay on top and all of it changes constantly. Unfortunately, that question doesn’t have a simple answer. But there are some baseline
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory suggesting North Korean state-sponsored cyber actors are using the Maui ransomware to target Healthcare and Public Health (HPH) Sector organizations in the US. According to the document – a joint effort between CISA, the Federal Bureau of Investigation (FBI) and the Department of
by Paul Ducklin Just over a week ago, the newswires were abuzz with news of a potentially serious bug in the widely-used cryptographic library OpenSSL. Some headlines went as far as describing the bug as a possibly “worse-than-Heartbleed flaw”, which was dramatic language indeed. Heartbleed, as you may remember, was an incredibly high-profile data leakage
Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed Last year, Facebook Marketplace passed one billion global users. In so doing, it’s become a giant of the consumer-to-consumer space, allowing individual Facebook users to buy from and sell to each other
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against “highly targeted cyberattacks.” The “extreme, optional protection” feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats
In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging. We took a moment to ask our event guest speaker, Leslie
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer. The four selected encryption algorithms will now reportedly become part of NIST’s post-quantum cryptographic (PQC) standard, which should be finalized in about two years. More specifically, for
by Paul Ducklin Google’s latest update to the Chrome browser fixes a varying number of bugs, depending on whether you’re on Android, Windows or Mac, and depending on whether you’re running the “stable channel” or the “extended stable channel“. Don’t worry if you find the the plethora of Google blog posts confusing… …we did too,
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes
NATO has announced plans to develop virtual rapid response capabilities “to respond to significant malicious cyber activities.” The plans were unveiled in a declaration published following the NATO Summit in Madrid, Spain, last week. The latest summit took on extra significance in light of the Russian invasion of Ukraine earlier this year, amid fears of the conflict
by Paul Ducklin If you’re a Naked Security Pocast listener, you may remember, back in March 2022, that we spoke about a convicted cybercriminal from Canada by the name of Sebastien Vachon-Desjardins. By all accounts, he was part of several so-called Ransomware-as-a-Service (RaaS) gangs, such as REvil and NetWalker, where the actual ransomware attackers act
One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? We all know cyber is a critical element of business risk. But how critical? Some boardrooms seem to pay little more than lip service to security and still manage to avoid serious repercussions. That’s
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to
CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. The module reportedly has hidden desktop takeover capabilities that would be
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a “simplified and unified management experience that’s the same in Chrome and Android settings,” Ali Sarraf, Google Chrome product manager, said in a blog post.
Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable
by Paul Ducklin The US Federal Bureau of Investigation (FBI) famously maintains a Ten Most Wanted Fugitives list. Currently, nine of them are men, suspected of 22 different offences between them: Accessory After the Fact Aiding and Abetting Armed Robbery Cocaine Importation Conspiracy Conspiracy to Commit Murder-for-Hire Conspiracy to Commit Violent Crimes in Aid of
- « Previous Page
- 1
- …
- 88
- 89
- 90
- 91
- 92
- …
- 118
- Next Page »