by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’24”] Computer Science in the 1800s. [02’56”] Fixing Follina. [08’15”] AirTag stalking. [16’22”] ID theft site seizure. [19’41”] The Law of Big Numbers versus SMS scams. With Doug Aamoth and Paul Ducklin. Intro
admin
Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? One of the key findings from the ESET Threat Report T1 2022 is that the Emotet botnet has risen, Phoenix-like, from the ashes, pumping out vast amounts of
Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the
The topic most top of mind today for HR professionals is keeping and acquiring great talent. One of the most important elements of doing both is providing a desirable and meaningful set of employee benefits. Digital Wellness is a New Pillar in the Employee Benefits Space The idea of Digital Wellness isn’t exactly brand new,
Free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public, according to an investigation by Cybernews. The cache of 18.5GB connection logs allegedly contained more than 25 million records, which included user device and Play Service IDs, connection timestamps, IP addresses and more. Cybernews said it found the
by Paul Ducklin A few hours ago, we recorded this week’s Naked Security podcast, right on Patch Tuesday itself. It was just after 18:00 UK time when we hit the mics, which meant it was just after 10:00 Microsoft HQ time, which meant we had access to this month’s official June 2022 Security Updates bulletin
How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer At the RSA Conference 2022, the techno-geekery center of the security universe, the halls once more pulse with herds of real aching-feet attendees slurping up whatever promises to be the
A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware “utilizes its built-in concurrency features to maximize spreadability and execute malware modules” and “harvests SSH keys to perform lateral movement.” The feature-packed botnet, which
Authored by Jyothi Naveen and Kiran Raj McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam operations is
A new report by Telstra Purple’s security forum ClubCISO suggested material security has significantly improved over the last year, driven by a positive shift in organizational influence by chief information security officers (CISOs). The survey analyzed the answers of more than 100 information security executives from private and public organizations worldwide. The majority (54%) said that “no material
by Paul Ducklin Marion County, right in the middle of the US state of Indiana, and home to the state’s capital Indianapolis, is also currently home to a tragic court case. (Thanks to fellow writers at The Register for that link – we couldn’t get to the official court site while we were writing this
Technology is understandably viewed as a nuisance to be managed in pursuit of the health organizations’ primary mission For understandable reasons, health delivery organizations center their focus on helping sick people, rather than on fiddling with information technology. Technology is seen as frictional annoyance to be managed in pursuit of their primary goal, so it
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. “With the consequent access to the victims’ mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and
The great thing about the internet is that there’s room for everyone. The not-so-great part? There’s plenty of room for cybercriminals who are hungry to get their hands on our personal information. Fortunately, internet scams don’t have to be a part of your online experience. In this article, we’ll tell you about some of the
Apple CEO Tim Cook wrote a letter to the US Senate last week to call for stronger privacy legislation at the federal level. The letter, which was first obtained by MacRumors, comes after the release of a draft of the “American Data Privacy and Protection Act” (ADPPA) bipartisan bill. The drafted legislation examines and discusses several facets of
by Paul Ducklin On Thursday this week (16 June 2022 at 15:00 UK time), we’re holding a free webinar in which we’ll give you a live explanation and demonstration of the “Follina” vulnerability. Although this bug is fairly easy to deal with (a simple registry change rolled out via Group Policy will largely immunise your
Five years ago, ESET researchers released their analysis of the first ever malware that was designed specifically to attack power grids On June 12th 2017, ESET researchers published their findings about unique malware that was capable of causing a widespread blackout. Industroyer, as they named it, was the first known piece of malware that was
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims’ funds. Said to be first discovered in March 2022, the cluster of activity “hint[s] to a strong relationship with a
Say you’re getting married. You and your partner have booked the venue, made the seating arrangements, trained your dog to be the ring bearer – and everything is running smoothly. You’ve used a trusty wedding planning website to make everything a breeze. Nothing could ruin this day for you! Except, there’s an uninvited guest. They’re
There has been much activity in recent years around the use of blockchain to provide more integrity and privacy to transactions, but there are some privacy issues organizations need to know about. In a session at the RSA Conference 2022, Jim Amsler, director governance, risk and compliance, at BDO and Greg Schu, partner, national compliance lead,
Digital fiddling somehow got mixed up in a real war This year at the RSA Conference, it’s hard to shake off the fact that all this digital fiddling somehow got mixed up in a real war. I imagine this sort of fantasy where techno purveyors never really thought the cool stuff they were doing would
Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. “As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals
The explosion of e-commerce sites has changed how we shop today, providing access to millions of online stores with almost unlimited selections. Just as you would take basic precautions in a brick-and-mortar store — perhaps hiding your PIN number while paying and making sure the business is legitimate — you should also practice safe shopping
A new advanced persistent threat (APT) actor dubbed Aoqin Dragon and reportedly based in China, has been linked to several hacking attacks against government, education and telecom entities mainly in Southeast Asia and Australia since 2013. The news comes from threat researchers Sentinel Labs, who published a blog post on Thursday describing the decade-long events. “We assess
API-based data transfer is so rapid, there’s but little time to stop very bad things happening quickly In the rush to integrate, these lightly defended computer-to-computer portals allow rapid data transfer between systems to enrich and display data across your digital fabric. But the lightly defended part can allow vast vacuuming up of data by
A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages “speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity,”
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol of a person’s popularity. Instagram’s large user base has not gone unnoticed to cybercriminals. McAfee’s Mobile Research Team recently found new Android
There are a few bad IT practices that are dangerous for any organization and particularly for organizations in critical industries like healthcare. At the RSA Conference 2022, Donald Benack, deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), and Joshua Corman, founder of I am the Cavalry, outlined what the US Government sees as
Here are three themes that stood out at the world’s largest gathering of cybersecurity professionals Having just come back from the RSA Conference 2022, Tony looks at three themes that stood out to him at the world’s largest gathering of cybersecurity professionals: the shortage of cybersecurity talent and its ramifications how technology companies attempt to
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a
- « Previous Page
- 1
- …
- 91
- 92
- 93
- 94
- 95
- …
- 118
- Next Page »