Mobile banking and finance apps have become increasingly popular in recent years. These apps provide a quick and convenient way to see checking and savings account balances and make and receive payments. It’s no surprise that many people use these third-party apps to manage their finances. In 2021, the U.S. saw 573.1 million finance app
admin
Threat modeling is an approach that can potentially be overly complicated, but it doesn’t have to be that way, according to Alyssa Miller, business information security officer (BISO) at S&P Global Rating, in a session at the RSA Conference 2022, Miller also explained an approach for plain language threat modeling that can help accelerate DevSecOps efforts.
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system “leverages an in-home hub to pre-process and minimize outgoing data in a structured and
If you’re like most people, you probably use your computer for most of your online activities. It’s amazing what the internet can do to make our lives easier. But if you’ve spent any time online, you know the internet also comes with some risks. Malware (or malicious software) is one risk of living a connected
In the immediate wake of a ransomware attack, you can bet that the C-suite is going to panic and demand an immediate fix. Carol Barkes, a conflict resolution consultant, talked about the physiological considerations a CISO should think about when dealing with a panicked C-suite Carol Barkes is the best-selling author of NeuroMediation. She is
by Paul Ducklin SSN is an abbreviation that’s specific to America, and DOB is shorthand that’s specific to the English language. Nevertheless, their meanings are widely known throughout the world, not least because of their widespread use in reports and discussions about identity theft and cybercrime. SSN is short for Social Security Number, which is
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited to stash a malicious executable
If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world. Many Windows 10 users have also been upgraded to Windows 11 through a rollout that began in 2021. Microsoft plans to complete the Windows update by mid-2022. Unfortunately, its success
Bryan Palmer, CEO of Trellix, delivering his keynote at RSA Conference The cybersecurity industry must capitalize on the exodus of technologists leaving their roles in social media companies seeking soulful work by welcoming and converting them. This was the sentiment of Bryan Palmer, CEO of Trellix, as he delivered his keynote on 07 June 2022
by Paul Ducklin Over on our sister site, Sophos News, we’ve just published some fascinating and informative insights into cybercriminals… …answering the truly practical question, “How do they do it?” In theory, the crooks can (and do) use any and all of thousands of different attack techniques, in any combination they like. In real life,
Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk There’s an old adage in cybersecurity that humans are the weakest link in the security chain. That’s increasingly true, as threat actors compete to exploit credulous or careless employees. But
The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. “These actors have shifted away from using exclusive ransomware variants to LockBit — a
Cyber-threat intelligence firm Checkpoint Research (CPR) spotted a critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones. The components, which replaced MediaTek’s chips in the aforementioned devices due to global shortages, have been marked as threat vectors due to a stack overflow vulnerability. More specifically, due to
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf –
Hybrid working and cloud migration during the course of the pandemic has led to a surge in DNS-related attacks, with application downtime and data theft a major consequence, according to IDC. The analyst’s 2022 Global DNS Threat Report is sponsored by security vendor efficientIP and compiled from interviews with over 1000 global organizations with more
An “extremely sophisticated” Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that’s delivered by means of man-on-the-side attacks. “This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads,” Russian cybersecurity company Kaspersky said in a new report. “Such attacks are
Congratulations! You reached 10,000 steps today! It’s a great feeling when a wearable fitness device vibrates to let you know when you hit the day’s fitness goal. The digital fireworks display that lights up your watch’s screen is a signal that you should keep on moving to challenge yourself more … or spend the rest
Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’36”] This Week in Tech. Naming a computer after a famous scientist doesn’t always help. [02’25”] The wacky but dangerous 0-day hole in Windows. [14’14”] Supply chain attacks and the crooks who orchestrate
It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict On January 14th this year, a raid by Russian law enforcement authorities made headlines all over the world, as it resulted in the arrests of 14 members of the infamous Sodinokibi/REvil ransomware gang. The crackdown came
Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.
The growing number of internet crimes targeting senior adults is mind-blowing. In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020. These numbers tell us a few things. They tell
Connecticut Governor Ned Lamont officially signed into law the Public Act No. 22-15, titled ‘An Act Concerning Personal Data Privacy and Online Monitoring’ on May 10. Commonly referred to as the Connecticut Privacy Act (CTPA), the new legislation provides consumers with enhanced privacy rights, including the right of access, rectification and deletion of data. It also provides the
by Paul Ducklin Software development and colloboration toolkit behemoth Atlassian is warning of a dangerous zero-day in its collaboration software. There’s no alert about the bug visible on the company’s main web page, which features the company’s best-known tools JIRA (an IT ticketing system) and Trello (a discussion board), but you’ll find Confluence Security Advisory
A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses As the ESET research team released its T1 2022 Threat Report this week, Tony reviews the key trends and developments that defined the threat landscape in the first four months
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10
There were multiple times during my digital parenting journey when I would have loved to put my head in the sand. Pretend that life was easy and that my kids weren’t going to grow up and want devices and to join social media. But I didn’t. I couldn’t. With four kids who had technology running
The latest phase of the UK government-backed Digital Security by Design (DSbD) program will see 10 companies experimenting with prototype cybersecurity technology designed to radically strengthen computers’ underlying hardware. The technology, developed by semiconductor and software design company Arm in collaboration with researchers from the University of Cambridge, is known as Capability Hardware Enhanced RISC Instructions (CHERI). This
by Paul Ducklin Just as the dust started to settle on the weirdly-named Follina vulnerability… … along came another zero-day Windows security hole. Sort of. We’re not convinced that this one is quite as dramatic or as dangerous as some of the headlines seem to suggest (which is why we carefully added the words “sort
- « Previous Page
- 1
- …
- 92
- 93
- 94
- 95
- 96
- …
- 118
- Next Page »