What’s worse than a surprise call from a law enforcement official telling you to pay a fine or be forced to serve time? Providing your personal information and paying that fine only to find out that it was all a scam. You didn’t miss jury duty; you didn’t commit a crime — you were just tricked
admin
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. “The exploitation allows threat actors to download the Mirai sample to the ‘/tmp’ folder and execute them after permission change using ‘chmod,'” Trend Micro researchers
The websites of Finland’s defense and foreign affairs were taken offline today following DDoS attacks. The ministries each confirmed the attacks on Twitter earlier today, although the websites now appear to be back up and running. The nation’s Ministry of Defense wrote at 10.45 am GMT: “The Department of Defense website http://defmin.fi is currently under attack. We
by Paul Ducklin German police have located and closed down the servers of Hydra, allegedly one of the world’s biggest underground online stores. Investigators at the Bundeskriminalamt (BKA – the Federal Criminal Police Office) claim that the Russian-language Hydra darkweb site, accessible via the Tor network, had about 17 million customer accounts (many individual buyers
If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet. Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and
As cloud systems are increasingly the bedrock on which digital transformation is built, keeping a close eye on how they are secured is an essential cybersecurity best practice For weeks, cybersecurity experts and government agencies have been urging organizations to enhance their cyber-defenses due to the increased threat of cyberattacks amid Russia’s invasion of Ukraine.
A 32-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for the individual’s criminal work as a “high-level hacker” in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in
At the (ISC)2 Secure London Event today, Laurie-Anne Bourdain, data protection officer at Belgium fintech company Isabel Group, delivered a session on planning and delivering a successful cybersecurity awareness program. Bourdain advised that creating a roadmap is an essential first step in developing a good awareness program. The roadmap requires an understanding of your organization’s
by Paul Ducklin LISTEN NOW [01’34”] LAPSUS$ hacking, 2022-style. [06’11”] Zero-day emergency updates from Apple. [08’46”] Elevation of privilege patches in Android. [09’41”] Bugs fixed in Firefox 99. [11’00”] The SATAN network scanner and its impact on threat reponse. [14’02”] Two confusing bugs in VMware Spring. [20’17”] Old-school hacking, PDP-11 style. Click-and-drag on the soundwaves
Outfitting your smart home could get a whole lot easier this year. A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now. For years, different smart home devices have run on several
ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks The popularity of online shopping has been growing during the past few years, a trend accelerated by the pandemic. To make this already convenient way of never having to leave the couch to buy new things even more convenient, people are increasingly using
During the last week of March, three major tech companies – Microsoft, Okta, and HubSpot – reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the
Security researchers have observed tens of thousands of attempts to exploit the critical new SpringShell (Spring4Shell) vulnerability within days of its publication. Check Point Research claimed to have spotted 37,000 such attempts within the first four days, which it extrapolated to calculate that around 16% of global organizations were affected. Europe accounted for the largest number of incidents
by Paul Ducklin The once-every-four-weeks security update to Mozilla’s Firefox browser officially arrived today. The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the
This month, McAfee celebrates three years of maintaining pay parity. Compensating employees equally for their contributions, regardless of gender or ethnicity, is one of the many ways we create a culture where all can belong and an environment where everyone is valued. But equal pay sounds like a given, right? It absolutely should be. However,
If better privacy and anonymity sound like music to your ears, you may not need to look much further than Tor Browser. Here’s what it’s like to surf the dark web using the browser. When I speak to people about the dark web, many are still very wary of it and often think that it
Threat actors have been distributing malicious applications under the guise of seemingly harmless shopping apps to target customers of eight Malaysian banks since at least November 2021. The attacks involved setting up fraudulent but legitimate-looking websites to trick users into downloading the apps, Slovak cybersecurity firm ESET said in a report shared with The Hacker
Summary Microsoft Azure Active Directory (Azure AD) is an identity and access management solution used by over 88 percent of Fortune 500 companies as of this publication. This market penetration makes Azure AD a lucrative target for threat actors. In the second half of 2021, Secureworks® Counter Threat Unit™ (CTU) researchers analyzed Azure AD tenants
A leading UK high street retailer has been forced to close several stores and part suspend its operations after a cyber-attack, according to reports. The Works, which sells cut-price arts and crafts supplies, reportedly said it had disabled access to computer systems, including email, as a precaution while it investigates. “There has been some limited
by Paul Ducklin The infamous LAPSUS$ gang, whose curious brand of cyberextortion has been linked with intrusions at Microsoft, Samsung, Okta, Nvidia and others, still seems to be on the boil. According to Microsoft’s own analysis of the gang’s intrusion at Microsoft itself, these hackers use a range of social engineering techniques that go beyond
Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world’s largest illegal dark web marketplace. “[543] Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace,” the BKA said in a press release. The agency attributed the shutdown of
Customers of a popular cryptocurrency hardware provider have been urged not to reply to any official-looking emails after a convincing phishing campaign was uncovered. Trezor makes hardware devices that customers can use to store their digital currency – a more secure alternative to the online equivalent. However, over the weekend, several of them complained to the
by Paul Ducklin Tomorrow is 31 March 2022, and the last day of March is World Backup Day… …which is a good time for us to remind you of a little saying that we like. You’ll have heard it before if you listen to the Naked Security Podcast; if so, here it is again, because
Throw open the windows and let in some fresh air. It’s time for spring cleaning. And that goes for your digital stuff too. Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and
An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group
An employee of the United States National Security Agency (NSA) has been accused of sending national defense secrets from his personal email account. A 26-count indictment unsealed Thursday in the District of Maryland alleges that 60-year-old Mark Robert Unkenholz willfully transmitted classified National Defense Information (NDI) on 13 occasions between February 14 2018 and June 1 2020.
by Paul Ducklin VMware Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the “server” part of the process yourself. If you’ve heard the term serveless computing, then this is the sort of programming environment it refers to: the overall
I can remember so clearly the day I got my first mobile phone. I was 21, had just finished university and was beyond excited at the idea of driving around in my red Mazda 121 (bubble car) making calls on my new fancy phone! The fact that it was the size of a brick, didn’t
The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. “Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair
The United States House of Representatives has passed a bill that would change how cybercrime is tracked, measured and reported by the federal government. The Better Cybercrime Metrics Act (S.2629), authored by US senator Brian Schatz, was approved by the House in a bipartisan 377-48 vote on Tuesday. Once signed into law, the bill will encourage local and federal
- « Previous Page
- 1
- …
- 97
- 98
- 99
- 100
- 101
- …
- 116
- Next Page »