Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure. While in some parts of the world kids have already returned to their classrooms, in virtual form or in person, in others they are just gearing
Cyber Security
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users. Twitter has unveiled a new feature called Safety Mode aimed at curbing abusive behavior, by autoblocking any unwanted tweets and other forms of online harassment. Currently the feature is available to a handful of users.
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods The Cybersecurity and Infrastructure Security Agency (CISA) has added the use of single-factor authentication to its brief list of bad practices that it considers to be exceptionally risky when it comes to cybersecurity. “Single-factor authentication is a common low-security
ESET’s cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec’s vaccine proof apps VaxiCode and VaxiCode Verif. The launch of the mobile applications allowing the storage and verification of the vaccination passport by the Quebec government (VaxiCode and VaxiCode Verif) has caused a lot of ink to flow last week. It is with good reason; the
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. Any narrative about cybersecurity in 2020 is naturally going to focus on the COVID-19 pandemic. This once-in-a-generation crisis and the digital transformation it accelerated both broadened corporate attack surfaces
The man was after sexually explicit photos and videos that he would then share online or store in his own collection A California man has fessed up to breaking into the Apple iCloud accounts of hundreds of individuals and downloading more than 620,000 images and 9,000 videos while on the prowl for nude photos of
Meet SparklingGoblin, a member of the Winnti family ESET researchers have recently discovered a new undocumented modular backdoor, SideWalk, being used by an APT group we’ve named SparklingGoblin; this backdoor was used during one of SparklingGoblin’s recent campaigns that targeted a computer retail company based in the USA. This backdoor shares multiple similarities with another
The caches of data that were publicly accessible included names, email addresses and social security numbers A total of 38 million records stored across hundreds of Microsoft Power Apps portals have been found sitting unprotected on the internet. The treasure trove of data included a variety of personally identifiable information (PII) ranging from names and
One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin Are you a serial shredder or do you tend not to bother thinking about what personal data is thrown in the waste? Have you ever thought what a cybercriminal could do after simply
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage Japanese cryptocurrency exchange platform Liquid has fallen victim to enterprising hackers who compromised its warm wallets and made off with more than US$97 million in various cryptocurrency assets. “At roughly 7:50 AM SGT on August 19th, Liquid’s Operations and
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands Firstly, the answer to the question is likely to be ‘yes’. The debate on ransomware payments continues, which, of course, is positive; with discussion and differing viewpoints put forward, an informed conclusion
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries. The scammers focused
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication A terrorist watchlist containing almost 2 million records sat exposed and unsecured on the internet for a period of three weeks between July 19th and August 9th. The watchlist is said to come from the Terrorist
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers ESET researchers have discovered and analyzed a previously undocumented backdoor, implemented as an extension for Internet Information Services (IIS), Microsoft’s web server software. The backdoor, which we
A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim The infosec community has long been warning that ransomware has the potential to grow into the number one cyberthreat for business. However, since ransom demands were low and malware
As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands Over the past few pieces of this mini-series on hybrid working, we’ve explored the potential cyber-risks posed by humans and their use of cloud and other services. But what about
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites ESET researchers have discovered and analyzed a previously undocumented server-side trojan that manipulates search engine results by hijacking the reputation of the websites it compromises. We named the trojan IISerpent to highlight its two
As fraud involving highly believable synthetic media soars, what can you do to avoid getting scammed? Deepfake renditions of loved ones saying they’ve been kidnapped paint a grim picture of what future deepfakes – specially constructed videos from real data – purport to bring next to technology. After machine learning ingests the droves of images
How peering into the innards of a future satellite can make cybersecurity in space more palatable Here at DEF CON 29, the Aerospace Village is alive and well, and aside from the repeated wailing of the neighboring car hacking village setting the car alarm off every 30 seconds, the hardware sitting here, called a Flat
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information ESET researchers have discovered and analyzed a previously undocumented trojan that steals payment information from e-commerce websites’ customers. The trojan, which we named IIStealer, is detected by ESET security solutions as Win64/BadIIS.
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge? Here at Black Hat, the CISA keynote promises to deliver increased cooperation within government agencies over cybercriminals, especially those focused on critical infrastructure and ransoms against systems that might cripple the country. But that’s not
Why companies and their security teams need to engage with a lawyer before an incident occurs Presentations at Black Hat often involve slides full of data or code. Rarely, or maybe never, have I seen a slide that details parts of a policy, contract or general legal text. Nick Merker, a partner at ICE Miller
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls. Every day my inbox seems to receive more and more spam. Understanding what generates it and how to avoid it is essential in the
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year? Black Hat this year is, well, sparse. I get it… With masks at every turn and some attending virtually, it’s hard to have a conference, especially with the uncertainty of
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK. Golf clubs and cybercrime couldn’t really sound further apart, but when it comes to cybersecurity, businesses of all sizes are targets and their owners must never assume anything is completely watertight. Golf is, however, more associated with business, so when I was recently asked to investigate and test the cybersecurity of an
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. Summer vacation planning is in full swing, and most of us are looking to travel again while adhering to the preventive measures that countries have in place regarding the COVID-19 pandemic. And traveling, of course, means looking for
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can – willingly or unwitingly – pose. The old adage “a chain is only as strong as its weakest link” is regularly repurposed for discussions about cybersecurity. It couldn’t
Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on. Amazon is the largest online marketplace in the world boasting over US$386 billion in revenue in 2020 with 200 million subscribers to its Amazon Prime service just in the United States. And that’s just a
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet The leading cybersecurity and law enforcement agencies from the United States, the United Kingdom, and Australia have issued a joint cybersecurity advisory focusing on the top 30 vulnerabilities that were commonly abused by threat actors over
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option According to the data shared by Twitter in its recently released transparency report, the popular social network’s users are reluctant to adopt two-factor authentication (2FA) to bolster their account security. In fact, the report paints