Security

by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a

The UK’s data protection regulator has shared seven tips for SMBs, designed to save them time and money and boost customer confidence. The UK’s SMB community numbers over 5.5 million firms – amounting to over 99% of all businesses in the country. Yet many don’t have the in-house knowledge and resources to ensure they stay

by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps

A leading California-based gaming developer has admitted that a serious cyber-attack on its systems has halted all updates. Tencent-owned Riot Games, which produces popular titles like League of Legends and Valorant, explained briefly what happened in a series of tweets on Friday. “Earlier this week, systems in our development environment were compromised via a social

UK postal service Royal Mail announced on January 18, 2022, that it has resumed some “limited” international shipping following the ransomware attack that hit the company on January 11. These limited services include “International Standard and International Economy letters which do not require a customs declaration” and “International Business Standard (untracked) and International Business Economy

WhatsApp has been hit with a €5.5m ($5.9m) fine for GDPR violations by Ireland’s Data Protection Commission (DPC). In addition to the fine, WhatsApp Ireland has been directed to bring its data processing operations into compliance within six months. The case showcased significant disagreements between European data protection authorities about the extent of WhatsApp’s liability.

by Paul Ducklin US mobile phone provider T-Mobile has just admitted to getting hacked, in a filing known as an 8-K that was submitted to the Securities and Exchange Commission (SEC) yesterday, 2023-01-19. The 8-K form is described by the SEC itself as “the ‘current report’ companies must file […] to announce major events that

T-Mobile has admitted that tens of millions of customers had their personal and account information accessed by a malicious actor via an API. The US mobile carrier explained in an SEC filing yesterday that the attack began “on or around” November 25 2022, but was not discovered until January 5 2023, after which time T-Mobile

by Paul Ducklin GUESS YOUR PASSWORD? NO NEED IF IT’S STOLEN ALREADY! Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? Click-and-drag on the soundwaves below to skip to any point. You can

Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted 422 malicious npm packages focused mainly on data exfiltration via typosquatting or “dependency confusion attacks.” Additionally, it found 58 malicious packages in PyPI,

Some 94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA. The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice. It found that, although

by Paul Ducklin Earlier this month, the NortonLifeLock online identity protection service, owned by Arizona-based technology company Gen Digital, sent a security warning to many of its customers. The warning letter can be viewed online, for example on the website of the Office of the Vermont Attorney General, where it appears under the title NortonLifeLock

Security researchers detected twice as many cases of corporate access being sold on the dark web by initial access brokers (IABs) last year as during the previous 12 months, with the number of brokers also surging. Group-IB spotted 2348 instances of IAB sales activity between H2 2021 and H1 2022, with the number of countries

by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted,

TikTok has been fined €5m ($5.4m) by the French data protection regulator for failing to provide users with enough information on the purpose of cookies on its site or give them an easy way to decline those cookies. The Commission Nationale de l’Informatique et des Libertés (CNIL) said the multimillion-dollar fine was levied at TikTok UK

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes. Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have

The pro-Russia hacktivist group known as NoName057(16) has recently started new attacks against organizations and businesses across Poland, Lithuania and other countries. Most recently, the group began targeting the websites of the Czech presidential election candidates. According to SentinelOne, who discovered the new campaigns, the group conducted these campaigns by using public Telegram channels, a distributed

The Guardian has confirmed that threat actors stole the personal data of UK staff members during the ransomware attack that affected its systems on December 20, 2022. The updates come from The Guardian Media Group’s chief executive, Anna Bateson, and The Guardian‘s editor-in-chief, Katharine Viner, who emailed staff members on Wednesday. The executives have described

by Paul Ducklin THE CRYPTO CRISIS THAT WASN’T Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good

A new advanced persistent threat (APT) group dubbed ‘Dark Pink’ by Group-IB (and ‘Saaiwc Group’ by Chinese cybersecurity researchers) has been spotted targeting various entities across Asia-Pacific and Europe, mainly with spear phishing techniques. According to a new advisory published by Group-IB earlier today, Dark Pink began operations as early as mid-2021, although the group’s

by Paul Ducklin JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation. JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility.

The US Supreme Court gave the green light on Monday for WhatsApp to pursue a lawsuit against NSO Group, the Israeli surveillance company, for installing the Pegasus spyware on roughly 1400 devices where WhatsApp was also installed. More specifically, the court has ruled that WhatsApp is allowed to sue for damages ensued by the malicious installation

by Paul Ducklin As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page. (The website itself says 2283, but the CSV export contained 2875 lines, where the first line

by Paul Ducklin If you’re a programmer, whether you code for a hobby or professionally, you’ll know that creating a new version of your project – an official “release” version that you yourself, or your friends, or your customers, will actually install and use – is always a bit of a white-knuckle ride. After all,

The South African threat actors known as “Automated Libra” have been improving their techniques to exploit cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors have used a new Captcha-solving system alongside a more aggressive use of CPU resources for mining and the mix of “freejacking” with the

US-based health and human services organization Maternal & Family Health Services (MFHS) has reported being hit by a ransomware attack. The non-profit made the announcement on Thursday, saying its systems were compromised between August 21, 2021, and April 4, 2022. An investigation launched in April last year revealed the attack may have exposed sensitive information

Ongoing hacking campaigns orchestrated by the threat actor group Blind Eagle (also known as APT-C-36) have been spotted targeting individuals across South America. Security experts from Check Point Research (CPR) unveiled the findings in a new advisory published on Thursday, describing a novel infection chain involving an advanced toolset. “For the last few months, we have

Meta’s instant messaging subsidiary WhatsApp has officially introduced proxy support, reportedly to tackle internet disruption tactics used by repressive governments. The company made the announcement in a blog post on Thursday, saying the new feature is designed to put the power into people’s hands to maintain access to WhatsApp if their connection is blocked or

by Paul Ducklin There’s been a bit of a kerfuffle in the technology media over the past few days about whether the venerable public-key cryptosystem known as RSA might soon be crackable. RSA, as you probably know, is short for Rivest-Shamir-Adleman, the three cryptographers who devised what turned into an astonishingly useful and long-lived encryption

Threat actors have exploited Fortinet Virtual Private Network (VPN) devices to try and infect a Canadian-based college and a global investment firm with ransomware. The findings come from eSentire’s Threat Response Unit (TRU), which reportedly stopped the attacks and shared information about them with Infosecurity ahead of publication. eSentire said the threat actors tried to