Security

0 Comments
Three individuals including a married couple have been arrested in connection with a fraud scheme that may have cost several companies millions of dollars. Officers from the UK’s National Crime Agency (NCA) searched two properties in Loughborough and Lytham St Annes, arresting a man in his fifties and his wife, as well as a second
0 Comments
Recorded business email compromise (BEC) attacks increased by more than 81% during 2022 and by 175% over the past two years, with open rates on malicious emails also surging, according to Abnormal Security. The security vendor analyzed data from its customers to help compile its H1 2023 threat report, Read Alert. It found the median
0 Comments
by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium
0 Comments
A government-backed competition to encourage school-aged children to pursue a career in cybersecurity persuaded thousands across the UK to enter this year. Thirteen teams were named champions of their region at the 2023 CyberFirst Girls Competition finals last weekend, with more than 8700 entering the contest, according to the National Cyber Security Centre (NCSC). After
0 Comments
The developer of several stalkerware apps has been handed a fine of nearly half a million dollars and told to modify the software. A consortium of 16 companies owned by Patrick Hinchy produced snooping apps Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint and TurboSpy. These enabled customers to secretly monitor a comprehensive
0 Comments
Threat actors have been observed using malvertising attacks to distribute virtualized .NET malware loaders dubbed “MalVirt.” According to a Thursday advisory by SentinelOne, the new loaders leverage obfuscated virtualization techniques to avoid detection. “The loaders are implemented in .NET and use virtualization, based on the KoiVM virtualizing protector of .NET applications, in order to obfuscate
0 Comments
The UK’s data protection and privacy regulator will no longer fine public electronic communications service providers (CSPs) if they fail to report a data breach within 24 hours. The Information Commissioner’s Office (ICO) said that as long as CSPs – including mobile carriers and ISPs – report any incidents to it within 72 hours they
0 Comments
North Korean state-backed hackers and insecure decentralized finance (DeFi) protocols helped to make 2022 a record year for cryptocurrency heists, according to Chainalysis. The blockchain analysis company teased the figures ahead of an upcoming annual crypto crime report. A total of $3.8bn was stolen from cryptocurrency firms last year, 82% of which resulted from targeting
0 Comments
Security researchers have discovered underground cybercrime sites selling cheating services, leaked courses and fake certificates to help unscrupulous individuals gain security qualifications and/or a leg up in their careers.  Dov Lerner, head of threat research at Cybersixgill, said in a new report out today that his team found fake CompTIA CySA+ diplomas, among other security-related
0 Comments
Russian hacktivists appear to have been busy again after reports suggested several hospital websites across the US and the Netherlands were downed by distributed denial of service (DDoS) attacks. University of Michigan Hospital and Stanford Health Care Center were among the targeted facilities in the current campaign, which hit a handful of hospitals in the
0 Comments
by Paul Ducklin Samba, simply put, is a super-useful, mega-popular, open-source reimplementation of the networking protocols used in Microsoft Windows, and its historical importance in internetworking (connecting two different sorts of network together) cannot be underestimated. In the late 1990s, Microsoft networking shed its opaque, proprietary nature and became an open standard known as CIFS,
0 Comments
Security experts have warned of several new apps available on Google Play which purport to help the user develop healthy habits in return for rewards, but in reality just bombard them with irritating ads. Lucky Habit: health tracker, Lucky Step-Walking Tracker and WalkingJoy have garnered over 20 million downloads for what appears to be the same
0 Comments
by Naked Security writer Six months ago, according to the US Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) infiltrated the Hive ransomware gang and started “stealing back” the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two
0 Comments
Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. “During our security research of popular web applications, we discovered several code vulnerabilities in OpenEMR,” Brinkrolf wrote. “A combination of
0 Comments
Global law enforcers celebrated this week after revealing a coordinated operation to disrupt the Hive ransomware variant. The ransomware-as-a-service (RaaS) outfit has targeted more than 1500 victims in over 80 countries since June 2021, making an estimated $100m in the process, according to the Department of Justice (DoJ). Victims included hospitals, schools, financial firms and critical infrastructure
0 Comments
The volume of publicly reported data breaches and leaks remained at a near-record level in 2022, although consumers and businesses are being let down by the paucity of information provided by breached companies, according to the Identity Theft Resource Center (ITRC). The non-profit’s 2022 Data Breach Report is compiled from company announcements, mainstream news media,
0 Comments
A leading US gaming company is primed to respond to any new cheats that may emerge for its titles following a ransomware compromise last week. California-based Riot Games said yesterday that it had received a ransom demand, which it would not pay. However, the data taken by its extorters may create problems for the firm in
0 Comments
by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a