by Paul Ducklin Even though it’s already Day 4 of Year 2023, some of the important IT/sysadmin/X-Ops security stories of the holiday season are only popping up in mainstream news now. So we though we’d take a quick look back at some of the major issues we covered over the last couple of weeks, and
Security
by Naked Security writer It looks like the sort of meeting room you might find in startups all over the world: diffuse lighting from windows down one wall, alongside a giant poster cityscape of New York’s Brooklyn Bridge, with the Manhattan skyline towering behind it. The difference in this case is that that the computer
A previously unknown strain of Linux malware is targeting WordPress based websites, according to research by cybersecurity firm Dr.Web. Dubbed Linux.BackDoor.WordPressExploit.1, the Trojan targets 32-bit versions of Linux but can also run on 64-bit versions. Its main function is to hack websites based on a WordPress content management system (CMS) and inject a malicious JavaScript
by Paul Ducklin A DAY IN THE LIFE OF A CYBERCRIME FIGHTER Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Click-and-drag on the soundwaves below to skip
by Paul Ducklin PyTorch is one of the most popular and widely-used machine learning toolkits out there. (We’re not going to be drawn on where it sits on the artifical intelligence leaderboard – as with many widely-used open source tools in a competitive field, the answer seems to depend on whom you ask, and which
The FCC is going after an alleged prolific robocall company, with a proposed record-breaking fine in the hundreds of millions of dollars. The regulator said an operation run by Roy Cox, Jr. and Michael Aaron Jones made billions of illegal robocalls via their Sumco Panama company and numerous other entities located in the US, Panama
by Paul Ducklin Remember quantum computing, and the quantum computers that make it possible? Along with superstrings, dark matter, gravitons and controlled fusion (hot or cold), quantum computing is a concept that many people have heard of, even if they know little more about any of these topics than their names. Some us are vaguely
The global political unrest from this year will seep into 2023 with serious ramifications for the security industry, according to Infosecurity Europe’s community of cybersecurity leaders. However, with stricter regulations and developments in Artificial Intelligence (AI) and Machine Learning (ML), CISOs may be in a stronger position to minimise threats next year. The organisers of
by Paul Ducklin It’s the last regular working weekday of 2022 (in the UK and the US, at least), in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year… …so you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What
Geopolitics will continue to have an impact on cybersecurity and the security posture of organizations long into 2023. The impact of global conflicts on cybersecurity was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognize that with this came the threat of Russian-backed
by Paul Ducklin These days, almost every decent app, along with some that are half-decent (as well as a few that aren’t very good at all) will offer you tabbed whateveritis. Even command windows, which used to be just what they said (windows in which one – and only one – command shell was running),
France’s digital privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL), announced on December 22, 2022 it had fined US tech giant Microsoft €60m ($64m), its largest this year, over advertising cookies. The CNIL found that Microsoft’s search engine, Bing, had not set up a system allowing users to refuse cookies as simply
by Paul Ducklin Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has
A prolific botnet that spreads primarily through IoT and web application vulnerabilities has added new exploits and attack capabilities, Microsoft has warned. Zerobot (aka ZeroStresser) is a Go-based botnet sold on the cybercrime underground via a malware-as-a-service model, which makes it relatively easy for its developers to update functionality regularly. Mainly used for distributed denial
by Paul Ducklin Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day
Password management giant LastPass has revealed that hackers that breached the firm in August made off with encrypted customer vault data and unencrypted account information. The update comes after the firm originally said that the incident only resulted in a breach of “source code and some proprietary LastPass technical information.” Then at the end of
The UK’s data protection watchdog has hit out at several newspaper editors for misrepresenting the nature of a draft code of practice for journalists. The Information Commissioner’s Office (ICO) is currently working with the media industry to develop a Journalism Code of Practice. The aim is to help journalists meet their statutory data protection obligations,
US President Joe Biden has signed the Quantum Computing Cybersecurity Preparedness Act into law this week (December 21, 2022). The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches, ahead of ‘Q Day’ – the point at which quantum computers are able to break existing cryptographic
What was just a rumor has been confirmed: employees of ByteDance, the China-based company that owns TikTok and its Chinese counterpart Douyin, accessed data from TikTok to track a Financial Times reporter and a former BuzzFeed reporter in a bid to identify the source of leaks to the media, ByteDance’s general counsel Erich Andersen admitted
by Paul Ducklin Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. Details of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: [A]n unauthorized party gained access to portions of the LastPass development environment through
The FBI has warned that cyber-criminals are using search engine advertisement services to defraud the public. The public service announcement, issued on December 21, 2022, stated that threat actors are purchasing these ad services to impersonate brands for the purpose of luring users to malicious websites. These sites, which “look identical to the impersonated business’s
by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack
A leading pediatric hospital in Canada has been hit by a cyber-attack, causing several network systems to go down. The Hospital for Sick Children, known as SickKids, based in Toronto, Canada, informed the public of the ongoing cyber-incident in a Twitter post on December 20, 2022. It revealed it has activated ‘Code Grey’ – system
by Paul Ducklin Black Friday is behind us, that football thing they have every four years is done and dusted (congratulations – spoiler alert! – to Argentina), it’s the summer/winter solstice (delete as inapplicable)… …and no one wants to get locked out of their social media accounts, especially when it’s the time for sending and
A new security threat to a recently introduced functionality in Amazon Web Services (AWS) has been uncovered by researchers from Mitiga. The attack vector relates to AWS’ Amazon Virtual Private Cloud feature ‘Elastic IP transfer,’ which was announced in October 2022. This feature enables a far easier transfer of Elastic IP addresses from one AWS
by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists
by Paul Ducklin The “Missing Cryptoqueen” saga has made long-term headlines since co-founders Ruja Ignatova and Karl Sebastian Greenwood started a cryptocurrency scam known as OneCoin, way back in 2014. Ignatova, who hails from Bulgaria, and who apparently liked to be known as The Cryptoqueen (her charge sheet even shows that name as an alias),
Ransomware groups are expected to tweak their tactics, techniques and procedures (TTPs) and shift their business models as organizations strengthen their cybersecurity measures, law enforcement gets better at tracking down threat actors and governments tighten regulations on cryptocurrencies, according to Trend Micro’s latest research paper. In the report, published on 15 December and titled The
Social media data analytics tool Social Blade has announced a breach that affected its systems on December 14 and exposed users’ personally identifiable information (PII), which was then offered for sale on the dark web. The company did not issue a public warning about the incident but has warned users directly via email. One of the
Social media giant Meta has awarded a total of $2m as part of its bug bounty program. The total amount since the program’s establishment in 2011 is reportedly $16m. The figures come from a blog post Meta published on Thursday looking back at the highlights from the company’s bug bounty program over the last decade.
- « Previous Page
- 1
- …
- 28
- 29
- 30
- 31
- 32
- …
- 51
- Next Page »