Security

0 Comments
High street retailer Halfords has been fined £30,000 by the UK’s privacy regulator for breaking the law governing nuisance marketing. The bike shop chain sent 498,179 emails to people in July 2020 regarding a “Fix Your Bike” government voucher scheme, according to the Information Commissioner’s Office (ICO). The marketing email encouraged recipients to book a
0 Comments
Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro. The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware
0 Comments
Various law enforcement agencies in Southern California and North Carolina have deployed an obscure cellphone tracking tool dubbed ‘Fog Reveal,’ sometimes without search warrants, a new investigation by the Associated Press (AP) has revealed. The tool gave police offers the ability to search billions of records from 250 million mobile devices and harness the ensuing data
0 Comments
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since. The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cybersecurity firm Redacted, published on September 1, 2022. The majority of the victim
0 Comments
A leading industry standards community has published its first guidelines for the testing of IoT security products, in a bid to drive independent benchmarking and certification efforts. The Anti-Malware Testing Standards Organization (AMTSO) said its Guidelines for Testing of IoT Security Products document was produced with input from testers and vendors. AMTSO board member, Vlad
0 Comments
A US cybersecurity non-profit has launched a new program designed to encourage more diverse candidates into the profession, while tackling persistent skills shortages. The National Cybersecurity Alliance (NCA) announced its Historically Black Colleges and Universities (HBCU) Career Program yesterday. It has been launched in partnership with top HBCUs and cybersecurity vendors including Prairie View A&M, Southern
0 Comments
Google today announced a new program designed to reward researchers that find bugs in its open source projects. The Open Source Software Vulnerability Rewards Program (OSS VRP) will incentivize ethical hackers to make open source code more secure in major projects that Google maintains such as Golang, Bazel, Angular, Fuchsia and Protocol buffers. The OSS
0 Comments
Security researchers have revealed a new phishing campaign targeting Okta identity credentials and connected two-factor authentication (2FA) codes.  The analysis comes from the Group-IB, who said it was particularly interesting because despite using low-skill methods, the campaign was able to compromise a large number of well-known companies. In fact, attackers sent employees of the targeted companies text
0 Comments
Iran-based threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid applications to target organizations in Israel. The news comes from a new advisory from Microsoft’s security researchers, who said on Thursday they could assess with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry
0 Comments
by Paul Ducklin Recent updates to Apple Safari and Google Chrome made big headlines because they fixed mysterious zero-day exploits that were already being used in the wild. But this week also saw the latest four-weekly Firefox update, which dropped as usual on Tuesday, four weeks after the last scheduled full-version-number-increment release. We haven’t written
0 Comments
One of the world’s biggest cosmetics retailers has agreed to pay $1.2 million in penalties and take corrective action after falling foul of the California Consumer Privacy Act (CCPA). Announced by the state’s attorney general, Rob Bonta, this week, the settlement by Sephora is part of the administration’s efforts to enforce a law that came
0 Comments
A maker of optical lenses and related equipment has agreed to pay $16.4m to settle allegations it broke the False Claims Act by paying kickbacks to eye care providers. The Department of Justice (DoJ) alleged the firm “knowingly and willfully offered or paid” optometrists and ophthalmologists to order its products for their customers, who included
0 Comments
Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage. The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital’s business software, storage systems including
0 Comments
The percentage of media companies susceptible to compromise is double the figure across all other sectors, according to a new study from BlueVoyant. The security vendor used its tools to perform a cybersecurity posture analysis on 485 organizations from the media industry to compile its Media Industry Cybersecurity Challenges report. It found that 30% of
0 Comments
Security researchers have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine. Discovered by Sucuri, the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up. These have become increasingly popular over recent years as website owners struggle