by Paul Ducklin This month’s scheduled Firefox release is out, with the new 102.0 version patching 19 CVE-numbered bugs. Despite the large number of CVEs, the patches don’t include any bugs already being exploited in the wild (known in the jargon as zero-days), and don’t include any bugs labelled Critical. Perhaps the most significant patch
Security
An analysis from cybersecurity firm Cyble has found over 900,000 Kubernetes (K8s) exposed across the internet and thus vulnerable to malicious scans and/or data-exposing cyberattacks. The researchers clarified that while not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practices might make companies lucrative targets for threat actors (TA) in
by Paul Ducklin Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and sextortionists. Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime: Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a
by Paul Ducklin Another day, another De-Fi (decentralised finance) attack. This time, online smart contract company Harmony, which pitches itself as an “open and fast blockchain”, has been robbed of more than $80,000,000’s worth of Ether cryptocoins. Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony’s website, you’ll probably end up totally
An unidentified hacker group has stolen more than $100m from Californian cryptocurrency firm Harmony. The company made the announcement last Thursday in a Twitter thread, saying they had identified a theft occurring on the Horizon bridge amounting to approximately $100m. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the
Organizations need to change their approach to security awareness and training to reduce the threat of phishing attacks and other risks based on human behavior. Tim Ward, CEO of Think Cyber Security, told attendees at Infosecurity Europe 2022 that security teams can “nudge” colleagues towards more secure behavior. This will be more effective than conventional
The second day of InfoSecurity Europe 2022 saw Geoff White, investigative journalist and author of Penguin Books’ The Lazarus Heist, discuss how government-sponsored cyber-attackers increasingly interact with organized crime gangs, operating seamlessly on a global scale. White also touched upon the emerging world of cryptocurrency theft. In illuminating the increasing connection between cybersecurity and geopolitical
The closing keynote discussion of the InfoSecurity Europe 2022 conference was titled ‘Next Generation, Next Challenges, New Opportunities’ and was moderated by Eleanor Dallaway, editorial director of Infosecurity Magazine. Dallaway was joined onstage by specialists Marc Avery, CISO & director, Cyber Chain Alliance, Jonathan Kidd, global CISO, Computershare and Chris Green, head of PR and
by Paul Ducklin If you’re an OpenSSL user, you’re probably aware of the most recent high-profile bugfix release, which came out back in March 2022. That fix brought us OpenSSS 3.0.2 and 1.1.1n, updates for the two current fully-supported flavours of the product. (There’s a legacy version, 1.0.2, but updates to that version are only
On the third and final day of InfoSecurity Europe 2022, Sarb Sembhi, global CISO of Aireye, moderated the keynote panel discussion titled ‘Boosting SME’s Cyber Security Strategy.’ Sembhi was accompanied by fellow experts Milos Pesic, vice president of InfoSec & CyberSec at Marken, Diane Abela, chief information security officer at AccuRx and Vincent Blake, VP, digital technology security officer &
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Duck gets behind the Ducks. [01’34”] 2000 phone scammers arrested in Interpol action. [11’12”] A three-year-old hacking case ends in conviction. [17’13”] Canadian financial company picks up enormous data breach fine. With
Organizations are still neglecting to secure their supply chains, according to panellists at a session during Infosecurity Europe 2022. Panel chair and security consultant Peter Yapp warned that fewer than 10% of organizations have reviewed their suppliers’ security. “Attacks on the supply chain will only increase,” he said. Firms face a growing volume of attacks
Organizations face three emerging threats that compromise identities, exploit the use of accomplices or insiders and evade current detection and defenses, according to security researcher Oliver Rochford. During his insight stage talk at Infosecurity Europe, Rochford, security evangelist at Securonix, said that a growing number of criminal groups are acting as initial access brokers (IABs).
by Paul Ducklin Remember the Capital One breach? We did, though we felt sure it had happened a long time ago. Indeed, when we checked, it had: the story first broke almost three years ago, back in July 2019. At the time, the company reported: Capital One Financial Corporation announced […] that on July 19,
Web developer ‘z0ccc’ has created a website designed to generate a fingerprint of devices based on Google Chrome extensions installed on the visiting browser. In an exclusive email interview with Bleeping Computer, z0ccc said while the website does not store the fingerprint of visiting devices, the testing shows that information could be potentially used by
by Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to
Content management system (CMS) provider WordPress has forcibly updated over a million sites to patch a critical vulnerability affecting the Ninja Forms plugin. The flaw was spotted by the Wordfence threat intelligence team in June and documented in an advisory by the company on Thursday. In the document, Wordfence said the code injection vulnerability made it
A California man was sentenced to time in prison Wednesday after hacking thousands of iCloud accounts, stealing people’s nude images and videos and sharing them with conspirators. Hao Kuo Chi, acting under the online name of ‘icloudripper4you’, would have illegally obtained the iCloud credentials of approximately 4700 victims and shared their content with other people
Microsoft added a new known issue affecting its operating systems’ Wi-Fi hotspot feature to its official Health Dashboard page. Affecting Windows 10 and 11 machines, the bug would have been introduced with a Windows update the company released earlier this month. “After installing KB5014697, Windows devices might be unable [to] use the Wi-Fi hotspot feature.”
A group of cybersecurity researchers from Dr. Web claims to have spotted a number of apps on the Google Play Store in May with built-in adware and information-stealing malware. The most dangerous of these apps, according to the report, is spyware tools capable of stealing information from other apps’ notifications, mainly to capture one-time two-factor authentication (2FA) one-time
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’24”] Computer Science in the 1800s. [02’56”] Fixing Follina. [08’15”] AirTag stalking. [16’22”] ID theft site seizure. [19’41”] The Law of Big Numbers versus SMS scams. With Doug Aamoth and Paul Ducklin. Intro
Free VPN software provider BeanVPN has reportedly left almost 20GB of connection logs accessible to the public, according to an investigation by Cybernews. The cache of 18.5GB connection logs allegedly contained more than 25 million records, which included user device and Play Service IDs, connection timestamps, IP addresses and more. Cybernews said it found the
by Paul Ducklin A few hours ago, we recorded this week’s Naked Security podcast, right on Patch Tuesday itself. It was just after 18:00 UK time when we hit the mics, which meant it was just after 10:00 Microsoft HQ time, which meant we had access to this month’s official June 2022 Security Updates bulletin
A new report by Telstra Purple’s security forum ClubCISO suggested material security has significantly improved over the last year, driven by a positive shift in organizational influence by chief information security officers (CISOs). The survey analyzed the answers of more than 100 information security executives from private and public organizations worldwide. The majority (54%) said that “no material
by Paul Ducklin Marion County, right in the middle of the US state of Indiana, and home to the state’s capital Indianapolis, is also currently home to a tragic court case. (Thanks to fellow writers at The Register for that link – we couldn’t get to the official court site while we were writing this
Apple CEO Tim Cook wrote a letter to the US Senate last week to call for stronger privacy legislation at the federal level. The letter, which was first obtained by MacRumors, comes after the release of a draft of the “American Data Privacy and Protection Act” (ADPPA) bipartisan bill. The drafted legislation examines and discusses several facets of
by Paul Ducklin On Thursday this week (16 June 2022 at 15:00 UK time), we’re holding a free webinar in which we’ll give you a live explanation and demonstration of the “Follina” vulnerability. Although this bug is fairly easy to deal with (a simple registry change rolled out via Group Policy will largely immunise your
There has been much activity in recent years around the use of blockchain to provide more integrity and privacy to transactions, but there are some privacy issues organizations need to know about. In a session at the RSA Conference 2022, Jim Amsler, director governance, risk and compliance, at BDO and Greg Schu, partner, national compliance lead,
A new advanced persistent threat (APT) actor dubbed Aoqin Dragon and reportedly based in China, has been linked to several hacking attacks against government, education and telecom entities mainly in Southeast Asia and Australia since 2013. The news comes from threat researchers Sentinel Labs, who published a blog post on Thursday describing the decade-long events. “We assess
There are a few bad IT practices that are dangerous for any organization and particularly for organizations in critical industries like healthcare. At the RSA Conference 2022, Donald Benack, deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), and Joshua Corman, founder of I am the Cavalry, outlined what the US Government sees as
- « Previous Page
- 1
- …
- 39
- 40
- 41
- 42
- 43
- …
- 51
- Next Page »