American multinational technology corporation Microsoft has warned thousands of its cloud computing customers that their data could be accessed, altered or erased, according to a report by Reuters. Customers were warned that threat actors could even delete their main database by exploiting a vulnerability in Microsoft Azure’s flagship Cosmos DB database that has been named ChaosDB. The alleged
Security
An entertaining new campaign has been launched to combat the sea of misinformation about coronavirus vaccines on social media that was branded an “infodemic” by the World Health Organization. The Instagram-based campaign was created by healthcare agency FCB Health New York IPG and non-profit group GMHC and is fronted by drag queen and influencer Miz
by Paul Ducklin [02’00”] More money troubles in cryptotown. [10’28”] Trouble with plastic spaghetti. [21’10”] The mouse that conquered Windows. [31’38”] Oh! No! When you report yourself for phishing. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate. It noted that these include phishing emails with malicious attachments to gain
by Paul Ducklin The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE
Personal and clinical data of more than 73,000 patients have been affected by a “sophisticated ransomware cyber-attack” on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information.
A drug dealer has been given a ten-year jail sentence after officers monitored his encrypted communications with other suppliers, according to the National Crime Agency (NCA). Lee Broughton, 40 from Epsom, was sentenced last week at Kingston Crown Court after pleading guilty back in April to supplying cocaine. His case was one of the many that
by Paul Ducklin We all know a sysadmin or two (or three, or four) who are seriously into gaming, and have the cool hardware to prove it… …perhaps including a special chair, dedicated headphones, an ultra-hackable mouse, and an indestructible, mechnically triggered, 6-key-rollover, touch-typist’s keyboard (with multicoloured blank keycaps, configured in COLEMAK format, rather QWERTY
The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security. The security vendor’s AppSec Stats Flash report for August offers a broad view of the current state of application security across various verticals. Most important is
by Paul Ducklin Are you part of the Maker scene? If so, you probably have your very own 3D printer (or, depending on how keen you are, several 3D printers) stashed in your garage, shed, basement, attic or local makerspace. Unlike an old-school 2D plotter than can move its printing mechanism side-to-side and top-to-bottom in
Infosecurity Europe, Europe’s number one information security event, will run from Tuesday 21 to Thursday 23 June 2022 in its new home, ExCeL London. For many years, Infosecurity Europe, organised by RX (Reed Exhibitions), has taken place at London Olympia. The last two editions of the in-person event have been postponed due to COVID-19. According
A former editor of the New York Observer who was pardoned in January for alleged cyber-stalking has been re-charged for a similar, related offense. New Jersey resident Kenneth Kurson, also known as Jayden Wagner and Eddie Train, was charged on October 23, 2020, with cyber-stalking three individuals and harassing two additional people. His alleged victims include his
High school students who raised the alarm after discovering a severe data breach involving teachers’ personal information say they were ignored for months. In January, students at Brooklyn Technical High School reportedly stumbled across a Google Drive containing documents uploaded by staff and students at schools across New York City. Among the documents were college recommendation letters,
by Paul Ducklin Another week, another cryptocurrency catastrophe. Last week’s story was about Chinese cryptocoin smart contract company Poly Networks, which was robbed of about $600 million’s worth of various cryptocurrencies. That heist has turned into an ongoing saga in which, mirabile dictu, the hacker ultimately seems to have agreed to return as much of
Global fines for anti-money laundering (AML) and data privacy compliance breaches have fallen by nearly 50% year-on-year in the first half of 2021, but could bounce back quickly as financial crime continues apace, according to Fenergo. The digital transformation company claimed that 85 individual fines were levied on global financial institutions for breaches of AML, Know
by Paul Ducklin [02’45”] Copyright infringement scams that beg you to call. [09’32”] An IoT bug that could be exploited for video snooping and more. [17’13”] A hacker steals $600m and then makes a song and dance out of giving it back. [26’18”] Oh! No! How Doug’s PS5 issues could have been solved back in
The US Census Bureau has been heavily criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching. Although the attacker was not able to access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report. Fortunately,
The average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually, according to Proofpoint. The security vendor commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. It revealed that
by Paul Ducklin Researchers at security company Mandiant have written up a report about a device-hijack bug in a video sharing and surveillance network called Kalay. Operated by Chinese smart device company ThroughTek, Kalay (which apparently means “handshake” in the Dawu language) is pitched as a cloud-based solution for vendors of home automation devices, including
The UK’s Ministry of Defence (MoD) is calling on startups to help the military reduce its cyber-attack surface by designing a new generation of more secure hardware and software. The MoD’s Defence and Security Accelerator (DASA) issued the call-to-arms on Monday, claiming it is prepared to fund proposals up to £300,000 for a nine-month contract. “The Defence Science and
by Paul Ducklin Copyright scams aren’t new – we’ve written about them many times in recent years. These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order
Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians. The findings revealed the outsized impact ransomware continues to have on
Texts purporting to be from parcel and delivery companies are the most prevalent form of ‘smishing’ scams, according to new data provided to UK Finance by cybersecurity firm Proofpoint. The data showed that over two-thirds (67.4%) of all UK texts reported as spam to the NCSC’s 7726 text messaging system, operated by Proofpoint, during the 30
American tech-driven beauty brand IL MAKIAGE has acquired Israeli deep-tech AI-based computational imaging startup Voyage81 for $40m. IL MAKIAGE, which is based in New York City’s Soho area, was relaunched in 2018 by brother and sister duo Oran Holtzman and Shiran Holtzman-Erel. Two years later, the company became the fastest-growing online beauty brand in the United States. Voyage81
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research. In a survey conducted by the International Data Corporation (IDC), it was found that many organizations that fell victim to ransomware experienced multiple ransomware events. In the
by Paul Ducklin [02’31”] Home and small business routers under attack. [16’22”] A hacking tool favoured by crooks gets hacked. [23’56”] The Navajo Nation’s selfless cryptographic contribution to America. [29’43”] A cybercrook gets aggrieved at being ripped off by cybercrooks. [38’33”] Oh! No! The steaming CEO with the flashing phone. With Doug Aamoth and Paul
A Virginia businessman who conned his victims out of more than a million dollars has been sentenced to prison. Glen Allen resident Gordon G. Miller III was the owner and operator of software engineering company G3 Systems and of purported venture capital company, G3i Ventures, LLC. From 2017, the 56-year-old began running multiple fraud schemes
by Paul Ducklin Remember Mt. Gox? Sure you do! Although it’s usually said aloud as “Mount Gox”, as if it were a topographic feature, it actually started life as MTGOX, short for Magic: The Gathering Online Exchange, where MTG fans could trade cards via the internet. The web domain was eventually repurposed for what was,
Consumer cybersecurity companies NortonLifeLock and Avast have announced an agreement for the Tempe-based cyber safety company to buy the digital security privacy company. NortonLifeLock’s closing share price was $27.20 as of July 13, 2021 — the last trading day before market speculation began — meaning the merger values between $8.1 bn and $8.6 bn. According
by Paul Ducklin Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router. The idea, it seems, was more to learn about the general techniques, tools and procedures available to router hackers than to conduct a security assessment of any particular product. Understandably, therefore,