Security

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL

A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used phishing and other means to obtain user credentials from January 2011 to

The Spanish government has sacked its spy chief Paz Esteban amid a dual phone-hacking scandal involving Pegasus spyware, the country’s defense minister said today. The National Intelligence Center (CNI) that Esteban headed faced controversy recently for reportedly using Pegasus, developed by Israel’s NSO Group, to spy on leaders of the Catalan independence movement. CNI was

by Paul Ducklin If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline. The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide. DarkSide is

by Paul Ducklin Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with

Russians tuning in to view the country’s Victory Day parade today were shocked to find anti-war messages after the country’s television listings system was hacked. The hack affected several major networks, including Channel One, Rossiya-1 and NTV-Plus, the BBC reported. The name of every program was replaced with a message stating, per the BBC’s translation: “On your

A trainee solicitor and special police constable has been handed a two-year suspended sentence after using encrypted channels to post messages about child sexual abuse. Jack Mallinson, 26, who was employed by West Yorkshire Police while training to be a solicitor, was arrested on January 7 2021 by officers from the UK’s National Crime Agency

The US National Institute of Standards and Technology (NIST) has updated its guidance on supply chain cybersecurity. The revised publication, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, gives organizations key practices to adopt as they manage cybersecurity risks across their supply chains. In particular, it advises organizations to consider vulnerabilities in the components of a

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’23”] Fun Fact. What comes after “123”? [01’57”] World Password Day. (We still need it!) [04’20”] GitHub authentication troubles. [11’55”] This Week in Tech History. Sasser, the sassy Windows worm. [15’55”] Firefox hits

IKEA says that it has notified Canada’s privacy watchdog following a large data breach involving the personal information of approximately 95,000 customers. In a statement, the furniture retailer said that some of its customers’ personal information appeared in the results of a “generic search” performed by a co-worker at IKEA Canada between March 1-3 using

by Paul Ducklin Remember the jokes (OK, they were sold as “jokes” when you were at school to add a touch of excitement to Eng. Lang. lessons) about creating valid and allegedly meaningful sentences with a single word repeated many times? There’s an very dubious one with the word BUFFALO seven times in a row,

The owner of a Delaware computer repair shop, who alerted the FBI to the contents of a laptop reportedly owned by President Joe Biden’s son, Hunter, is suing a politician and several news media outlets for allegedly defaming him. John Paul Mac Isaac said Hunter’s MacBook Pro was dropped off at his shop in April 2019 and

by Paul Ducklin Back in the late 1960s and the start of the 1970s (or so we’ve heard), primary school children in the UK got a special treat. Unlike their parents and grandparents before them, they were exempted from learning how to do calculations involving money. Their teachers were no longer expected to show them

Privacy and data security concerns have been raised over a plan to link South African phone users’ biometric data to their SIM cards. The proposal by the Independent Communications Authority of South Africa (ICASA) was among a list of draft regulations published by the watchdog for public commentary in March. If approved, it would give

by Paul Ducklin Google’s May 2022 updates for Android are out. As usual, the core of Android received two different patch versions. The first is dubbed 2022-05-01, and contains fixes for 13 CVE-numbered vulnerabilities. Fortunately, none of these are currently being exploited, meaning that there are no zero-day holes known this month; none of them

A former executive of eBay has pleaded guilty to taking part in a disturbing cyber stalking campaign waged against a married couple from Massachusetts. The couple’s terrifying experience began after they wrote about eBay in an online newsletter aimed at eBay sellers, which they edited and published.  Under the campaign, parcels with horrifying contents were anonymously sent

by Paul Ducklin Firefox has followed Chromium to the century mark, reaching a score of 100* with its latest scheduled almost-monthly release. For readers without the sporting good fortune of living in a cricket-playing country, an individual score of 100 in a single innings, known as a century or a ton, is considered a noteworthy

Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles. In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices.  The minister for the presidency, Félix Bolaños, said that the

A Texas school district employee has tendered their resignation after being caught secretly mining cryptocurrency on school premises.  Pings picked up by Galveston Independent School District’s firewall a couple of weeks ago aroused the suspicion of the district’s IT department. An investigation into the activity determined that multiple cryptocurrency mining machines were operating on the

The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) are coming together to tackle cyber threats facing the bioeconomy.  The partnership, which aims to protect economic activity in the United States involving the use of biotechnology and biomass in the production of goods, services or energy, was announced on Thursday. 

A cyber-attack on a hotel reservation system has exposed the personal data of thousands of guests who stayed at upscale Finnish hotels. News of the security incident, which has impacted at least five hotels, was first reported by Finnish news agency MTV on Tuesday.  Between February 10 and 14, cyber-attackers exploited a vulnerability to hack

by Paul Ducklin Early in April 2022, news broke that various users of Microsoft’s GitHub platform had suffered unauthorised access to their private source code. GitHib has now updated its incident report to say that it is “in the process of sending the final expected notifications to GitHub.com customers who had either the Heroku or

A woman from Los Angeles, who coughed on an Uber driver in a video that went viral last spring, has been accused of stealing the identity of her former neighbor.  Arna Kimiai, known on social media as ‘Cough Girl,’ was charged over the March 7 2021 incident involving San Francisco Uber driver, Subhakar Khadka. A video shared

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL

An Israeli private investigator could spend the next 27 years in prison after pleading guilty to taking part in an international fraud and hacking conspiracy. Aviram Azari was arrested in Manhattan, New York, in 2019 and charged with conspiracy to commit computer hacking, aggravated identity theft, and wire fraud.  The 50-year-old private detective, who served in a

by Paul Ducklin Even if you’re not a native speaker of English, you’ve probably heard the curious saying, “It’s a bit of a Curate’s Egg”, referring to something about which you’re determined to keep a positive public attitude, even if your immediate private reaction was to be disappointed. The saying has certainly stood the test

The British Army’s online recruitment portal has been offline for more than a month following a data breach.  Officials shut the computerized enrollment system down in the middle of March as a precaution after the personal data of more than 100 army recruits was found being offered for sale on the dark web. An investigation

by Paul Ducklin We’re sure you’ve heard of the KISS principle: Keep It Simple and Straightforward. In cybersecurity, KISS cuts two ways. KISS improves security when your IT team avoids jargon and makes complex-but-important tasks easier to understand, but it reduces security when crooks steer clear of mistakes that would otherwise give their game away.

Email accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. In a data security notice on its website, the healthcare provider disclosed that the actor was able to access a limited number of email

An American respiratory care provider is facing multiple lawsuits over a data breach that allegedly exposed the personal information of more than 300,000 current and former patients. SuperCare Health, headquartered in Downey, California, began notifying patients of a data security incident in late March. According to a notice on the healthcare provider’s website, SuperCare Health discovered unauthorized activity on