Two new senior cybersecurity appointments have been announced by the United States Department of Homeland Security. Former lead solution engineer at Salesforce, David Larrimore, has been named as the Department’s chief technology officer. Between 2016 and 2019, Larrimore occupied the same position at the Immigration and Customs Enforcement (ICE) component. Other roles held by Larrimore include an
Security
by Paul Ducklin [02’00”] Security code flushes out security bugs. [15’48”] Recursion: see recursion. [26’34”] Phishing (and lots of it). [33’09”] Oh! No! The Windows desktop that got so big it imploded. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to
Tech giant Apple has announced that eight US states will start accepting driver’s licenses and other state IDs that are stored on iPhones and Apple Watch. Arizona and Georgia will be the first states to allow their residents to use this system, and will be followed by Connecticut, Iowa, Kentucky, Maryland, Oklahoma and Utah. The
by Paul Ducklin A researcher at vulnerability and red-team company Rapid7 recently uncovered a pair of risky security bugs in a digital home security product. The first bug, reported back in May 2021 and dubbed CVE-2021-39276, means that an attacker who knows the email address against which you registered your product can effectively use your
A team of researchers at a UK university have designed a new device, which they claim will mitigate the risk of malicious USB drives. The “external scanning device” was designed at Liverpool Hope University and will soon go into production, having been granted a patent by the Indian government. It has been engineered to overcome
The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data from NCC Group. Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter (22%) of data leaks in
by Paul Ducklin You must have had that happy feeling (happiest of all when it’s still a day or two to payday and you know that your balance is paper-thin) when you’re withdrawing money from a cash machine and, even though you’re still nervously watching the ATM screen telling you that your request is being
Scores of ransomware attacks on US schools and colleges last year may have cost them over $6bn, according to a new report published today. Security testing site Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time. Rransom costs are
The US Air Force has chosen a town nicknamed “Danger City” to be the location for the Air National Guard’s first Cyber Warfare Wing. Mansfield has around 50,000 inhabitants and is situated in the northeastern part of Ohio, midway between Columbus and Cleveland. According to local beer-maker, the Phoenix Brewing Company, the town earned its ominous nickname
American multinational technology corporation Microsoft has warned thousands of its cloud computing customers that their data could be accessed, altered or erased, according to a report by Reuters. Customers were warned that threat actors could even delete their main database by exploiting a vulnerability in Microsoft Azure’s flagship Cosmos DB database that has been named ChaosDB. The alleged
An entertaining new campaign has been launched to combat the sea of misinformation about coronavirus vaccines on social media that was branded an “infodemic” by the World Health Organization. The Instagram-based campaign was created by healthcare agency FCB Health New York IPG and non-profit group GMHC and is fronted by drag queen and influencer Miz
by Paul Ducklin [02’00”] More money troubles in cryptotown. [10’28”] Trouble with plastic spaghetti. [21’10”] The mouse that conquered Windows. [31’38”] Oh! No! When you report yourself for phishing. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate. It noted that these include phishing emails with malicious attachments to gain
by Paul Ducklin The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE
Personal and clinical data of more than 73,000 patients have been affected by a “sophisticated ransomware cyber-attack” on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information.
A drug dealer has been given a ten-year jail sentence after officers monitored his encrypted communications with other suppliers, according to the National Crime Agency (NCA). Lee Broughton, 40 from Epsom, was sentenced last week at Kingston Crown Court after pleading guilty back in April to supplying cocaine. His case was one of the many that
by Paul Ducklin We all know a sysadmin or two (or three, or four) who are seriously into gaming, and have the cool hardware to prove it… …perhaps including a special chair, dedicated headphones, an ultra-hackable mouse, and an indestructible, mechnically triggered, 6-key-rollover, touch-typist’s keyboard (with multicoloured blank keycaps, configured in COLEMAK format, rather QWERTY
The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security. The security vendor’s AppSec Stats Flash report for August offers a broad view of the current state of application security across various verticals. Most important is
by Paul Ducklin Are you part of the Maker scene? If so, you probably have your very own 3D printer (or, depending on how keen you are, several 3D printers) stashed in your garage, shed, basement, attic or local makerspace. Unlike an old-school 2D plotter than can move its printing mechanism side-to-side and top-to-bottom in
Infosecurity Europe, Europe’s number one information security event, will run from Tuesday 21 to Thursday 23 June 2022 in its new home, ExCeL London. For many years, Infosecurity Europe, organised by RX (Reed Exhibitions), has taken place at London Olympia. The last two editions of the in-person event have been postponed due to COVID-19. According
A former editor of the New York Observer who was pardoned in January for alleged cyber-stalking has been re-charged for a similar, related offense. New Jersey resident Kenneth Kurson, also known as Jayden Wagner and Eddie Train, was charged on October 23, 2020, with cyber-stalking three individuals and harassing two additional people. His alleged victims include his
High school students who raised the alarm after discovering a severe data breach involving teachers’ personal information say they were ignored for months. In January, students at Brooklyn Technical High School reportedly stumbled across a Google Drive containing documents uploaded by staff and students at schools across New York City. Among the documents were college recommendation letters,
by Paul Ducklin Another week, another cryptocurrency catastrophe. Last week’s story was about Chinese cryptocoin smart contract company Poly Networks, which was robbed of about $600 million’s worth of various cryptocurrencies. That heist has turned into an ongoing saga in which, mirabile dictu, the hacker ultimately seems to have agreed to return as much of
Global fines for anti-money laundering (AML) and data privacy compliance breaches have fallen by nearly 50% year-on-year in the first half of 2021, but could bounce back quickly as financial crime continues apace, according to Fenergo. The digital transformation company claimed that 85 individual fines were levied on global financial institutions for breaches of AML, Know
by Paul Ducklin [02’45”] Copyright infringement scams that beg you to call. [09’32”] An IoT bug that could be exploited for video snooping and more. [17’13”] A hacker steals $600m and then makes a song and dance out of giving it back. [26’18”] Oh! No! How Doug’s PS5 issues could have been solved back in
The US Census Bureau has been heavily criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching. Although the attacker was not able to access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report. Fortunately,
The average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually, according to Proofpoint. The security vendor commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. It revealed that
by Paul Ducklin Researchers at security company Mandiant have written up a report about a device-hijack bug in a video sharing and surveillance network called Kalay. Operated by Chinese smart device company ThroughTek, Kalay (which apparently means “handshake” in the Dawu language) is pitched as a cloud-based solution for vendors of home automation devices, including
The UK’s Ministry of Defence (MoD) is calling on startups to help the military reduce its cyber-attack surface by designing a new generation of more secure hardware and software. The MoD’s Defence and Security Accelerator (DASA) issued the call-to-arms on Monday, claiming it is prepared to fund proposals up to £300,000 for a nine-month contract. “The Defence Science and
by Paul Ducklin Copyright scams aren’t new – we’ve written about them many times in recent years. These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order