by Paul Ducklin Remember Mt. Gox? Sure you do! Although it’s usually said aloud as “Mount Gox”, as if it were a topographic feature, it actually started life as MTGOX, short for Magic: The Gathering Online Exchange, where MTG fans could trade cards via the internet. The web domain was eventually repurposed for what was,
Security
Consumer cybersecurity companies NortonLifeLock and Avast have announced an agreement for the Tempe-based cyber safety company to buy the digital security privacy company. NortonLifeLock’s closing share price was $27.20 as of July 13, 2021 — the last trading day before market speculation began — meaning the merger values between $8.1 bn and $8.6 bn. According
by Paul Ducklin Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router. The idea, it seems, was more to learn about the general techniques, tools and procedures available to router hackers than to conduct a security assessment of any particular product. Understandably, therefore,
The owner of a martial arts academy in Florida is in custody after allegedly installing hidden cameras in the restroom to spy on students. Police in Broward County arrested 64-year-old martial arts instructor Robert Danilo Franco on Friday. An investigation was launched after a 17-year-old female student spotted the devices and tipped off police. Investigators said the
Autonomous farming equipment that can be controlled remotely now helps to feed humanity. But what if that farming equipment were hacked? On August 8, at the DEF CON 29 conference, an Australian researcher known only as ‘Sick Codes‘ detailed what he referred to as a “tractor load of vulnerabilities” that, if exploited by an attacker,
by Paul Ducklin [00’26”] Timezone curiosities – when modular arithmetic gets weird [04’38”] Microsoft researcher found Apple 0-day in March, didn’t report it [13’18”] Retro computing – the TRS-80 arrived in August 1977 [19’17”] BazarCaller – the crooks who talk you into infecting yourself [33’02”] Oh! No! A billionaire… but only for 5 minutes With
There may be little if any argument about the vast impact that social media platforms have on the lives of hundreds of millions of people around the world. Social media has also had a profound influence on elections. In a session at the DEF CON 29 conference on August 7, Sebastian Bay, a researcher at
No attack type has been as impactful as ransomware in 2021. According to a panel of experts at the DEF CON 29 conference, the rising notoriety and impact of ransomware in 2021 has accelerated the need for both government and the private sector to act—though there was no clear consensus on the panel on exactly
by Paul Ducklin If you like a touch of irony in your cybersecurity news, then this has been the week for it. Yesterday, we wrote about an exploitable security hole… …inside a hacking tool that helps you exploit security holes. Today, we’re writing about a ransomware-related data breach that leaked organisational information… …from inside a
by Paul Ducklin If you’re a regular reader of Naked Security and Sophos News, you’ll almost certainly be familiar with Cobalt Strike, a network attack tool that’s popular with cybercriminals and malware creators. For example, by implanting the Cobalt Strike “Beacon” software on a network they’ve infiltrated, ransomware crooks can not only surreptitiously monitor but
The United States has been given leave to appeal a British court’s decision not to extradite WikiLeaks founder Julian Paul Assange to America. In Westminster Magistrate’s court in January, district judge Vanessa Baraitser ruled that Australian citizen Assange should not be extradited to the United States to face 17 charges under the Espionage Act and one charge under the
The Biden administration has announced the cancellation of a $10bn massive cloud-computing contract awarded to Microsoft. After Microsoft won a lengthy bidding process for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract in 2019, competing contractor Amazon Web Services (AWS) complained that the decision wasn’t fair. Yesterday the DoD issued a statement declaring that the contract had passed its sell-by date
The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research. The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data. A key finding of the
Cyber-scammers are exploiting public interest in the latest Marvel movie to spread malware infections. The eagerly anticipated premiere of Disney’s Black Widow is scheduled to take place simultaneously offline in movie theaters and online via streaming services tomorrow. However, cyber-criminals have been illegally monetizing interest in the new flick for months, according to research by
A new study has revealed that nearly all security professionals operating in a multi-cloud environment believe it’s riskier than relying on a single cloud provider. The research, published today by global security and compliance solutions provider Tripwire, is based on a June 2021 survey of 314 security professionals with direct responsibility for the security of public cloud
Nearly two-thirds (36%) of IT leaders are not disclosing breaches for fear that they may lose their job, complicating efforts to enhance security, according to new research. Keeper Security polled 1000 UK IT decision-makers at businesses of between 100 and 5000 employees to compile its 2021 Cybersecurity Census Report. It revealed that security breaches are widespread: 92%
The UK’s data protection regulator has launched an investigation into whether the former health secretary broke the law in using his private email account to conduct official departmental business. Concerns were raised by the Labour Party late last month after Matt Hancock resigned following leaked CCTV footage showing the married Tory MP in a romantic
Microsoft has now released a patch for all Windows versions affected by the PrintNightmare zero-day, but researchers have already found a way to bypass the fix in attacks. As predicted, Microsoft this week pushed an out-of-band patch for CVE-2021-34527, which now has a CVSS “high severity” score of 8.2. The incomplete initial release on Tuesday
by Paul Ducklin You’re almost certainly familiar with vishing, a phone-based scam in which cybercriminals leave messages on your voicemail in the hope that you’ll call them back later to find out what’s going on. In fact, if you have a long-standing phone number, like we do, you may well get more of these scam
by Paul Ducklin [01’08”] Apple’s emergency 0-day fix. [08’51”] A new sort of Windows nightmare, this one not involving printers. [20’39”] Another new sort of Windows nightmare, also with no printers. [27’37”] Twitter hacker busted. [34’50”] Oh! No! Our very own Doug ruins a brand new TV. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
by Paul Ducklin Yesterday, we wrote about a vaguely mysterious zero-day patch pushed out by Apple. Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the “fix list,” and even by Apple’s brisk and efficient bug-listing standards, the
by Paul Ducklin You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities. First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path). Now, however, it’s Apple’s turn
by Paul Ducklin French researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far as we can tell), involves what’s known as an NTLM relay attack,
by Paul Ducklin You can probably guess what we mean by “Twitter hack“. Some data breaches involve millions or even billions of accounts, perhaps compromised by a leaky cloud storage server or a poorly-secured customer database. In contrast, the Twitter hack we’re referring to ultimately led to the takeover of just 45 accounts. But what
by Paul Ducklin [00’38”] Learning from computer virus history. [02’26”] The PrintNightmare saga continues. [05’27”] Apple puts out a patch, but doesn’t say why. [08’12”] Snitch on a crook and earn $10 million. [17’50”] Scammars do grammer and speeling correctly. [25’12”] And the Business Email Compromise that wasn’t. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the
by Paul Ducklin As if one Windows Nightmare dogging all our printers were not enough… …here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry. Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact that Windows stores its registry
by Paul Ducklin It’s already nearly two months since Apple’s last security update to iOS 14, which was back on 2021-05-24 when iOS 14.6 appeared. So we weren’t surprised to see that another patch is out, officially listed [2021-07-19] as covering iOS (now on 14.7), tvOS (now also 14.7) and watchOS (now on 7.6). Annoyingly,
by Paul Ducklin [01’32”] We explain how a format string bug could lock your iPhone out of your own network. [08’53”] We revisit the PrintNightmare saga, which is sort-of fixed but not really. [12’50”] We look back at the 20-year-old Code Red virus. [18’30”] We look at what cybercriminals spend money on (hint: more cybercrime). [29’10”] And in this week’s “Oh! No!”, we learn
by Paul Ducklin Just over a week ago, we wrote about the REvil ransomware gang’s latest braggadoccio. As you probably know, ransomware operators like REvil, Clop and others don’t generally work on the front line themselves by conducting the actual network intrusions that deliver the final ransomware warhead. Instead, they recruit teams of “attack affiliates”
by Paul Ducklin “It never rains but that it pours,” as the old weather adage goes. That’s certainly how Microsoft must be seeing things right now, following the official announcement of yet another unpatched vulnerability in the Windows Print Spooler service. Dubbed CVE-2021-34481, this one isn’t quite as bad as the previous PrintNightmare problems, because