Leading Slovak computer scientist Mária Bieliková shares her experience working as a woman driving technological innovation and reflects on how to inspire the next generation of talent in tech It’s no secret that women continue to be underrepresented in the ranks of technologists. Indeed, with the scales traditionally tipped towards men, we may not always realize
A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what’s called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX,
Ukraine’s national telecommunications provider has been hit by a significant cyber-attack, leading to the “most severe” disruption to internet connectivity in the region since the start of the conflict with Russia. Ukrtelecom, the country’s biggest provider of fixed internet in terms of geographic coverage, confirmed the incident yesterday and said it is gradually restoring connectivity
by Paul Ducklin Last time we reported on a Chrome zero-day flaw was back in February 2022. Back then, Google noted that the Chrome browser – and, by implication, all other browsers based on the Chromium-project code and its underlying Blink rendering engine – had been patched against a range of memory mismanagement bugs that
Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security It is generally understood that the world is deeply interconnected, especially when it comes to energy supplies and the global energy trade. Maintaining complex, but reliable business and nation-state relationships has been central to
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. “Transparent Tribe has been a highly active APT group in the Indian subcontinent,” Cisco Talos researchers said in an analysis shared with
An Estonian man has been sentenced to over five years behind bars for his role in a wide-ranging online fraud and ransomware campaign. Maksim Berezan, 37, was arrested in Latvia and extradited to the US, where he pleaded guilty in April 2021 to conspiracy to commit wire fraud affecting a financial institution and conspiracy to
Editor’s Note: This is the third in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique of conversation hijacking (also known as thread hijacking),” Israeli company Intezer said in a report
Finding someone who hasn’t heard of TikTok in 2022 would be quite the achievement. As one of the most popular social media platforms of the moment, it is not only being used by our tweens, teens and even grownups to connect but also as a crucial way to tell important stories amidst a backdrop of
A patrolman at a Sheriff’s Office in Florida has been arrested on suspicion of sending sexually explicit images to a 16-year-old high school student. Clay County resident Alejandro Carmona-Fonseca had worked for the Jacksonville Sheriff’s Office for 15 years before his arrest on March 15. During that time, he was the subject of 28 complaints from his
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. “The malicious activity represents one of the first public examples
No one likes the feeling that someone is looking over their shoulder when they work, shop or surf online. But this is just what crooks and scammers do without our knowledge using “spyware.” Spyware is a piece of software that can covertly gather information on you. It can track the websites you visit and even
A United States Senate committee has questioned whether a new data label created to protect sensitive information is being abused by the Pentagon to prevent the disclosure of important information to the public. The Senate Armed Services Committee, which authorizes defense spending, asked William LaPlante to review the increasing use of the freshly concocted Controlled Unclassified Information (CUI) label
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets At the time of writing this blogpost, the price of bitcoin (US$38,114.80) has decreased about 44 percent from its all-time high about four months ago. For cryptocurrency investors, this might be a time either to panic and
The U.S. Federal Communications Commission (FCC) on Friday moved to add Russian cybersecurity company Kaspersky Lab to the “Covered List” of companies that pose an “unacceptable risk to the national security” of the country. The development marks the first time a Russian entity has been added to the list that’s been otherwise dominated by Chinese
The recent WannaCry ransomware attack that infected more than 250,000 computers worldwide was a good reminder to everyone about staying vigilant when it comes to internet safety. After all, many of us stay connected most of the time, whether it’s on our laptops or mobile devices, giving cybercriminals a wide range of opportunities to go
A London nightclub owner has been forced to surrender hundreds of thousands of pounds worth of equipment seized by police after being linked to a notorious cybercrime money laundering group. The QQAAZZ group provided money-laundering services to many organized cybercrime groups over the years. According to the National Crime Agency (NCA), the transnational gang was managed from
by Naked Security writer You’ve almost certainly heard of the LAPSUS$ hacking crew. That’s lapsus, which is as good a Latin word as any for “data breach”, followed by a dollar sign, like a text variable in BASIC. Microsoft refers to this cybergang by the more pedestrian moniker of “the DEV-5037 actor”, and noted, in
Why has the conflict in Ukraine not caused the much anticipated global cyber-meltdown? New York City’s 8.4 million residents are in darkness after an audacious nation-state cyberattack took out the city’s power grid, causing untold chaos with stock markets around the world collapsing. In retaliation against the perpetrators, the US unleashes a series of cyberattacks
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that’s linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. The development, which was first disclosed by BBC News, comes after a report
At McAfee, we’re proud to protect. It’s part of our DNA. We’re all dedicated to keeping the world safe from cyber threats. As a team, we’re driven by our mission to protect all that matters. Individually, we’re motivated by our own unique reasons – whether that’s family, friends, or our communities. As part of our
Nearly two-thirds (62%) of cybersecurity teams are understaffed, and 63% have unfilled vacancies. This is according to ISACA’s State of Cybersecurity 2022 report, which highlighted organizations’ ongoing struggles to hire and retain skilled cybersecurity professionals. This year’s survey included insights from over 2000 cybersecurity professionals worldwide. A fifth of respondents admitted it takes more than six months
by Paul Ducklin In January 2021, reports surfaced of a backup-busting ransomware strain called Deadbolt, apparently aimed at small businesses, hobbyists and serious home users. As far as we can see, Deadbolt deliberately chose a deadly niche in which to operate: users who needed backups and were well-informed enough to make them, but who didn’t
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do!
Network defenders have just 43 minutes to mitigate ransomware attacks once encryption has begun, a new study from Splunk has warned. The security monitoring and data analytics vendor evaluated the speed at which 10 ransomware variants encrypt data to compile its report, An Empirically Comparative Analysis of Ransomware Binaries. Using a controlled Splunk Attack Range lab
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came