Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email
American multinational technology corporation Microsoft has warned thousands of its cloud computing customers that their data could be accessed, altered or erased, according to a report by Reuters. Customers were warned that threat actors could even delete their main database by exploiting a vulnerability in Microsoft Azure’s flagship Cosmos DB database that has been named ChaosDB. The alleged
More senior adults are taking advantage of the array of wearable technology that helps them stay connected to healthcare providers and monitor their physical health and safety. But that newfound convivence comes with risk and, for many, the genuine fear of falling prey to an online hacker. Protection + Peace of Mind Wearable technology brings seniors both power and peace of mind. Many elderly consumers rely on wearable technology to monitor critical blood glucose levels, heart
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren’t working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The
An entertaining new campaign has been launched to combat the sea of misinformation about coronavirus vaccines on social media that was branded an “infodemic” by the World Health Organization. The Instagram-based campaign was created by healthcare agency FCB Health New York IPG and non-profit group GMHC and is fronted by drag queen and influencer Miz
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever. Your phone gets to be like an old friend after a while. You have things laid out the way you like, your favorite apps are at the ready, and you have the perfect home screen and wallpaper all loaded up. So,
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. Any narrative about cybersecurity in 2020 is naturally going to focus on the COVID-19 pandemic. This once-in-a-generation crisis and the digital transformation it accelerated both broadened corporate attack surfaces
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD)
by Paul Ducklin [02’00”] More money troubles in cryptotown. [10’28”] Trouble with plastic spaghetti. [21’10”] The mouse that conquered Windows. [31’38”] Oh! No! When you report yourself for phishing. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate. It noted that these include phishing emails with malicious attachments to gain
Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cybercriminals. Fake Login Pages Explained A fake login page is essentially a knock-off of
The man was after sexually explicit photos and videos that he would then share online or store in his own collection A California man has fessed up to breaking into the Apple iCloud accounts of hundreds of individuals and downloading more than 620,000 images and 9,000 videos while on the prowl for nude photos of
Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks
by Paul Ducklin The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL 1.1.1l, which is tricky to interpret if you use a font in which upper case EYE, lower case ELL and the digit ONE
Personal and clinical data of more than 73,000 patients have been affected by a “sophisticated ransomware cyber-attack” on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information.
Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th, 2020, a cyberattack at the University of Vermont Medical Center in Burlington VT led to 75% of the scheduled chemotherapy patients being turned away. Many of us have friends and loved ones who have
Meet SparklingGoblin, a member of the Winnti family ESET researchers have recently discovered a new undocumented modular backdoor, SideWalk, being used by an APT group we’ve named SparklingGoblin; this backdoor was used during one of SparklingGoblin’s recent campaigns that targeted a computer retail company based in the USA. This backdoor shares multiple similarities with another
Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the
The caches of data that were publicly accessible included names, email addresses and social security numbers A total of 38 million records stored across hundreds of Microsoft Power Apps portals have been found sitting unprotected on the internet. The treasure trove of data included a variety of personally identifiable information (PII) ranging from names and
Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun’s Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021, said
A drug dealer has been given a ten-year jail sentence after officers monitored his encrypted communications with other suppliers, according to the National Crime Agency (NCA). Lee Broughton, 40 from Epsom, was sentenced last week at Kingston Crown Court after pleading guilty back in April to supplying cocaine. His case was one of the many that
Overview As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR) recently investigated the B. Braun Infusomat Space Large Volume Pump along with the B. Braun SpaceStation, which are designed for use in both adult and pediatric medical facilities. This research was done with
by Paul Ducklin We all know a sysadmin or two (or three, or four) who are seriously into gaming, and have the cool hardware to prove it… …perhaps including a special chair, dedicated headphones, an ultra-hackable mouse, and an indestructible, mechnically triggered, 6-key-rollover, touch-typist’s keyboard (with multicoloured blank keycaps, configured in COLEMAK format, rather QWERTY
The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security. The security vendor’s AppSec Stats Flash report for August offers a broad view of the current state of application security across various verticals. Most important is
Now that we’ve officially kicked off our journey as McAfee Enterprise, a pure-play enterprise cybersecurity company under the new ownership of Symphony Technology Group (STG), we’re celebrating a lot of new firsts and changes. But one thing remains the same: our passion and commitment to make the world a safer, more secure place. And that
Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. “While the ransomware crisis appears poised
by Paul Ducklin Are you part of the Maker scene? If so, you probably have your very own 3D printer (or, depending on how keen you are, several 3D printers) stashed in your garage, shed, basement, attic or local makerspace. Unlike an old-school 2D plotter than can move its printing mechanism side-to-side and top-to-bottom in
Infosecurity Europe, Europe’s number one information security event, will run from Tuesday 21 to Thursday 23 June 2022 in its new home, ExCeL London. For many years, Infosecurity Europe, organised by RX (Reed Exhibitions), has taken place at London Olympia. The last two editions of the in-person event have been postponed due to COVID-19. According
Surprise! Just because you’re a Millennial or Gen Zer doesn’t mean you’re savvier when it comes to technology. Especially when it comes to cybersecurity. Turns out, Millennials aren’t quite as tight with their security as the older generations are. That’s according to one study about working from home that focused on younger adults and their older cohorts. It’s perhaps no surprise that nearly half of them said that
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. “The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,” SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed