Google on Thursday announced that it’s seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. “GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and
From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that
by Paul Ducklin The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn’t finish the war with any sort of hero’s welcome back into civilian life. Indeed, they got no public
Automobile manufacturer Toyota recently announced a data breach that may have exposed the emails of up to 300,000 customers for a period of nearly five years. Toyota says the breach is the result of a subcontractor posting source code for Toyota’s “T-Connect” app on the software development platform GitHub in December 2017. This code included
Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last
Video messaging platform Zoom released a new patch last week to a high-severity flaw in its client for macOS devices. The vulnerability (tracked CVE-2022-28762) refers to a debugging port misconfiguration affecting versions between 5.10.6 and 5.12.0 (excluded) and has a common vulnerability scoring system (CVSS) of 3.1 of 7.3 out of 10. “When camera mode
by Paul Ducklin Popular and ubiquitous (software isn’t always both of those things!) cloud meeting company Zoom recently announced an oops-that-wasn’t-supposed-to-happen bug in the Mac version of its software. The security bulletin is, forgivably, written in the typically staccato and jargon-soaked style of bug-hunters, but the meaning is fairly clear. The bug is denoted CVE-2022-28762,
In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal
What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? Schools are at the center of societal change, whether it is by educating and empowering students or by serving as a mirror of current social and economic realities. In order to fulfill their
Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently
A novel ransomware campaign has been spotted targeting organizations in the transportation and logistics industries in Ukraine and Poland using a previously unidentified ransomware payload. Dubbed “Prestige ranusomeware” by its creators, the malware was observed by the Microsoft Threat Intelligence Center (MSTIC), targeting several organizations on October 11 in attacks occurring within an hour of
by Naked Security writer Chinese company Zoetop, former owner of the wildly popular SHEIN and ROMWE “fast fashion” brands, has been fined $1,900,000 by the State of New York. As Attorney General Letitia James put it in a statement last week: SHEIN and ROMWE’s weak digital security measures made it easy for hackers to shoplift
The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a
The education sector experienced a 44% increase in cyber-attacks when compared to 2021, with an average of 2297 attacks against organizations every week, according to Check Point’s 2022 Mid-Year Report. The research paper suggests that part of the appeal is the sheer number of personal details that threat actors can obtain by targeting organizations in this
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection.
Zoetop, the holding company behind retailer giant Romwe and Shein, has been fined $1.9m after it failed to properly inform customers of a data breach that reportedly affected millions of users. According to a notice from New York’s attorney general’s office this week, the 2018 data breach saw Zoetop failing to secure customers’ data, not
by Paul Ducklin We use Apple’s Mail app all day, every day for handling work and personal email, including a plentiful supply of very welcome Naked Security comments, questions, article ideas, typo reports, podcast suggestions and much more. (Keep ’em coming – we get far more positive and useful messages that we get trolls, and
More than a dozen organizations operating in various verticals were attacked by the threat actor This week, ESET researchers published their analysis of previously undocumented backdoors and cyberespionage tools that the POLONIUM APT group has deployed against targets in Israel. The group has used at least seven different custom backdoors in the past year, and
Tata Power Company Limited, India’s largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted “some of its IT systems,” the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the
Performance and security company Cloudflare reported that it stopped a 2.5Tbps distributed denial-of-service (DDoS) attack in Q3 2022 launched by a Mirai botnet against Minecraft server Wynncraft. The data comes from the company’s latest DDoS Threat Report, which includes insights and trends about the DDoS threat landscape in the third quarter of 2022. “Multi-terabit strong
by Paul Ducklin We’re not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. (The name “Office” as the collective noun for Microsoft’s word processing, spreadsheet, presentation and collaboration apps is being killed off over the next month or two, to
While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die? Like anything else we own, those things can be passed along through our estates
From a little girl financially helping her family in Jerusalem to a Nobel Prize laureate. That is the exceptional life of Ada Yonath in a nutshell. The first female Israeli Nobel Laureate and the fourth woman in the world to be awarded the Nobel Prize in Chemistry, Ada Yonath has dedicated her life to the
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that
A new threat cluster, tracked by SentinelLabs as WIP19, has been targeting telecommunications and IT service providers across the Middle East and Asia. According to the security experts, the group is characterized by the use of a legitimate, stolen digital certificate issued by DEEPSoft, a Korean company specializing in messaging solutions. “Throughout this activity, the
by Paul Ducklin THREE DEEP QUESTIONS Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? With Doug Aamoth and Paul Ducklin. Intro and outro music by
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group ESET researchers reveal their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown. POLONIUM is a cyberespionage group first documented by Microsoft Threat
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. “Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
“I’ll just Uber home.” Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb. Uber’s reputation has ebbed and
Fraudsters use various tactics to separate people from their hard-earned cash on Zelle. Here’s how to keep your money safe while using the popular P2P payment service. The consumer payments space has undergone a radical shift in recent years. A new breed of apps, including Venmo, Cash App and Zelle, now offer a fast, effective
- « Previous Page
- 1
- …
- 54
- 55
- 56
- 57
- 58
- …
- 98
- Next Page »