Jan 25, 2023Ravie LakshmananData Breach / Remote Work Tool LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted
The UK’s data protection regulator has shared seven tips for SMBs, designed to save them time and money and boost customer confidence. The UK’s SMB community numbers over 5.5 million firms – amounting to over 99% of all businesses in the country. Yet many don’t have the in-house knowledge and resources to ensure they stay
by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps
Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play? First social apps, now gaming? The growth of cloud-powered apps like Telegram and Teams has created mega communities out of their users. Many of these apps have opened the door
Jan 24, 2023Ravie LakshmananMobile Security / 0-Day Attack Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content.
A leading California-based gaming developer has admitted that a serious cyber-attack on its systems has halted all updates. Tencent-owned Riot Games, which produces popular titles like League of Legends and Valorant, explained briefly what happened in a series of tweets on Friday. “Earlier this week, systems in our development environment were compromised via a social
Jan 23, 2023Ravie LakshmananThreat Detection / Infosec The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver, developed by cybersecurity
UK postal service Royal Mail announced on January 18, 2022, that it has resumed some “limited” international shipping following the ransomware attack that hit the company on January 11. These limited services include “International Standard and International Economy letters which do not require a customs declaration” and “International Business Standard (untracked) and International Business Economy
Jan 20, 2023Ravie LakshmananCyber War / Cyber Attack The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. “The Gamaredon group’s network infrastructure relies on multi-stage Telegram accounts for victim
WhatsApp has been hit with a €5.5m ($5.9m) fine for GDPR violations by Ireland’s Data Protection Commission (DPC). In addition to the fine, WhatsApp Ireland has been directed to bring its data processing operations into compliance within six months. The case showcased significant disagreements between European data protection authorities about the extent of WhatsApp’s liability.
by Paul Ducklin US mobile phone provider T-Mobile has just admitted to getting hacked, in a filing known as an 8-K that was submitted to the Securities and Exchange Commission (SEC) yesterday, 2023-01-19. The 8-K form is described by the SEC itself as “the ‘current report’ companies must file […] to announce major events that
Ransomware revenue plunges to $456 million in 2022 as more victims refuse to pay up. Here’s what to make of the trend. Ransomware gangs extorted at least $456 million from victims in 2022, which represents a drop of 40 percent from$765 million the year prior, according to research by Chainalysis. Couple this with a fall
Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the
T-Mobile has admitted that tens of millions of customers had their personal and account information accessed by a malicious actor via an API. The US mobile carrier explained in an SEC filing yesterday that the attack began “on or around” November 25 2022, but was not discovered until January 5 2023, after which time T-Mobile
by Paul Ducklin GUESS YOUR PASSWORD? NO NEED IF IT’S STOLEN ALREADY! Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well? Click-and-drag on the soundwaves below to skip to any point. You can
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
Hello, is it me you’re looking for? Fraudsters still want to help you fix a computer problem you never had in the first place. Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years. Using a range of tried-and-tested social engineering tricks, they’ve
Jan 20, 2023Ravie LakshmananFirewall / Network Security A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October
Security researchers discovered over 400 malicious packages in the popular open source registry npm in December, and dozens more in PyPI. Sonatype explained in a blog post that its AI tooling spotted 422 malicious npm packages focused mainly on data exfiltration via typosquatting or “dependency confusion attacks.” Additionally, it found 58 malicious packages in PyPI,
Summary In August 2022, Secureworks® Counter Threat Unit™ (CTU) researchers discovered a vulnerability in Azure Active Directory (Azure AD) that allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application after the user assignment was removed. Using a backdoor application that was given consent to access the SAML application, a
Written by James Schmidt Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,”
Jan 19, 2023Ravie LakshmananEmail Security / Security Breach Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. “The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained
Some 94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA. The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice. It found that, although
by Paul Ducklin Earlier this month, the NortonLifeLock online identity protection service, owned by Arizona-based technology company Gen Digital, sent a security warning to many of its customers. The warning letter can be viewed online, for example on the website of the Office of the Vermont Attorney General, where it appears under the title NortonLifeLock
Authored by Dennis Pang Online protection software. Antivirus. The two words get used interchangeably often enough. But sure enough, they’re different. And yet directly related when you take a closer look. The term “antivirus” has been with us for decades now, dating back to the first software that was designed to prevent computers from getting
Don’t be the next victim – here’s what to know about some of the most common tricks that scammers use on the payment app Today’s consumers have a wealth of choice when it comes to paying and sending money online. A range of slick digital payment apps have emerged over recent years to make the
Jan 18, 2023Ravie LakshmananICS/SCADA Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via
Security researchers detected twice as many cases of corporate access being sold on the dark web by initial access brokers (IABs) last year as during the previous 12 months, with the number of brokers also surging. Group-IB spotted 2348 instances of IAB sales activity between H2 2021 and H1 2022, with the number of countries
by Paul Ducklin Another day, another series of cryptocurrency scams… …these, fortunately, brought to a halt, though sadly not before they’d defrauded “investors” around the globe to the tune of millions of dollars. According to Europol, 216 people were questioned in Bulgaria, Cyprus, Germany and Serbia; 15 have already been arrested; 22 searches were conducted,
It is now acceptable to find a job on a dating app! As we observed last week, many enterprises and small and medium businesses (SMBs) take advantage of solutions such as Slack, Zoom or Microsoft Teams for collaborative work. At the same time, these platforms are still trying to figure out better ways to create
- « Previous Page
- 1
- …
- 62
- 63
- 64
- 65
- 66
- …
- 118
- Next Page »