by Paul Ducklin Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. Details of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: [A]n unauthorized party gained access to portions of the LastPass development environment through
The number of new viruses grows every day. In fact, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software
Dec 23, 2022Ravie LakshmananEncryption / Privacy / Browser The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached
The FBI has warned that cyber-criminals are using search engine advertisement services to defraud the public. The public service announcement, issued on December 21, 2022, stated that threat actors are purchasing these ad services to impersonate brands for the purpose of luring users to malicious websites. These sites, which “look identical to the impersonated business’s
by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack
Dec 23, 2022Ravie LakshmananPassword Management / Data Breach The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data
A leading pediatric hospital in Canada has been hit by a cyber-attack, causing several network systems to go down. The Hospital for Sick Children, known as SickKids, based in Toronto, Canada, informed the public of the ongoing cyber-incident in a Twitter post on December 20, 2022. It revealed it has activated ‘Code Grey’ – system
by Paul Ducklin Black Friday is behind us, that football thing they have every four years is done and dusted (congratulations – spoiler alert! – to Argentina), it’s the summer/winter solstice (delete as inapplicable)… …and no one wants to get locked out of their social media accounts, especially when it’s the time for sending and
For many Aussies, identity theft was always something that happened to other people. People on TV, usually. But the recent spate of data breaches at Optus, Medibank and Energy Australia has made many of us pay far more attention than ever to one of the fastest growing crimes in our country. According to the Department
It’s all fun and games over the holidays, but is your young gamer safe from the darker side of the action? As Christmas draws nearer, parents are handling a barrage of requests from their kids for the latest gaming titles and consoles. Despite gathering macro-economic headwinds, US consumers are set to increase their total retail
Dec 22, 2022Ravie LakshmananSoftware Security / Data Breach Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. “There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers,” the company said in
A new security threat to a recently introduced functionality in Amazon Web Services (AWS) has been uncovered by researchers from Mitiga. The attack vector relates to AWS’ Amazon Virtual Private Cloud feature ‘Elastic IP transfer,’ which was announced in October 2022. This feature enables a far easier transfer of Elastic IP addresses from one AWS
by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. Without question, smart home devices have truly stormed the marketplace. We’ve gone from a handful of relatively straightforward things like connected lights, outlets, and cameras to a wide range of fully connected household appliances
Dec 20, 2022Ravie LakshmananBanking Malware / Mobile Security The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a “complex keylogging system designed to abuse Accessibility Services
Ransomware groups are expected to tweak their tactics, techniques and procedures (TTPs) and shift their business models as organizations strengthen their cybersecurity measures, law enforcement gets better at tracking down threat actors and governments tighten regulations on cryptocurrencies, according to Trend Micro’s latest research paper. In the report, published on 15 December and titled The
by Paul Ducklin The “Missing Cryptoqueen” saga has made long-term headlines since co-founders Ruja Ignatova and Karl Sebastian Greenwood started a cryptocurrency scam known as OneCoin, way back in 2014. Ignatova, who hails from Bulgaria, and who apparently liked to be known as The Cryptoqueen (her charge sheet even shows that name as an alias),
Give yourself peace of mind and help create a safe online space for your child using Android or iOS parental controls So you’re about to give your kid their first smartphone. While your child will be over the moon with their shiny new device, you begin to wonder how to stop the kid from spending
Dec 19, 2022Ravie LakshmananSoftware Security / Supply Chain Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken down, is said to have
Social media data analytics tool Social Blade has announced a breach that affected its systems on December 14 and exposed users’ personally identifiable information (PII), which was then offered for sale on the dark web. The company did not issue a public warning about the incident but has warned users directly via email. One of the
ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy The future isn’t what it used to be. This adage, if a little trite, has taken on a whole new meaning after our lives
Dec 17, 2022Ravie LakshmananServer Security / Network Security Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.
Social media giant Meta has awarded a total of $2m as part of its bug bounty program. The total amount since the program’s establishment in 2011 is reportedly $16m. The figures come from a blog post Meta published on Thursday looking back at the highlights from the company’s bug bounty program over the last decade.
The group’s proprietary backdoor LODEINFO delivers additional malware, exfiltrates credentials, and steals documents and emails This week, the ESET research team published their findings about a spearphishing campaign that the Chinese-speaking threat actor MirrorFace launched in Japan and that mainly focused on members of a specific Japanese political party. The campaign – which ESET Research
Dec 18, 2022Ravie Lakshmanan Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it
The Agenda ransomware group has been observed developing new malware using the Rust programming language and using it to breach several companies. “The threat actors not only claimed that they were able to breach the servers of these companies but also threatened to publish their files,” wrote Trend Micro researchers, who recently discovered the new malicious
by Paul Ducklin If you’re a regular Naked Security reader, you can probably guess where on the planet we’re headed in this virtual journey…. …we’re off once more to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel. Researchers in the department’s Cyber-Security Research Center regularly investigate security
Our How I Got Here series spotlights the stories of McAfee team members who have successfully grown their careers. Read more about Brenda’s McAfee’s journey, what a day in the McAfee sales team is like, and what her superpower is. Embracing opportunities When I started my professional career, I was in technology but one of the few women
The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly. Choosing the right holiday gift(s) for your children can be nerve-racking, perhaps doubly so if you’re choosing it for your pre-teen. It’s at that age when
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It’s tracking the threat cluster as
- « Previous Page
- 1
- …
- 63
- 64
- 65
- 66
- 67
- …
- 116
- Next Page »