0 Comments
Several of Twitter’s C-level security and privacy executives have resigned following the chaos that ensued from the Elon Musk acquisition of the social media platform. “I’ve made the hard decision to leave Twitter,” said the company’s now-former chief information security officer Lea Kissner in a tweet on Thursday. “I’ve had the opportunity to work with
0 Comments
When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let’s discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides an encrypted server by
0 Comments
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new guide on Stakeholder-Specific Vulnerability Categorization (SSVC). This vulnerability management methodology is designed to assess vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts on safety and prevalence of the affected product in a singular system. SSVC was first created by CISA in collaboration
0 Comments
Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto’s Citizen Lab
0 Comments
Three vulnerabilities have been discovered in the UEFI firmware of several Lenovo notebooks. Tracked CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, the flaws have been found by security researchers at ESET and affect various Lenovo Yoga, IdeaPad and ThinkBook devices. The first of the vulnerabilities is a flaw in the WMI Setup driver, which may allow an attacker with elevated privileges to modify
0 Comments
Cybersecurity researchers are warning of “massive phishing campaigns” that distribute five different malware targeting banking users in India. “The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers,” Trend Micro said in a report published this week. Some
0 Comments
A path-traversal vulnerability has been discovered in ABB Totalflow flow computers and controllers that could lead to code injection and arbitrary code execution (ACE). The high-risk vulnerability (tracked CVE-2022-0902) has a CVSS v3 of 8.1 and affected several ABB G5 products. It has been discovered by security experts at Team82, Claroty’s research arm. “Attackers can exploit this
0 Comments
by Paul Ducklin Remember those Exchange zero-days that emerged in a blaze of publicity back in September 2022? Those flaws, and attacks based on them, were wittily but misleadingly dubbed ProxyNotShell because the vulnerabilities involved were reminiscent of the ProxyShell security flaw in Exchange that hit the news in August 2021. Fortunately, unlike ProxyShell, the
0 Comments
The Russia-linked APT29 nation-state actor has been found leveraging a “lesser-known” Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. “The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting,” Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up. APT29,
0 Comments
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.  However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone
0 Comments
Australia’s largest health insurer Medibank has announced it will not pay a ransom to the threat actors behind the October data breach affecting 9.7 million customers. Writing on LinkedIn over the weekend, Medibank CEO David Koczkar said that, based on the advice the company has received from cybercrime experts, they believe that there is only a
0 Comments
There’s no doubt that cyber bullying ranks towards the top of most parents ‘worry list’. As a mum of 4, I can tell you it always came in my top five, usually alongside driving, drugs, cigarettes and alcohol! But when McAfee research in May revealed that Aussie kids experience the 2nd highest rate of cyberbullying
0 Comments
A business email compromise (BEC) group dubbed ‘Crimson Kingsnake’ has recently been spotted impersonating well-known international law firms to trick recipients into approving overdue invoice payments. As outlined in a technical write-up by cloud email security platform Abnormal, 92 malicious domains of 19 law firms and debt collection agencies across the US, UK and Australia have been