by Paul Ducklin We use Apple’s Mail app all day, every day for handling work and personal email, including a plentiful supply of very welcome Naked Security comments, questions, article ideas, typo reports, podcast suggestions and much more. (Keep ’em coming – we get far more positive and useful messages that we get trolls, and
More than a dozen organizations operating in various verticals were attacked by the threat actor This week, ESET researchers published their analysis of previously undocumented backdoors and cyberespionage tools that the POLONIUM APT group has deployed against targets in Israel. The group has used at least seven different custom backdoors in the past year, and
Tata Power Company Limited, India’s largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted “some of its IT systems,” the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the
Performance and security company Cloudflare reported that it stopped a 2.5Tbps distributed denial-of-service (DDoS) attack in Q3 2022 launched by a Mirai botnet against Minecraft server Wynncraft. The data comes from the company’s latest DDoS Threat Report, which includes insights and trends about the DDoS threat landscape in the third quarter of 2022. “Multi-terabit strong
by Paul Ducklin We’re not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. (The name “Office” as the collective noun for Microsoft’s word processing, spreadsheet, presentation and collaboration apps is being killed off over the next month or two, to
While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die? Like anything else we own, those things can be passed along through our estates
From a little girl financially helping her family in Jerusalem to a Nobel Prize laureate. That is the exceptional life of Ada Yonath in a nutshell. The first female Israeli Nobel Laureate and the fourth woman in the world to be awarded the Nobel Prize in Chemistry, Ada Yonath has dedicated her life to the
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that
A new threat cluster, tracked by SentinelLabs as WIP19, has been targeting telecommunications and IT service providers across the Middle East and Asia. According to the security experts, the group is characterized by the use of a legitimate, stolen digital certificate issued by DEEPSoft, a Korean company specializing in messaging solutions. “Throughout this activity, the
by Paul Ducklin THREE DEEP QUESTIONS Should hospital ransomware attackers get life in prison? Who was the Countess of Computer Science, and just how close did we come to digital music in the 19th century? And could a weirdly wacky email brick your iPhone? With Doug Aamoth and Paul Ducklin. Intro and outro music by
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group ESET researchers reveal their findings about POLONIUM, an advanced persistent threat (APT) group about which little information is publicly available and its initial compromise vector is unknown. POLONIUM is a cyberespionage group first documented by Microsoft Threat
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. “Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
“I’ll just Uber home.” Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb. Uber’s reputation has ebbed and
Fraudsters use various tactics to separate people from their hard-earned cash on Zelle. Here’s how to keep your money safe while using the popular P2P payment service. The consumer payments space has undergone a radical shift in recent years. A new breed of apps, including Venmo, Cash App and Zelle, now offer a fast, effective
FormBook is the most prevalent malware in the wild worldwide, and Vidar, an infostealer, has entered the top 10 list in eighth place for the first time following a fake Zoom campaign. The new data comes from Check Point Research (CPR), which shared with Infosecurity its September 2022’s Most Wanted Malware report earlier today. According to the new
by Paul Ducklin Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer’s network. (You may need to read that twice.) As you probably
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD),
Japanese car giant Toyota has warned that nearly 300,000 customers may have had their personal data leaked after an access key was publicly available on GitHub for almost five years. In a statement on its website, Toyota said that the email addresses and customer control numbers of 296,019 people who have used T-Connect, a telematics
by Paul Ducklin The second Tuesday of every month is Microsoft’s regular day for security updates, still known by almost everyone by its unofficial nickname of “Patch Tuesday”. But the second Tuesday in October is also Ada Lovelace Day, celebrating Ada, Countess of Lovelace. Ada was a true pioneer not only of computing, but also
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to
Has your Steam account been hacked? Here are the signs to look for and what you can do to get your account back. The videogaming industry doesn’t stop growing. In fact, it is estimated to reach a market value of $197 billon by the end of 2022 and surpass $250 billon by 2025. This, together with its
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week.
Representatives from Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) and the European Union Agency for Cybersecurity (ENISA) recently met to discuss strengthening cooperation and networking. The working meeting was held during the visit to ENISA HQ in Athens as a part of the Cybersecurity East Project. Viktor Zhora, SSSCIP deputy head, said after
by Paul Ducklin Naked Security meets Sophos X-Ops! (Read or listen according to your preference.) We dig into OAuth 2.0, a well-known protocol for authorization. Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it. We look at the what, the why and the
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. “Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan,” Trend Micro
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.” “We have informed market participants
by Paul Ducklin Scam calls are a nuisance at best, because they’re intrusive, and a social and financial evil at worst, because they prey on those who are vulnerable. You probably get dozens or hundreds of them a year, often in waves of several a day, where the caller claims to be from Amazon (about
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from “.*autodiscover.json.*Powershell.*” to “(?=.*autodiscover.json)(?=.*powershell).” The list of updated steps to
Chinese state–sponsored threat actors continue to exploit known vulnerabilities to target US and allied networks and companies, according to a new advisory published on October 06, 2022, by the US National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). Worse, they use “an increasing array of new and
by Naked Security writer Joe Sullivan, who was Chief Security Officer at Uber from 2015 to 2017, has been convicted in a US federal court of covering up a data breach at the company in 2016. Sullivan was charged with obstructing proceedings conducted by the FTC (the Federal Trade Commission, the US consumer rights body),
- « Previous Page
- 1
- …
- 75
- 76
- 77
- 78
- 79
- …
- 118
- Next Page »