by Paul Ducklin The best-known cryptographic library in the open-source world is almost certainly OpenSSL. Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly. Secondly, it’s probably the most widely-publicised, sadly because of a rather nasty bug
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm
The Federal Communications Commission (FCC) has noticed “substantial increases” in complaints about scam robotexts, it warned this week. The Commission issued an alert warning consumers that these texts are on the rise. It added that it was also seeing more reports of scam texts from robocall and robotext blocking services. The FCC tracks consumer complaints rather than
The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. “In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files,” Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The
A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday. Nadler said three hostile actors had breached the Public Access to Court Electronic Records
Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web. Web browsers are our gateway to the digital world. We spend hours on them each day, which makes them not only a vital tool for legitimate users, but a valuable target
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest
A bill designed to increase visibility of foreign ransomware attackers has passed in the US House of Representatives. The Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (also known as the RANSOMWARE Act) will make it easier for the US to respond to ransomware attacks from foreign
by Paul Ducklin If you’ve ever watched a professional plumber at work, or a plasterer, or a bricklayer, or the people who deftly use those improbably long sticks to craft paper-thin pancakes the size of a bicycle wheel… …you’ve probably had the same thoughts that we have. I could do that. I really could. But
Cybercriminals exploited a vulnerability to steal the equivalent of 18M$ from the NFT music streaming platform Audius, while other cyberthreats related to crypto makes the news. This week, the NFT music streaming platform Audius was the victim of a cyberattack. Criminals exploited a vulnerability to steal the equivalent of 18M$ from the platform. This type of attack
A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that’s capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize their batteries for device management. However, this malware hides and continuously show advertisements to victims. In addition, they run malicious services automatically
Police in Spain have arrested two people on suspicion of hacking the country’s Radioactivity Alert Network (RAR). The RAR, operated by Spain’s General Directorate of Civil Protection and Emergencies, is a network of gamma radiation sensors. It monitors parts of Spain – which operates nuclear power plants – for excessive radiation. The two individuals are
by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could
A database containing 5.4m Twitter users’ data is reportedly for sale on a popular criminal forum. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems reported in January. The seller, using the nickname ‘devil,’ advertised the data on the Breached Forums site and demanded at least $30,000 for it.
by Paul Ducklin Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. The name, in case you’ve ever wondered, is a happy-sounding and easy-to-say derivation from
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash For today’s consumers, convenience is king. And at the heart of the digital experiences that make our lives easier sits the
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. “All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others,” Dr.Web said in a Tuesday write-up. While
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may
Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cybersecurity company Vade today. The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.
by Paul Ducklin It’s time for this month’s scheduled Firefox update (technically, with 28 days between updates, you sometimes get two updates in one calendar month, but July 2022 isn’t one of those months)… …and the good news is that the worst bugs listed, which get a risk category of High, are those found by
Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021. The new version of LockBit, called LockBit 3.0 aka LockBit Black, was released in June 2022, launching a brand new leak site and what’s the very
We all love to spend time surfing the web — whether we’re shopping, paying bills, or reacting to funny memes. The internet has also allowed many of us to keep working from home even during the pandemic. The internet is great, but the best way to keep enjoying it is to know where and how
The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for protecting healthcare data. The draft update will provide a more practical guide for healthcare providers to comply with government rules on personal health data security, it claimed. The initial draft of the document is titled ‘Implementing the Health Insurance Portability and
by Paul Ducklin Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have
I’ve created an NFT so you don’t have to – here’s the good, the bad and the intangible of the hot-ticket tokens First, a quick primer: non-fungible tokens, or NFTs, are unique tokens stored on a blockchain, which is a form of digital ledger, and they cannot be modified or replaced with another token. NFTs
Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. “Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites,” the company noted in an advisory published on
Our How I Got Here series spotlights the stories of team members who have successfully grown their career here at McAfee. This journey features Gayatri who kicked off her second career at McAfee after leaving her role and returning to further education. My McAfee Career Journey McAfee truly kicked off my second career journey! I previously worked
Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified
- « Previous Page
- 1
- …
- 85
- 86
- 87
- 88
- 89
- …
- 118
- Next Page »