Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing software mitigations as part of
Cyber insurance companies are looking for new ways to assess risk as they grow increasingly wary of rising claims, said a report from cybersecurity company Panaseer released this week. The 2022 Cyber Insurance Market Trends Report found a lack of confidence in underwriting processes. Only 44% of insurers said they were very confident in evaluating cyber risk, with 46.5% warning
by Paul Ducklin Paying money to ransomware criminals is a contentious issue. After all, ransomware demands boil down to one thing, whether you know it in everyday language as extortion, blackmail or standover, namely: demanding money with menaces. Usually, the attackers leave all your precious files where they are, so you can see them sitting
It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games Revenue in the global video games market is set to grow by nearly 11% this year to reach almost $209bn. But when we see this much growth, revenue and users concentrated in one place, there
Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that’s under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other
McAfee announces a partnership that will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. The partnership
The US Department of Justice (DOJ) announced last Friday that a Florida resident named Ron Aksoy has been arrested and charged for allegedly selling thousands of fraudulent and counterfeit Cisco products over the course of 12 years. Also known as Dave Durden, Aksoy, 38, would have run at least 19 companies formed in New Jersey
by Paul Ducklin Remember 1999? Well, the Melissa virus just called, and it’s finding life tough in 2022. It’s demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn’t face the trials and tribulations that they do today. In the 1990s, you could insert VBA (Visual Basic for Applications)
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. “Attackers can abuse the runners or servers provided by GitHub to run an organization’s pipelines and automation by maliciously downloading and installing their own cryptocurrency
Disneyland’s Facebook and Instagram accounts were taken over on Thursday by a self-proclaimed “super hacker” who posted a series of racist and homophobic posts. Operating under the name “David Do,” the threat actor claimed he was seeking “revenge” on Disneyland employees after some of them had allegedly insulted him. “I am a super hacker that
LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. “The affiliates that use LockBit’s services conduct their attacks according to their preference and use different tools and techniques to achieve their goal,” Cybereason security analysts Loïc Castel
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have
Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom. The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool. “The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they
Scammers don’t take the summer off – be on your guard when buying your Crit’Air sticker If you drive your own vehicle in certain regions of France at certain times, you will need to purchase a special ‘clean air sticker’ called Crit’Air or risk facing a fine from the French government. Similar schemes already exist
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. “Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker’s machine,” Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as
A fake LinkedIn job offer was the reason behind Axie Infinity’s $600m hack, according to a new investigation by The Block. The digital assets-focused outlet said on Wednesday that while the US government attributed the attack to the North Korean hacker group Lazarus, full details of how the exploit was executed had not been disclosed. The Block said that according
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Vacations are a great time to unwind, but if you’re not careful, you may face a digital disaster. Here’s how to keep your devices and data secure while you’re on the move Vacations are the perfect time to unwind, but if you’re not careful, you may face a digital disaster. Being outside of their normal
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that’s behind a Windows malware with worm-like capabilities. Describing it as a “persistent” and “spreading” threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable
Fewer people carry cash these days, kids included. This growing paperless reality fast-forwards the parenting task of educating kids on financial responsibility. As of 2021, most cash apps allow kids 13 and up to open accounts (previously, the age was 18). Kids can also get a cash app debit card for retail purchases. But while
Apple has announced a new set of iPhone features called “Lockdown Mode.” Unveiled in a blog post on Wednesday, Lockdown Mode will land on iOS 16, iPadOS 16, and macOS Ventura devices in the fall of this year, and offer a number of security features. Apple called the mode an “extreme, optional level of security
by Paul Ducklin Remember the Log4Shell bug that showed up in Apache Log4j late in 2021? Log4j is one of the Apache Software Foundation’s many software projects (more than 350 at current count), and it’s a programming library that Java coders can use to manage logfiles in their own products. Logfiles are a vital part
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. “North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records
It’s a question we get a lot from parents: “How can I keep my kids safe when they are constantly hopping between so many different apps?” We get it, there’s a lot to stay on top and all of it changes constantly. Unfortunately, that question doesn’t have a simple answer. But there are some baseline
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory suggesting North Korean state-sponsored cyber actors are using the Maui ransomware to target Healthcare and Public Health (HPH) Sector organizations in the US. According to the document – a joint effort between CISA, the Federal Bureau of Investigation (FBI) and the Department of
by Paul Ducklin Just over a week ago, the newswires were abuzz with news of a potentially serious bug in the widely-used cryptographic library OpenSSL. Some headlines went as far as describing the bug as a possibly “worse-than-Heartbleed flaw”, which was dramatic language indeed. Heartbleed, as you may remember, was an incredibly high-profile data leakage
Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed Last year, Facebook Marketplace passed one billion global users. In so doing, it’s become a giant of the consumer-to-consumer space, allowing individual Facebook users to buy from and sell to each other
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against “highly targeted cyberattacks.” The “extreme, optional protection” feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats
In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging. We took a moment to ask our event guest speaker, Leslie
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer. The four selected encryption algorithms will now reportedly become part of NIST’s post-quantum cryptographic (PQC) standard, which should be finalized in about two years. More specifically, for
- « Previous Page
- 1
- …
- 85
- 86
- 87
- 88
- 89
- …
- 116
- Next Page »