by Paul Ducklin Google’s latest update to the Chrome browser fixes a varying number of bugs, depending on whether you’re on Android, Windows or Mac, and depending on whether you’re running the “stable channel” or the “extended stable channel“. Don’t worry if you find the the plethora of Google blog posts confusing… …we did too,
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes
NATO has announced plans to develop virtual rapid response capabilities “to respond to significant malicious cyber activities.” The plans were unveiled in a declaration published following the NATO Summit in Madrid, Spain, last week. The latest summit took on extra significance in light of the Russian invasion of Ukraine earlier this year, amid fears of the conflict
by Paul Ducklin If you’re a Naked Security Pocast listener, you may remember, back in March 2022, that we spoke about a convicted cybercriminal from Canada by the name of Sebastien Vachon-Desjardins. By all accounts, he was part of several so-called Ransomware-as-a-Service (RaaS) gangs, such as REvil and NetWalker, where the actual ransomware attackers act
One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? We all know cyber is a critical element of business risk. But how critical? Some boardrooms seem to pay little more than lip service to security and still manage to avoid serious repercussions. That’s
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to
CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) used by a threat actor (TA) in attacks against IBM and Stanford University. The module reportedly has hidden desktop takeover capabilities that would be
Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. Central to the changes is a “simplified and unified management experience that’s the same in Chrome and Android settings,” Ali Sarraf, Google Chrome product manager, said in a blog post.
Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable
by Paul Ducklin The US Federal Bureau of Investigation (FBI) famously maintains a Ten Most Wanted Fugitives list. Currently, nine of them are men, suspected of 22 different offences between them: Accessory After the Fact Aiding and Abetting Armed Robbery Cocaine Importation Conspiracy Conspiracy to Commit Murder-for-Hire Conspiracy to Commit Violent Crimes in Aid of
The lead-up to the Canada Day festivities has brought a tax scam with it Even though the deadline to file taxes in Canada already passed on May 2nd, 2022, some people may have filed late or are still expecting their refund. Perhaps that’s why I received a phishing email yesterday purporting to come from the
Following heightened worries that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it’s taking steps to “strengthen data security.” The admission that some China-based employees can access information from U.S. users came in a letter sent to nine
Microsoft’s Security Intelligence team has issued a new warning against a known cloud threat actor (TA) group. Tracked as 8220 and active since early 2017, the group would have now updated its malware toolset to breach Linux servers in order to install crypto miners as part of a long-running campaign. “The updates include the deployment
by Paul Ducklin We’ll tell this story primarily through the medium of images, because a picture is worth 1024 words. This cybercrime is a visual reminder of three things: It’s easy to fall for a phishing scam if you’re in a hurry. Cybercriminals don’t waste any time getting new scams going. 2FA isn’t a cybersecurity
As scammers continue to ask people to take fake surveys, can you recognize some common telltale signs you’re dealing with a scam? Scammers recently launched a campaign on WhatsApp where they trick unsuspecting victims into thinking that they qualify for a cash prize from Costco in exchange for taking a simple survey. Obviously this type
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its “complex multi-step attack flow” and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their
It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your most-loved status update or the photo you’re most proud of? This year, consider commemorating the day by learning more about how to keep your information safe. Enjoy your favorite platform, but be on the lookout
An ex-Canadian government employee pleaded guilty in Florida court earlier this week to charges of involvement with the NetWalker ransomware group. Sebastien Vachon-Desjardins, 34, was accused of conspiracy to commit computer fraud and wire fraud, as well as intentional damage to a protected computer and transmitting a demand concerning damaging a protected computer. Vachon-Desjardins was extradited in March, following
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
If the promise of a cash prize in return for answering a few questions sounds like a deal that is too good to be true, that’s because it is WhatsApp users should watch out for a scam that lures victims with the promise of cash rewards from retail giant Costco in return for completing a
Google’s Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists,
Social media is part of our social fabric. So much so that nearly 50% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you
A group of security researchers from Abuse.ch and ThreatFox launched a new hub for scanning and hunting files. Dubbed YARAify, the defensive tool is designed to scan suspicious files against a large repository of YARA rules. “YARA is an open source tool for pattern matching,” Abuse.ch founder Roman Hüssy said in an interview with The Daily Swig. “It allows anyone […]
by Paul Ducklin This month’s scheduled Firefox release is out, with the new 102.0 version patching 19 CVE-numbered bugs. Despite the large number of CVEs, the patches don’t include any bugs already being exploited in the wild (known in the jargon as zero-days), and don’t include any bugs labelled Critical. Perhaps the most significant patch
War in Europe, a reminder for shared service centers and shoring operations to re-examine IT security posture European business leadership, especially CISOs, CTOs, and chief data officers (CDOs), are adjusting to the fact that the war in Ukraine is a war in Europe and has global implications. Sanctions, military aid, and even incoming refugees are
Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed “YTStealer” by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. “What sets YTStealer aside
An analysis from cybersecurity firm Cyble has found over 900,000 Kubernetes (K8s) exposed across the internet and thus vulnerable to malicious scans and/or data-exposing cyberattacks. The researchers clarified that while not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practices might make companies lucrative targets for threat actors (TA) in
by Paul Ducklin Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and sextortionists. Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime: Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware “grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to
The internet is a big place. While it’s changed the world for the better — making our daily lives that much easier! — it can also be a playground for cybercriminals who would love to get their hands on our personal information. When this happens, it can result in identity theft. While it can be
- « Previous Page
- 1
- …
- 86
- 87
- 88
- 89
- 90
- …
- 116
- Next Page »