Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos. The security vendor commissioned Vanson Bourne to compile its report, The State of Ransomware in Healthcare 2022, from interviews with 381 IT pros in 31
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’36”] This Week in Tech. Naming a computer after a famous scientist doesn’t always help. [02’25”] The wacky but dangerous 0-day hole in Windows. [14’14”] Supply chain attacks and the crooks who orchestrate
It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict On January 14th this year, a raid by Russian law enforcement authorities made headlines all over the world, as it resulted in the arrests of 14 members of the infamous Sodinokibi/REvil ransomware gang. The crackdown came
Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021.
The growing number of internet crimes targeting senior adults is mind-blowing. In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020. These numbers tell us a few things. They tell
Connecticut Governor Ned Lamont officially signed into law the Public Act No. 22-15, titled ‘An Act Concerning Personal Data Privacy and Online Monitoring’ on May 10. Commonly referred to as the Connecticut Privacy Act (CTPA), the new legislation provides consumers with enhanced privacy rights, including the right of access, rectification and deletion of data. It also provides the
by Paul Ducklin Software development and colloboration toolkit behemoth Atlassian is warning of a dangerous zero-day in its collaboration software. There’s no alert about the bug visible on the company’s main web page, which features the company’s best-known tools JIRA (an IT ticketing system) and Trello (a discussion board), but you’ll find Confluence Security Advisory
A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses As the ESET research team released its T1 2022 Threat Report this week, Tony reviews the key trends and developments that defined the threat landscape in the first four months
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10
There were multiple times during my digital parenting journey when I would have loved to put my head in the sand. Pretend that life was easy and that my kids weren’t going to grow up and want devices and to join social media. But I didn’t. I couldn’t. With four kids who had technology running
The latest phase of the UK government-backed Digital Security by Design (DSbD) program will see 10 companies experimenting with prototype cybersecurity technology designed to radically strengthen computers’ underlying hardware. The technology, developed by semiconductor and software design company Arm in collaboration with researchers from the University of Cambridge, is known as Capability Hardware Enhanced RISC Instructions (CHERI). This
by Paul Ducklin Just as the dust started to settle on the weirdly-named Follina vulnerability… … along came another zero-day Windows security hole. Sort of. We’re not convinced that this one is quite as dramatic or as dangerous as some of the headlines seem to suggest (which is why we carefully added the words “sort
A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts After more than two years of shielding from a global pandemic, we get a ‘reward’: war! Several conflicts are raging in different parts of the world, but for us, this one
As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization’s ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and
As millions of people around the world practice social distancing and work their office jobs from home, video conferencing has quickly become the new norm. Whether you’re attending regular work meetings, partaking in a virtual happy hour with friends, or catching up with extended family across the globe, video conferencing is a convenient alternative to many of the activities we
Europol’s European Cybercrime Centre (EC3) announced the execution of an international law enforcement operation that involved 11 countries and resulted in the takedown of the so-called “FluBot” Spyware. The technical achievement reportedly followed an investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States and
by Paul Ducklin The latest scheduled Firefox update is out, bringing the popular alternative browser to version 101.0. This follows an intriguing month of Firefox 100 releases, with Firefox 100.0 arriving, as did Chromium 100 a month or so before it, without any trouble caused by the shift from a two-digit to a three-digit version
A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet Talking to children and teenagers is not always an easy task – we’ve all been teens before, huh? When I first approached Xavier, 14, to talk about how he engages with the online world, I was quite concerned
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. “Once the email is viewed, the attacker can silently take over the complete mail server without any further
Microsoft released an advisory on Monday acknowledging the zero-day Office flaw dubbed ‘Follina’ and suggested a possible fix for it. The document assigned the vulnerability the identifier CVE-2022-30190 and a rating of 7.8 out of 10 on the Common Vulnerability Scoring System (CVSS) on the basis that its exploitation may enable malicious actors to achieve code
by Paul Ducklin The internet is abuzz with news of a zero-day remote code execution bug in Microsoft Office. More precisely, perhaps, it’s a code execution security hole hole that can be exploited by way of Office files, though for all we know there may be other ways to trigger or abuse this vulnerability. Security
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy,
Anonymous-affiliated collective Spid3r claims to have attacked Belarus’ government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine. The group made the announcement on Twitter, publishing screenshots of various websites connected with the Belarus state being down, including the Ministry of Communications, the Ministry of Justice and the Ministry of Economy. In
by Paul Ducklin Home delivery scams, where the crooks falsely apologise to you for not delivering your latest parcel, have been around for years. However, as we have unfortunately needed to say many times on Naked Security, these scams seem to have become steadily more professional-looking during the pandemic, as more and more people have
Falsehoods about the war in Ukraine come in all shapes and sizes – here are a few examples of what’s in the fake news Manipulation, propaganda, lies and half-truths that even drive a wedge between relatives on either side of the Russia-Ukraine border – a war on truth is playing out on the digital front
It’s no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company’s work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don’t think twice when connecting an app they need with their
A group of hackers from Russia could be behind the leak of a list of emails between former director of MI6 Sir Richard Dearlove, Gisela Stuart, Robert Tombs, and other political figures within Theresa May’s government between August 2018 and July 2019. According to an investigation by Reuters, the cache of intercepted emails contained alternative
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of
Twitter has agreed to pay a $150m fine to settle a federal privacy suit over privacy data violations. The row saw the social company reportedly collecting phone numbers and email addresses for account security measures and then using the information for advertising purposes without letting users know. “This practice affected more than 140 million Twitter
New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience Governments around the world are concerned about growing risks of cyberattacks against their critical infrastructure. Recently, the cybersecurity agencies of the countries comprising the ‘Five Eyes’ alliance warned of a possible rise in such attacks “as a response
- « Previous Page
- 1
- …
- 90
- 91
- 92
- 93
- 94
- …
- 116
- Next Page »