Privacy and data security concerns have been raised over a plan to link South African phone users’ biometric data to their SIM cards. The proposal by the Independent Communications Authority of South Africa (ICASA) was among a list of draft regulations published by the watchdog for public commentary in March. If approved, it would give
by Paul Ducklin Google’s May 2022 updates for Android are out. As usual, the core of Android received two different patch versions. The first is dubbed 2022-05-01, and contains fixes for 13 CVE-numbered vulnerabilities. Fortunately, none of these are currently being exploited, meaning that there are no zero-day holes known this month; none of them
The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse
A former executive of eBay has pleaded guilty to taking part in a disturbing cyber stalking campaign waged against a married couple from Massachusetts. The couple’s terrifying experience began after they wrote about eBay in an online newsletter aimed at eBay sellers, which they edited and published. Under the campaign, parcels with horrifying contents were anonymously sent
by Paul Ducklin Firefox has followed Chromium to the century mark, reaching a score of 100* with its latest scheduled almost-monthly release. For readers without the sporting good fortune of living in a cricket-playing country, an individual score of 100 in a single innings, known as a century or a ton, is considered a noteworthy
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws
Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles. In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices. The minister for the presidency, Félix Bolaños, said that the
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week. “The target
A Texas school district employee has tendered their resignation after being caught secretly mining cryptocurrency on school premises. Pings picked up by Galveston Independent School District’s firewall a couple of weeks ago aroused the suspicion of the district’s IT department. An investigation into the activity determined that multiple cryptocurrency mining machines were operating on the
India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours
The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) are coming together to tackle cyber threats facing the bioeconomy. The partnership, which aims to protect economic activity in the United States involving the use of biotechnology and biomass in the production of goods, services or energy, was announced on Thursday.
Here’s what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group In this edition of Week in security, Tony looks at the latest ESET research that: provided a detailed overview of TA410, a cyberespionage umbrella group that targets entities in the government and education sectors
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular
So is your smart speaker really listening in on your conversations? That’s the crux of a popular privacy topic. Namely, are we giving up some of our privacy in exchange for the convenience of a smart speaker that does our bidding with the sound of our voice? After all, you’re using it to do everything
A cyber-attack on a hotel reservation system has exposed the personal data of thousands of guests who stayed at upscale Finnish hotels. News of the security incident, which has impacted at least five hotels, was first reported by Finnish news agency MTV on Tuesday. Between February 10 and 14, cyber-attackers exploited a vulnerability to hack
by Paul Ducklin Early in April 2022, news broke that various users of Microsoft’s GitHub platform had suffered unauthorised access to their private source code. GitHib has now updated its incident report to say that it is “in the process of sending the final expected notifications to GitHub.com customers who had either the Heroku or
At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. “Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military
A woman from Los Angeles, who coughed on an Uber driver in a video that went viral last spring, has been accused of stealing the identity of her former neighbor. Arna Kimiai, known on social media as ‘Cough Girl,’ was charged over the March 7 2021 incident involving San Francisco Uber driver, Subhakar Khadka. A video shared
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET. ESET researchers have documented and analyzed TA410 activity going back to 2019. TA410 is a cyberespionage umbrella group loosely linked to
A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET
An Israeli private investigator could spend the next 27 years in prison after pleading guilty to taking part in an international fraud and hacking conspiracy. Aviram Azari was arrested in Manhattan, New York, in 2019 and charged with conspiracy to commit computer hacking, aggravated identity theft, and wire fraud. The 50-year-old private detective, who served in a
by Paul Ducklin Even if you’re not a native speaker of English, you’ve probably heard the curious saying, “It’s a bit of a Curate’s Egg”, referring to something about which you’re determined to keep a positive public attitude, even if your immediate private reaction was to be disappointed. The saying has certainly stood the test
Bad actors continuously evolve their tactics and are becoming more sophisticated. Within the past couple of years, we’ve seen supply chain attacks that quickly create widespread damage throughout entire industries. But the attackers aren’t just focusing their efforts on supply chains. For example, businesses are becoming increasingly more reliant on SaaS apps and the cloud
The British Army’s online recruitment portal has been offline for more than a month following a data breach. Officials shut the computerized enrollment system down in the middle of March as a precaution after the personal data of more than 100 army recruits was found being offered for sale on the dark web. An investigation
by Paul Ducklin We’re sure you’ve heard of the KISS principle: Keep It Simple and Straightforward. In cybersecurity, KISS cuts two ways. KISS improves security when your IT team avoids jargon and makes complex-but-important tasks easier to understand, but it reduces security when crooks steer clear of mistakes that would otherwise give their game away.
BEC fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams. The old adage of people being the weakest link in security is especially true when it comes to email threats. Here, cybercriminals can arguable generate their biggest “bang-for-buck”
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products. Calling the new activity a “departure” from the group’s typical
Email accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. In a data security notice on its website, the healthcare provider disclosed that the actor was able to access a limited number of email
- « Previous Page
- 1
- …
- 91
- 92
- 93
- 94
- 95
- …
- 112
- Next Page »