by Paul Ducklin Late last week, our Slackware Linux distro announced an update to follow the scheduled-and-expected Firefox 100 release, which came out at the start of the month. The new version is 100.0.1, and we’re running it happily… …but when we clicked on What’s new two days later, to see what was new, we
The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code Ransomware – the security scourge of the modern, digital world – just keeps getting more dangerous. We’re educating users about what to do, but it’s hard to stay ahead
A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and
How protected am I online? Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise
A former banking IT security boss has been named as the co-chair of the government’s National Cyber Advisory Board, a key institution created as part of its new cybersecurity strategy. Sharon Barber was until recently chief resilience and security officer at Lloyds Banking Group, and will now lead efforts to shape a dialogue between society and
SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below – CVE-2022-22282 (CVSS score: 8.2) –
The cyber implications of the Russia-Ukraine conflict were discussed by a panel of international security leaders during the opening plenary session at CYBERUK 2022. The discussion was moderated by NCSC’s CEO Lindy Cameron, who was joined on the stage by the director of the US’ National Security Agency (NSA), Robert Joyce, head of the Australian Cyber
by Paul Ducklin You may not have heard of Curl (or curl, as it is more properly written), but it’s one of those open source toolkits that you’ve almost certainly used anyway, probably very often, without knowing. The open source world provides numerous tools of this sort – ubiquitous, widely used in software projects all over
Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect
Hands down, children look to their parents to keep them safe online more than anyone else, which begs the question—what’s a parent to do? Our recent study on connected families found that nearly three-quarters of children said their parents were best suited to teach them about staying safe online, nearly twice than teachers at school
The European Union (EU) has reached political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations. The new directive will replace the EU’s existing rules on the security of network and information systems (NIS Directive), which requires updating because “of the increasing degree of digitalization and interconnectedness of our society and the
by Paul Ducklin What does the word Glib mean to you? Does it make you think of a popular programming library from the GNOME project? Do you see it as a typo for glibc, a low-level C runtime library used in many Linux distros? Do you picture someone with the gift of the gab trying
Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit? Did you know that some 90 percent of successful cyberattacks start with a phishing email? This helps show why learning to recognize and avoid phishing attacks is such an important skill to
Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect
How do parents and children connect and protect themselves online? We spoke with thousands of them around the world to find out. In December 2021 we conducted a study about beliefs and behaviors about life online among members of connected families—as individuals and as a family unit. Parents and children were surveyed together, with parents
Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals. According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system. To investigate the incident, OKCIC enlisted the help
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other.
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed
A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used phishing and other means to obtain user credentials from January 2011 to
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? We all know there’s a cybersecurity skills shortage. Across the globe, the shortfall of talent is now measured in the millions. We’ve also all heard about the Great Resignation: a once-in-a-generation period of
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in
The Spanish government has sacked its spy chief Paz Esteban amid a dual phone-hacking scandal involving Pegasus spyware, the country’s defense minister said today. The National Intelligence Center (CNI) that Esteban headed faced controversy recently for reportedly using Pegasus, developed by Israel’s NSO Group, to spy on leaders of the Catalan independence movement. CNI was
by Paul Ducklin If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline. The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide. DarkSide is
The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. “Analysis of these samples indicates that the developer has access to REvil’s source code, reinforcing the likelihood that the threat group has reemerged,” researchers from Secureworks Counter Threat Unit
Russians tuning in to view the country’s Victory Day parade today were shocked to find anti-war messages after the country’s television listings system was hacked. The hack affected several major networks, including Channel One, Rossiya-1 and NTV-Plus, the BBC reported. The name of every program was replaced with a message stating, per the BBC’s translation: “On your
by Paul Ducklin Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with
LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform Job hunting is hard work, a kind of full-time job in itself. It requires focus and patience to go from one job posting to another
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are
- « Previous Page
- 1
- …
- 95
- 96
- 97
- 98
- 99
- …
- 118
- Next Page »