Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled
Month: November 2022
Google has announced a legal victory against two Russian nationals connected with the Glupteba botnet. In a blog post last Friday, the tech giant said the court’s ruling against the botnet operators set a crucial legal precedent and sends a warning to cyber-criminals and their accomplices. “Last December, Google’s Threat Analysis Group (TAG) shared the
by Paul Ducklin Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers
What have some of the world’s most notorious APT groups been up to lately? A new ESET report released this week has the answers. What have advanced persistent threat (APT) groups been up to lately? This week, the ESET Research team published their inaugural APT Activity Report, which reviews the activities of selected APT threat
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the
The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.” Exposure to unwanted software can derail its performance and hog its storage within a
A credential phishing attack reportedly targeted 22,000 students at national educational institutions with a campaign impersonating Instagram. The information comes from security experts at Armorblox, who highlighted the new threat in an advisory on November 17, 2022. “The subject of this email encouraged victims to open the message,” reads the technical write-up. The goal of this
Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI)
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers. The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of
On Thursday, the US Cybersecurity and Infrastructure Security Agency (CISA) published the final part of its three-section series on securing the software supply chain. The publication, which follows the August 2022 release of guidance for developers and the October 2022 release of guidance for suppliers, provides recommended practices for customers to ensure the integrity and
The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it’s called, aims to secure personal data, while also seeking users’ consent in what the draft claims is
Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers. In this article, we highlight the importance of
Shoppers should stay alert on Black Friday as hackers launch new scams in the lead-up to the event. Check Point Research (CPR) said the team has already observed a sharp increase in shopping-related phishing scams, with threat actors imitating well-known brands. “While consumers are getting ready to bag the best deal, cybercriminals are taking advantage
by Paul Ducklin Given that we’re getting into peak retail season, you’ll find cybersecurity warnings with a “Black Friday” theme all over the internet… …including, of course, right here on Naked Security! As regular readers will know, however, we’re not terribly keen on online tips that are specific to Black Friday, because cybersecurity matters 365-and-a-quarter
Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which suits your needs better? People who want to keep their online activities private are often faced with the question – should I use a virtual private network (VPN) or the Tor anonymity network?
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. “Observed DEV-0569 attacks show a pattern of continuous
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone. Here’s everything you need to know about mobile MiTM schemes specifically, how to
Swiss authorities have apprehended a Ukrainian national wanted by the Federal Bureau of Investigation (FBI) for 12 years for connections with a cyber-criminal group that stole millions of dollars from bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov was arrested in Geneva on October 23, 2022, and is now pending extradition to the US,
by Paul Ducklin DON’T LET ONE LOUSY EMAIL PASSWORD SINK THE COMPANY Microsoft’s tilt at the MP3 marketplace. Apple’s not-a-zero-day emergency. Cracking the lock on Android phones. Browser-in-the-Browser revisited. The Emmenthal cheese attack. Business Email Compromise and how to prevent it. Click-and-drag on the soundwaves below to skip to any point. You can also listen
The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. “Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially
Authored by Oliver Devane It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users. One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After
Google has announced plans to roll out the initial Privacy Sandbox Beta to Android 13 mobile devices earlier next year. Initially unveiled in February, the project aims to bring new and more private advertising solutions to mobile. “Over the course of 2022, we’ve published design proposals and released a number of Developer Previews,” Android product
by Paul Ducklin Firefox’s latest once-every-four-weeks security update is out, bringing the popular alternative browser to version 107.0, or Extended Support Release (ESR) 102.5 if you prefer not to get new feature releases every month. (As we’ve explained before, the ESR version number tells you which feature set you have, plus the number of times
The convenience with which you manage all your financial wants and needs may come at a cost Since becoming more common in the mid-2010s, mobile banking apps have continued to grow in popularity and have ultimately become highly versatile tools for almost all things money-related. We use our phones to shop, pay for services, transfer
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The two high-severity issues, which were reported to F5 on August 18, 2022, are as
Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser on Windows. Such browser-delivered push messages appear as toaster pop-ups in the tray above the system clock and are meant to trick users
State-sponsored actors in the Billbug group (aka Lotus Blossom and Thrip) have tried to compromise a digital certificate authority in an Asian country during a campaign targeting multiple government agencies. Security researchers from Symantec have made the discovery and shared the findings in an advisory published earlier today. “In activity documented by Symantec in 2019,
by Paul Ducklin Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal
Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. “The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions,” the company said.
Code hosting company GitHub has unveiled a new direct channel for security researchers to report vulnerabilities in public repositories. The feature needs to be manually enabled by repository maintainers and, once active, enables security researchers to report any vulnerabilities identified in their code. “Owners and administrators of public repositories can allow security researchers to report