Why schools, hospitals, local governments and other public sector organizations are in a sweet spot for ransomware attacks Why are schools, hospitals and local governments firmly in the crosshairs of cybercriminals and why do public-sector entities fall into a sweet spot for ransomware attacks? What are the latest trends on the ransomware scene? A report
Month: January 2023
Confidential data from 14 UK schools has been leaked online by hackers following attacks that took place in 2022. The leaked documents include children’s SEN information, pupil passport scans, staff pay scales and contract details. The information was leaked after the impacted schools refused to pay the attackers ransom demands. The attacks and leaks were
by Paul Ducklin LAST STRAW FOR LASTPASS? IS CRYPTO DOOMED? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere
Jan 06, 2023Ravie LakshmananEndpoint Security / Cyber Threat Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. “While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform,” the tech giant’s Security
It has a way of sneaking up on you. Credit theft and fraud. Maybe it’s happened to you. Maybe it’s happened to a friend or family member. There’s a call from the bank, a notification in your financial app, or a charge on the statement that’s beyond explanation. Someone else has tapped into your funds.
Are your virtual doctor visits private and secure? Here’s what to know about, and how to prepare for, connecting with a doctor from the comfort of your home. Telehealth services were one of the tech success stories of the COVID-19 pandemic. Just as cloud-based services helped suddenly locked-down workers to stay productive, telemedicine consultations ensured
A Pembrokeshire man has been jailed for life for a series of appalling sexual offenses against young children, after investigators used new technology to unmask him. Global law enforcers had been trying to ascertain the identity of 50-year-old Martyn Armstrong for years after abuse material was posted to dark web pedophile site The Love Zone
by Paul Ducklin Even though it’s already Day 4 of Year 2023, some of the important IT/sysadmin/X-Ops security stories of the holiday season are only popping up in mainstream news now. So we though we’d take a quick look back at some of the major issues we covered over the last couple of weeks, and
Jan 05, 2023Ravie LakshmananCybercrime / Banking Security A cybercrime group dubbed Bluebottle has been linked to a set of targeted attacks against the financial sector in Francophone countries located in Africa from at least July 2022 to September 2022. “The group makes extensive use of living-off-the-land, dual use tools, and commodity malware, with no custom
It’s been a particularly busy and colourful week, scam-wise in our household. Between 4 family members, we’ve received almost 20 texts or emails that we’ve identified as scams. And the range was vast: from poorly written emails offering ‘must have’ shopping deals to terse text messages reprimanding us for overdue tolls plus the classic ‘Dear
With many children spending a little too much time playing video games, learn to spot the signs things may be spinning out of control Across Europe, half of the population aged 6-64 plays video games, according to industry body ISFE. The number rises significantly for 6-10-year-olds (68%), and those aged 11-14 (79%) and 15-24 (72%).
Several social media accounts and fake websites are pretending to sell the sought-after hacking tool Flipper Zero to lure cybersecurity professionals into making cryptocurrency transactions. This new campaign of angler phishing – a type of social media phishing that involves impersonating corporate social media accounts to interact with their customers – was first uncovered by
by Naked Security writer It looks like the sort of meeting room you might find in startups all over the world: diffuse lighting from windows down one wall, alongside a giant poster cityscape of New York’s Brooklyn Bridge, with the Manhattan skyline towering behind it. The difference in this case is that that the computer
Jan 04, 2023Ravie LakshmananFirmware Security Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities — tracked from CVE-2022-40516 through CVE-2022-40520 — also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS
Pledging to follow healthier habits is consistently the most popular new year’s resolution. That January 1st promise looks different to everyone: snacking less often, going to the gym more often, drinking more water, drinking less soda, etc. This year, instead of a juice cleanse subscription, opt for a healthier habit that’s not an unappetizing shade
A prolific ransomware group has apologized to a children’s hospital and provided it with a free decryption key after the facility was compromised in mid-December. The incident occurred at Toronto’s Hospital for Sick Children (SickKids) on the evening of December 18 2022, local time. Although it said in a statement that it had “mobilized quickly
by Paul Ducklin Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has
Jan 03, 2023Ravie LakshmananUnited States A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing
by Paul Ducklin PyTorch is one of the most popular and widely-used machine learning toolkits out there. (We’re not going to be drawn on where it sits on the artifical intelligence leaderboard – as with many widely-used open source tools in a competitive field, the answer seems to depend on whom you ask, and which
Jan 02, 2023Ravie LakshmananWeb Security / Linux WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,” Russian
by Paul Ducklin A DAY IN THE LIFE OF A CYBERCRIME FIGHTER Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Click-and-drag on the soundwaves below to skip
Dec 29, 2022Ravie LakshmananOnline Security / Malvertising Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of