Cyber Security

by Paul Ducklin When the Apple AirTag hit the market in 2021, it immediately attracted the attention of hackers and reverse engineers. Could AirTags be jailbroken? Could AirTags be simulated? Could the AirTag ecosystem be used for purposes beyond Apple’s own imagination (or at least beyond its intentions)? We soon found ourselves writing up the

The UK’s construction industry has received its first-ever cybersecurity guidance from the National Cyber Security Centre (NCSC). The document, Cyber security for construction businesses, provides practical, tailored advice for construction firms on protecting their businesses and building projects from cyber-attackers. The guidance details the most common attack vectors construction faces, including spear-phishing, ransomware and supply chain attacks. The

by Paul Ducklin WordPress plugins need to be kept up-to-date just as keenly as WordPress itself… …especially if those plugins are designed to help you look after the entirety of your WordPress site data. That’s why we thought we’d write about a recent warning from the creators of Updraft and Updraft Plus, which are free

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report. The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business

by Paul Ducklin Unfortunately, we’ve had to warn about sextortion, also known as porn scamming, many times before. Porn scams are phishing tricks whereby criminals try to squeeze you into making contact with them, or even to pay them money immmediately, by claiming to have evidence that you have committed some sort of sexually-related online

Credit Suisse has hit back at allegations of severe due diligence failures exposed by a major new leak of customer account information. Details of 18,000 accounts linked to 30,000 clients containing an estimated £80bn ($100bn) were shared by an anonymous whistleblower with various media outlets, including The Guardian. “I believe that Swiss banking secrecy laws are

The United States Department of Justice (DOJ) is cracking down on the criminal misuse of cryptocurrencies and digital assets. In a statement released Thursday, the DOJ announced the appointment of prosecutor and former senior counsel to the deputy attorney general, Eun Young Choi, as the first director of the National Cryptocurrency Enforcement Team (NCET). Comprising department attorneys,

by Paul Ducklin Storm conditions in November 2021 in northern and north-eastern parts of the UK brought down powerlines in some areas, leaving many homes without electricity for several days. British power companies, which, for better or worse, are privatised rather that state-run, are required to pay out compensation to customers who did not receive

A man from Florida will not be serving time in prison for his role in a multi-million dollar Medicare fraud scheme involving the sale of patients’ personal and medical data. Boca Raton resident, Nathan LaParl, aged 35, and his 30-year-old accomplice Talia Alexandre, of Palm Springs, worked with foreign call centers to contact Medicare patients

by Paul Ducklin If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float(). A proof-of-concept exploit based on using PHP to query a database shows that the

The infamous Trickbot Trojan has targeted customers of scores of big-name brands over the past year, including Amazon, PayPal and Microsoft, according to new data from Check Point. The security vendor claimed that the malware had infected at least 140,000 victims since November 2020, with attackers being careful to target high-profile victims. Among the 60 brands

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

The UK’s cybersecurity industry generated record levels of external investment and revenue in the last financial year, according to official figures. The DCMS Annual Cyber Sector Report 2022 revealed more than £1bn was raised in external investment over 84 deals during this period. This includes Bristol-based Immersive Labs, which secured £53.5m, and London-headquartered Tessian, which raised more

by Paul Ducklin VMWare’s latest security bulletin doesn’t mince its words about how quickly you should patch: When do I need to act? Immediately. The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. [… G]iven the severity, we strongly recommend that you act. The issues referred to

A range of pressing cybersecurity issues was discussed by members of the RSA Conference advisory board during a virtual session this week. The panelists began by highlighting the elevated profile of cybersecurity during the COVID-19 pandemic, which is increasingly coming to the attention of business leaders. Caroline Wong, chief strategy officer at Cobalt, noted that “when I began my career, I