Russia has slapped American tech company Google with a record-breaking fine for failing to remove “banned content.” A Russian court issued the $100m financial penalty on Friday in response to Google’s alleged “systematic failure to remove banned content.” Although the financial penalty is the largest fine of its kind ever to be issued by a
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this
The prime minister of Albania has issued a public apology after the personal data of hundreds of thousands of Albanian citizens was allegedly leaked online. An Excel file containing what appears to be data relating to employees in the public and private sectors was found circulating on social media and has reportedly been broadly shared through messaging
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake. Let’s start with an overview and a few examples of
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score:
by Paul Ducklin SFW! Here they are! The Top N cybersecurity stories of the year that are totally SFW, and entirely conducive to Happy Holidays! And by totally SFW, we don’t just mean Suitable For Work, but also Something For the Weekend – a double bonus if you’re on official duty over the holiday break and
A Russian cyber-criminal who hacked into three tech companies and stole more than 100 million user credentials will not have to pay restitution to his corporate victims. Yevgeniy Aleksandrovich Nikulin was found guilty in July 2020 of causing data breaches at LinkedIn, Dropbox, and the now defunct social media platform Automatic in 2012. Speaking during the closing
Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults. Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries. “These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning
by Paul Ducklin The picture you see above is not only a real Fisher-Price product, released in the second decade of the 21st century… …but is also officially NOT A TOY! Sure, it looks like a Chatter Phone toy, with an external appearance that adults of all ages will recognise, perhaps from having had one,
Threat actors have exploited a vulnerability in Log4j software to wage a cyber-attack on Belgium’s Defense Ministry. The attack began on December 16 and was confirmed by Belgium’s Ministry of Defense on Monday. Speaking to the AFP in Brussels on Tuesday, Belgian military spokesman Commander Olivier Séverin said that the incident had caused damage to services that were connected to the
Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability
Don’t leave your kids to their own devices – give them a head start with staying safe online instead The festive season is a time for giving, and what better present to give your children than ensuring that they can enjoy their new connected gadgets and stay safe along the way? As parents, we need
China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library. The development was reported by Reuters and South China
by Paul Ducklin This story isn’t quite as dramatic as if the Feds had managed to reverse tens of thousands of separate Bitcoin (BTC) transactions used in a global online scam to defraud tens of thousands of separate and vulnerable victims… …but it’s spectacular nevertheless, given that the stolen-but-recovered amount came to BTC 3,879.16, which
A United States court has sentenced a Russian national who admitted being involved in a conspiracy to launder money stolen from American victims of computer fraud. Maksim Boiko, also known as Maxim Boyko, and online as “gangass,” was one of 20 individuals indicted by the US in connection with the transnational criminal organization QQAAZZ. With members
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part
Transportation industry and government agencies related to the sector are the victims of an ongoing campaign since July 2020 by a sophisticated and well-equipped cyberespionage group in what appears to be yet another uptick in malicious activities that are “just the tip of the iceberg.” “The group tried to access some internal documents (such as
by Paul Ducklin Pick a random person, and ask them these two questions: Q1. Have you heard of Apache? Q2. If so, can you name an Apache product? We’re willing to wager that you will get one of two replies: A1. No. A2. (Not applicable.) A1. Yes. A2. Log4j. Two weeks ago, however, we’d suggest
Detectives investigating a hacking incident at a Florida college have charged a former nurse with possessing child sexual abuse material (CSAM). An investigation was launched in June 2021 when two IT accounts belonging to a program coordinator and an instructor at Polk State College were hacked. The employees were locked out of their labs and scheduling accounts,
The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to. And they sure have been busy. In fact, the U.S. Federal
As you down tools for the holiday season, be sure to also switch off the standby lights – it’s both cost effective and better for the environment Depending on who you talk to, climate change can sometimes be a contentious topic, but even the sceptics should accept that there is little point in wasting energy.
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios
by Paul Ducklin ‘Twas the night before Christmas When all through the house Not a creature was stirring, not even a mouse… As Christmas 2021 approaches, spare a thought for your sysamins, for your IT team, and for your cybersecurity staff. There may be plenty of mice stirring all through the IT house right up
Data belonging to an Illinois-based accountancy firm has been exposed in a cyber-attack. Bansley and Kiener, which is also known as B&K, is a 99-year-old full-service accounting firm headquartered in Chicago. Earlier this month, B&K issued a security notice stating that it had been successfully targeted by cyber-criminals using ransomware a year ago. “On December 10, 2020, B&K
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all
Seven students at the University of Mississippi have been charged with cyber-stalking a fellow student who blew the whistle on their fraternity’s hazing activities. College hazing is an initiation ceremony in which freshmen undertake humiliating and sometimes dangerous feats to gain admittance into a fraternity or sorority. Ole Miss Pi Kappa Alpha fraternity members Baylor Reynolds, aged
Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. “This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability,” Matthew