You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly. Did you know that your device can fall into cybercriminals’ hands without
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is
by Paul Ducklin The UK legislature is currently interested in a law about what it calls PSTI, short for Product Security and Telecommunications Infrastructure. If you’ve seen that abbreviation before, it’s almost certainly in the context of the PSTI Bill. (A Bill is proposed new legislation that has not yet been agreed upon; if ultimately
The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The Information Commissioner’s Office (ICO) said that the safety of hundreds of 2020 New Year Honors recipients had been placed in jeopardy after their personal data was published online. “On 27 December 2019 the Cabinet Office
You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues
by Paul Ducklin Renowned bug-hunter Tavis Ormandy of Google’s Project Zero team recently found a critical security flaw in Mozilla’s cryptographic code. Many software vendors rely on third-party open source cryptographic tools, such as OpenSSL, or simply hook up with the cryptographic libraries built into the operating system itself, such as Microsoft’s Secure Channel (Schannel)
A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting to be working on remediating the theft. Portland resident Nickolas Sharp allegedly stole gigabytes of data from Ubiquiti Inc., a technology company headquartered in New York, where Sharp was employed from August 2018 to
And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own. Let’s unwrap the top four phishing scams that users should beware
Fraudsters take advantage of the emergence of the new variant to dupe unsuspecting victims out of their sensitive data Sensing another opportunity to take advantage of fears surrounding the COVID-19 pandemic, scammers are deploying a phishing campaign where they attempt to exploit the emergence of the Omicron coronavirus variant in order to line their pockets,
A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes’ latest findings go into detail about the new tactics and tools adopted by the APT group
by Paul Ducklin [00’23”] Fun Fact: Ebooks reach their half-century. [00’58”] Call scammers and cryptocoin treachery. [07’34”] Cloud insecurity and yet more cryptocoin treachery. [16’15”] Tech History: The interwoven story of Mary Shelley, Ada Lovelace and AI ethics. [18’26”] Facial recognition creepiness. [25’23”] Oh! No! The wannabe wizard that went to school with a trainee
A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII). The agency said in a notice posted to its website on Wednesday that suspicious activity was detected on its computer network on October 17. An investigation into the activity remains ongoing; however, it has been determined that an
I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a
Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware Did you ever wonder why researchers behind a cybersecurity discovery chose to go down that particular rabbit hole? What made them curious about that specific malware family, variant, or campaign? Did they come up with
Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. “These people are at the center of critical communities for public debate,”
The United States has sent a fourth member of the international hacking group known as The Community to prison. Garrett Endicott, of Warrensburg, Missouri, was the last of six defendants to be sentenced in connection with a multi-million-dollar SIM-swapping conspiracy that claimed victims across the country, including in California, Missouri, Michigan, Utah, Texas, New York and Illinois.
Online is a little different for everyone How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go. This
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360’s Netlab network security division, which detected the botnet first on October 27, 2021, called it
The former dean of a business school in Philadelphia has been found guilty of involvement in a fraudulent scheme to doctor program rankings using false data. Moshe Porat, of Bala Cynwyd, Pennsylvania, was dean of Temple University’s Richard J. Fox School of Business and Management for more than two decades, from 1996 until 2018. On
Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the precise position where most find themselves today while trying to battle cybersecurity issues across their supply chain. While these supply chains have plenty of their own challenges, such as global disruptions of distribution, our recent
One of the harsh realities of cybersecurity today is that malicious actors and attackers don’t distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has
by Paul Ducklin The UK data protection regulator has announced its intention to issue a fine of £17m (about $23m) to controversial facial recognition company Clearview AI. Clearview AI, as you’ll know if you’ve read any of our numerous previous articles about the company, essentially pitches itself as a social network contact finding service with
The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised. In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11. An internal investigation was launched that determined that the intruder had accessed some data stored on
We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other times it’s a quiz that will magically reveal your celebrity look-alike. While the innocent click connected to most clickbait is seemingly harmless, some clickbait can install dangerous malware onto your devices. According to the FBI’s Crime Complaint Center’s 2020
The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains Law enforcement agencies from around the globe have swooped down on hundreds of people suspected of committing various types of online crime, including romance scams, investment fraud and money laundering operations. The international effort
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm
An APAC marine services multi-national appears to have become the latest victim of the prolific Clop ransomware gang. Swire Pacific Offshore (SPO) has provided crew and ships for specialized tasks such as anchor handling, platform supply and seismic surveys for over 45 years. However, its name recently appeared on the extortion site of the Clop
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even