A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. “These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of
by Paul Ducklin Two weeks ago was Cybersecurity Awareness Month’s “Fight the Phish” week, a theme that the #Cybermonth organisers chose because this age-old cybercrime is still a huge problem. Even though lots of us receive many phishing scams that are obvious when we look at them ourselves… …it’s easy to forget that the “obviousness”
A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
Ransomware – A truly frightening cyber security topic It’s October, and at McAfee we love celebrating spooky season. As McAfee’s Chief Technology Officer, I’m also excited that it’s Cyber Security Awareness Month. And while there are no fun-size candy bars, we do talk about some truly bone-chilling stuff when it comes to cyber safety. So gather round, as I tell you all about one of
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including
by Paul Ducklin We’ve just entered the last week of Cybersecurity Awareness Month 2021, and this week’s theme is something dear to our hearts here on Naked Security: Cybersecurity First! This is where we remind, urge, cajole, encourage, provoke, enthuse and remind you to put cybersecurity first in any IT project, for the simple reason
A non-profit educational foundation has teamed up with a cybersecurity company to develop a game that reveals what happens in a cyber-attack. The online simulation is the joint effort of Kaspersky and the DiploFoundation, and is based on the Kaspersky Interactive Protection Simulation (KIPS). The game was created with the intention of helping diplomats and professionals who lack
Cybersecurity detection is a criminal investigation. Cybercrime investigators are experts who are in limited supply. Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. The investigation is taunting and less glamorous, realizing that it can take an average of
A “potentially devastating and hard-to-detect threat” could be abused by attackers to collect users’ browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system “Gummy Browsers,” likening it to a nearly 20-year-old “Gummy Fingers” technique that can impersonate
A new Guinness World Record in cybersecurity training has been set by a cloud-based identity and access management (IAM) provider, a security awareness training platform, and a PR firm. The first-of-its-kind record was for the most views of a virtual cybersecurity lesson in 24 hours, and it was achieved on October 14 through the joint
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in a game assistant tool called “DesiEsp” which is an assistant tool for PUBG game available on GitHub. Basically, cyber criminals added their own malicious code
Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff. Passwords are the bane of everyone’s lives, but let’s face it – we all need them. And they aren’t going away as fast as Microsoft may want them to. For the time being, we will continue to depend on them
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber
The first ever person to be convicted of cyber-stalking in the District of Nebraska has been sentenced to federal prison. Dennis Sryniawski, a 48-year-old resident of Bellevue, was charged with intent to extort and cyber-stalking his former girlfriend, Diane Parris, in an attempt to prevent her husband, Jeff Parris, from being elected to the Nebraska
In the hands of a thief, your Social Security Number is the master key to your identity. With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away. Part of what makes an
Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era In the pandemic era, many organizations prioritize business continuity at the expense of cybersecurity. Especially in the early days of the pandemic, the focus was on just getting things done – supporting a rapid shift to
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the
by Paul Ducklin According to Reuters, the REVil ransomware operation was “hacked and forced offline this week by a multi-country operation”. Reuters writes that one of its sources claims the hack-back against this notorious ransomware crew was achieved thanks to the combined efforts of the FBI, the US Cyber Command, the Secret Service “and like-minded
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
There’s a person behind every cybercrime. That’s easy to lose sight of. After all, cybercrime can feel a little anonymous, like a computer is doing the attacking instead of a person. Yet people are indeed behind these attacks, and over the years they’ve been getting organized—where cybercriminals structure and run their operations in ways that darkly mirror
Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track. How do you start a career in cybersecurity? What qualifications, certifications and skills do you need? Should you spend half
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a “lone wolf” threat actor operating a Lahore-based fake
by Paul Ducklin [00’30”] Hook up with our forthcoming Live Malware Demo presentation. [02’02”] How to build your cybersecurity career. [07’24”] Why we think you should celebrate Global Encryption Day. [10’55”] A whole new twist on bogus online “friendships”. [21’01”] How to stop your network cables giving you away. [34’50”] Oh! No! Why superglue is
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs. Award recipients NPower and CyberWarrior will use the cash injection to bring cybersecurity training to the unemployed and to underemployed communities. CISA announced the awards yesterday to coincide with the third week of its Cybersecurity Summit, organized
Many people are excited about Gartner’s Secure Access Service Edge (SASE) framework and the cloud-native convergence of networks and security. While originally proposed as fully unified architecture delivering network and security capabilities, the reality soon dawned that enterprise transition to a complete SASE model would be a decade long journey due to factors such as
Brave Search will become the default search option for new users in the US, UK, Canada, Germany and France, with more countries to follow soon Brave, the company most widely known for its eponymous privacy-focused browser, has announced that it will replace Google and other search engines with its own Brave Search as the default
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can
by Paul Ducklin Sadly, a lot of the cryptocurrency news that we write about on Naked Security involves cybercriminals getting mixed up in things, often with depressing results. Two months ago, for example, a Japanese company called Liquid found that a cool $100 million had gone missing overnight, in a puff of cryptographic dust. We
A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m. The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education.
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams. QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a