An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named “AbstractEmu” owing to its use of code abstraction and anti-emulation checks to avoid running while under
by Paul Ducklin We’ve been using Edge on Linux for quite some time, first in Dev Build form, then in its Beta flavour… …but when we went to check Microsoft’s repository tonight, we were surprised to see a build package that had arrived just an hour earlier with the name microsoft-edge-stable-95.0.1020.38-1.x86_64.rpm. So, the Eagle, or
Microsoft has announced plans to fill 250,000 cybersecurity roles by working with community colleges across the United States. As part of the recruitment drive, the American multinational technology corporation said today that it intends to invest millions of dollars in education and teacher training over the next three years. As of January 2021, there were
Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) continues to be a technical acronym thrown around in the cybersecurity industry with many notations and promises. Every vendor offering cybersecurity has an XDR song to sing. Interestingly,
The police sting spanned three continents and involved crackdowns in nine countries Law enforcement agencies from Europe, the United States and Australia have teamed up to arrest some 150 people who are believed to have sold and bought illegal drugs and other illicit goods on the dark web. “More than €26.7 million (USD 31 million)
Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with “relative ease” in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about
by Paul Ducklin First thing this morning, just after midnight, we received the latest slew of Apple Security Bulletins by email. As often seems to happen with Cupertino’s patches, the emails were informative and confusing in equal measure, offering an intriguing mix of security update information: The latest macOS 12 Monterey emerges as 12.0.1. We’re
The United States government has launched an appeal against a UK court’s decision to refuse to extradite Wikileaks founder Julian Assange. Australian citizen Assange, who is aged 50, was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. The
What cyber security threats should enterprises look out for in 2022? Ransomware, nation states, social media and the shifting reliance on a remote workforce made headlines in 2021. Bad actors will learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns wielding the potential to wreak more havoc in all our
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom From headline-grabbing stories of ransomware to personal experiences of identity theft, cyber is increasingly finding its way into collective consciousness. During the pandemic, an escalation in threat levels also reminded IT and business leaders what’s
A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. “These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of
by Paul Ducklin Two weeks ago was Cybersecurity Awareness Month’s “Fight the Phish” week, a theme that the #Cybermonth organisers chose because this age-old cybercrime is still a huge problem. Even though lots of us receive many phishing scams that are obvious when we look at them ourselves… …it’s easy to forget that the “obviousness”
A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
Ransomware – A truly frightening cyber security topic It’s October, and at McAfee we love celebrating spooky season. As McAfee’s Chief Technology Officer, I’m also excited that it’s Cyber Security Awareness Month. And while there are no fun-size candy bars, we do talk about some truly bone-chilling stuff when it comes to cyber safety. So gather round, as I tell you all about one of
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including
by Paul Ducklin We’ve just entered the last week of Cybersecurity Awareness Month 2021, and this week’s theme is something dear to our hearts here on Naked Security: Cybersecurity First! This is where we remind, urge, cajole, encourage, provoke, enthuse and remind you to put cybersecurity first in any IT project, for the simple reason
A non-profit educational foundation has teamed up with a cybersecurity company to develop a game that reveals what happens in a cyber-attack. The online simulation is the joint effort of Kaspersky and the DiploFoundation, and is based on the Kaspersky Interactive Protection Simulation (KIPS). The game was created with the intention of helping diplomats and professionals who lack
Cybersecurity detection is a criminal investigation. Cybercrime investigators are experts who are in limited supply. Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. The investigation is taunting and less glamorous, realizing that it can take an average of
A “potentially devastating and hard-to-detect threat” could be abused by attackers to collect users’ browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system “Gummy Browsers,” likening it to a nearly 20-year-old “Gummy Fingers” technique that can impersonate
A new Guinness World Record in cybersecurity training has been set by a cloud-based identity and access management (IAM) provider, a security awareness training platform, and a PR firm. The first-of-its-kind record was for the most views of a virtual cybersecurity lesson in 24 hours, and it was achieved on October 14 through the joint
Authored by: Wenfeng Yu McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in a game assistant tool called “DesiEsp” which is an assistant tool for PUBG game available on GitHub. Basically, cyber criminals added their own malicious code
Security professionals advise to never use ‘beef stew’ as a password. It just isn’t stroganoff. Passwords are the bane of everyone’s lives, but let’s face it – we all need them. And they aren’t going away as fast as Microsoft may want them to. For the time being, we will continue to depend on them
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber
The first ever person to be convicted of cyber-stalking in the District of Nebraska has been sentenced to federal prison. Dennis Sryniawski, a 48-year-old resident of Bellevue, was charged with intent to extort and cyber-stalking his former girlfriend, Diane Parris, in an attempt to prevent her husband, Jeff Parris, from being elected to the Nebraska
In the hands of a thief, your Social Security Number is the master key to your identity. With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away. Part of what makes an
Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era In the pandemic era, many organizations prioritize business continuity at the expense of cybersecurity. Especially in the early days of the pandemic, the focus was on just getting things done – supporting a rapid shift to
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the
by Paul Ducklin According to Reuters, the REVil ransomware operation was “hacked and forced offline this week by a multi-country operation”. Reuters writes that one of its sources claims the hack-back against this notorious ransomware crew was achieved thanks to the combined efforts of the FBI, the US Cyber Command, the Secret Service “and like-minded
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
There’s a person behind every cybercrime. That’s easy to lose sight of. After all, cybercrime can feel a little anonymous, like a computer is doing the attacking instead of a person. Yet people are indeed behind these attacks, and over the years they’ve been getting organized—where cybercriminals structure and run their operations in ways that darkly mirror