Dec 22, 2022Ravie LakshmananPassword Management / Online Security Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user’s plaintext passwords. “Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate
The UK National Cyber Security Centre (NCSC) has called for a defense-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture. Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work. For example,
by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists
Dec 21, 2022Ravie Lakshmanan The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. “The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. Without question, smart home devices have truly stormed the marketplace. We’ve gone from a handful of relatively straightforward things like connected lights, outlets, and cameras to a wide range of fully connected household appliances
Give yourself peace of mind and help create a safe online space for your child using Android or iOS parental controls So you’re about to give your kid their first smartphone. While your child will be over the moon with their shiny new device, you begin to wonder how to stop the kid from spending
The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts. The data, available from Q4 2021 onwards, includes the organization’s name and sector, the relevant legislation and the type of issues involved, the date of completion
by Paul Ducklin The “Missing Cryptoqueen” saga has made long-term headlines since co-founders Ruja Ignatova and Karl Sebastian Greenwood started a cryptocurrency scam known as OneCoin, way back in 2014. Ignatova, who hails from Bulgaria, and who apparently liked to be known as The Cryptoqueen (her charge sheet even shows that name as an alias),
Dec 20, 2022Ravie LakshmananPrivacy / Data Security Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275
Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist. You’ve successfully avoided all sorts of shopping scams while hunting for bargains this holiday season, and now the time has come to drive, fly or take a train home for Christmas. You’re taking time
Analysis of 600 apps on the Google Play store by CloudSEK’s BeVigil security search engine found that 50% were leaking application programming interface (API) keys of three popular transactional and marketing email service providers. The providers included Mailgun, MailChimp and SendGrid. CloudSEK has notified all involved entities and affected apps about the hardcoded API keys.
Dec 19, 2022Ravie LakshmananData Security / Endpoint Security A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has
The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly. Choosing the right holiday gift(s) for your children can be nerve-racking, perhaps doubly so if you’re choosing it for your pre-teen. It’s at that age when
Social media giant Meta has awarded a total of $2m as part of its bug bounty program. The total amount since the program’s establishment in 2011 is reportedly $16m. The figures come from a blog post Meta published on Thursday looking back at the highlights from the company’s bug bounty program over the last decade.
Dec 18, 2022Ravie Lakshmanan Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it
The group’s proprietary backdoor LODEINFO delivers additional malware, exfiltrates credentials, and steals documents and emails This week, the ESET research team published their findings about a spearphishing campaign that the Chinese-speaking threat actor MirrorFace launched in Japan and that mainly focused on members of a specific Japanese political party. The campaign – which ESET Research
The Agenda ransomware group has been observed developing new malware using the Rust programming language and using it to breach several companies. “The threat actors not only claimed that they were able to breach the servers of these companies but also threatened to publish their files,” wrote Trend Micro researchers, who recently discovered the new malicious
by Paul Ducklin If you’re a regular Naked Security reader, you can probably guess where on the planet we’re headed in this virtual journey…. …we’re off once more to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel. Researchers in the department’s Cyber-Security Research Center regularly investigate security
Dec 17, 2022Ravie LakshmananServer Security / Network Security Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.
Two-thirds of cybersecurity professionals have suffered burnout over the past year as a result of work-related stress, according to a new survey from Promon. The Norwegian security vendor polled over 300 information security pros at this year’s Black Hat Europe expo in London to better understand the mental health of those working in the industry.
by Paul Ducklin PWNING THE WINDOWS KERNEL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts
Dec 16, 2022Ravie LakshmananEncryption / Data Security The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it’s formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing
Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages. While being able to browse whenever
The US authorities have charged six people in connection with running DDoS-for-hire services which enabled attacks on millions of targets, according to the Department of Justice (DoJ). Four defendants were charged in Los Angeles in connection with running so-called “booter” services named: RoyalStresser.com (formerly known as Supremesecurityteam.com); SecurityTeam.io; Astrostress.com; and Booter.sx. An additional two people
by Paul Ducklin Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days… …and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval. For a threat researcher’s view of the Patch Tuesday fixes for December 2022, please consult
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT
Dec 15, 2022Ravie LakshmananMobile Security / A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger “takes advantage
Our How I Got Here series spotlights the stories of McAfee team members who have successfully grown their careers. Read more about Brenda’s McAfee’s journey, what a day in the McAfee sales team is like, and what her superpower is. Embracing opportunities When I started my professional career, I was in technology but one of the few women
Google has released a new free tool which it hopes will radically improve the security of code compiled from open source dependencies – a growing source of risk for organizations. OSV-Scanner is effectively the front-end to Google’s OSV (Open Source Vulnerability) database, which is designed to collect bug data from all the different open source
by Paul Ducklin Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop. In other words, if you’ve got an Apple product, and it’s still officially supported, we urge you to do an update check now. Remember that even if you’ve set
- « Previous Page
- 1
- …
- 59
- 60
- 61
- 62
- 63
- …
- 130
- Next Page »