Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14,
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up. Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your
Police in Africa have arrested 10 people connected to global fraud worth an estimated $800,000, after a four-month operation, Interpol has revealed. The global policing organization said that 27 countries joined the Africa Cyber Surge Operation, which ran from July to November. Coordinated from the Interpol Command Centre in Kigali, Rwanda, the operation focused on
by Paul Ducklin Google has just patched Chrome’s eighth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. The feature is part of Musk’s vision for Twitter 2.0, which is expected to be what’s called an “everything app.” Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.
Google released new software patches on Thursday to address a new zero-day vulnerability in its Chrome web browser. Writing in a security bulletin, the tech giant described the high-severity vulnerability (tracked CVE-2022-4135) as a heap buffer overflow in the graphics processing unit (GPU) component. Google attributed the discovery of the vulnerability to Clement Lecigne from its
The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The
Authored by Dennis Pang What is antivirus? That’s a good question. What does it really protect? That’s an even better question. Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections.
Remote monitoring and management (RMM) platform ConnectWise has patched a cross-site scripting (XSS) vulnerability that could lead to remote code execution (RCE). Security researchers at Guardio Labs wrote about the flaw earlier this week, saying threat actors could exploit it to take complete control of the ConnectWise platform. “After testing and validating several attack vectors,
by Naked Security writer These days, most of us have telephones that display the number that’s calling before we answer. This “feature” actually goes right back to the 1960s, and it’s known in North American English as Caller ID, although it doesn’t actually identify the caller, just the caller’s number. Elsewhere in the English-speaking world,
‘Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals The day has come: it’s Black Friday, and once-in-a-year promotions, discounts and deals are everywhere. The rush to grab a bargain has started in earnest, and in times of soaring
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting
The Bahamut APT group has been targeting Android users through a fake SecureVPN website since at least January 2022. According to a new advisory from Eset, the app used as part of this malicious campaign was a trojanized version of either of two legitimate VPN apps, SoftVPN or OpenVPN. In both instances, the apps were
by Paul Ducklin SPOTLIGHT ON CYBERTHREATS Security specialist John Shier tells you the “news you can really use” – how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and
It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season Black Friday and Cyber Monday are just around the corner, and scammers are also turning up their efforts in order to cash in on unsuspecting victims
A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to “impersonate trusted corporations or contacts to access sensitive information from victims,” Europol said in a press statement. Worldwide losses exceeded €115 million ($
The European Union Parliament adopted the Digital Operational Resilience Act (DORA) on November 10, 2022. Set to be enshrined into law at the end of 2022, DORA will introduce a comprehensive set of rules for financial organizations to strengthen their digital operational resilience and prevent and mitigate cyber threats. With this new regulation in mind,
by Paul Ducklin Over the past year, we’ve had the unfortunate need to warn our readers not once, but twice, about a scam we’ve dubbed CryptoRom, a portmanteau word formed from the terms “Cryptocurrency” and “Romance scam”. Simply put, these scammers use a variety of techniques, notably including prowling on dating sites, to meet people
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace’s restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation
A Vietnam-based hacking operation dubbed “Ducktail” is targeting individuals and companies operating on Facebook’s Ads and Business platform. Security researchers at WithSecure discovered the campaign earlier this year and described new developments in an advisory published earlier today. “We don’t see any signs of Ducktail slowing down soon, but rather see them evolve rapidly in
by Paul Ducklin Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a
Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. IT security is often regarded as the “Department of No” and sometimes it’s easy to see why. In a world of escalating cyber-risk, expanding attack surfaces and a fast-growing cybercrime economy, security
Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled
Google has announced a legal victory against two Russian nationals connected with the Glupteba botnet. In a blog post last Friday, the tech giant said the court’s ruling against the botnet operators set a crucial legal precedent and sends a warning to cyber-criminals and their accomplices. “Last December, Google’s Threat Analysis Group (TAG) shared the
by Paul Ducklin Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers
What have some of the world’s most notorious APT groups been up to lately? A new ESET report released this week has the answers. What have advanced persistent threat (APT) groups been up to lately? This week, the ESET Research team published their inaugural APT Activity Report, which reviews the activities of selected APT threat
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the
- « Previous Page
- 1
- …
- 62
- 63
- 64
- 65
- 66
- …
- 130
- Next Page »