Law enforcement agencies in the United States have searched the Florida premises of a Chinese payment-terminal provider. A warehouse and offices belonging to multinational Pax Technology were scoured by the Federal Bureau of Investigation, the Department of Homeland Security, and other agencies on Tuesday after concerns were reportedly raised over the company’s security. The FBI said that
Month: October 2021
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed “Shrootless” and tracked as CVE-2021-30892, the “vulnerability lies in how Apple-signed packages with
by Paul Ducklin When we wrote about Apple’s latest security patches earlier this week, we noted that: There are 37 listed fixes covering everything from AppKit to zsh. 15 of these were of the “malicious application may be able to execute arbitrary code” sort, with 9 of those bugs dealing with code execution bugs in
A man from Minnesota has been charged with hacking four major American professional sports leagues and defrauding them of millions of dollars by illegally streaming copyrighted live games. St. Louis Park resident Joshua Streit, who is also known as Josh Brody, allegedly intruded into the computer systems of the National Basketball Association (NBA), the National Football League
What do social media companies really know about you? It’s a fair question. And the quick answer is this: the more you use social media, the more those companies likely know. The moment you examine the question more closely, the answer takes on greater depth. Consider how much we use social media for things other than connecting with friends.
There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor ESET researchers have discovered a unique and previously undescribed loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. We have named this new malware Wslink
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting
by Naked Security writer In an intriguingly worded news statement issued today, Europol has announced police action in both Switzerland and Ukraine against 12 cybercrime suspects. The document doesn’t actually use words such as a “arrested” or “charged with criminal offences”, saying merely that: A total of 12 individuals wreaking havoc across the world with
RED74, a managed security services provider based in New Jersey, has been acquired by cybersecurity consulting and managed services firm Cerberus Cyber Sentinel Corporation. The financial terms of the acquisition were not disclosed when the deal was announced on Thursday. RED74 is a privately held company whose clientele are primarily in the financial services and distribution/warehouse management sectors.
What are some of the key dangers faced by children online and how can you help protect them from the ghosts, ghouls and goblins creeping on the internet? Halloween, the scariest day of the year, is upon us. That can mean only one thing: children donning costumes of either their heroes or the scariest thing
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named “AbstractEmu” owing to its use of code abstraction and anti-emulation checks to avoid running while under
by Paul Ducklin We’ve been using Edge on Linux for quite some time, first in Dev Build form, then in its Beta flavour… …but when we went to check Microsoft’s repository tonight, we were surprised to see a build package that had arrived just an hour earlier with the name microsoft-edge-stable-95.0.1020.38-1.x86_64.rpm. So, the Eagle, or
Microsoft has announced plans to fill 250,000 cybersecurity roles by working with community colleges across the United States. As part of the recruitment drive, the American multinational technology corporation said today that it intends to invest millions of dollars in education and teacher training over the next three years. As of January 2021, there were
Cybersecurity professionals know this drill well all too well. Making sense of lots of information and noise to access what really matters. XDR (Extended Detection & Response) continues to be a technical acronym thrown around in the cybersecurity industry with many notations and promises. Every vendor offering cybersecurity has an XDR song to sing. Interestingly,
The police sting spanned three continents and involved crackdowns in nine countries Law enforcement agencies from Europe, the United States and Australia have teamed up to arrest some 150 people who are believed to have sold and bought illegal drugs and other illicit goods on the dark web. “More than €26.7 million (USD 31 million)
Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with “relative ease” in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about
by Paul Ducklin First thing this morning, just after midnight, we received the latest slew of Apple Security Bulletins by email. As often seems to happen with Cupertino’s patches, the emails were informative and confusing in equal measure, offering an intriguing mix of security update information: The latest macOS 12 Monterey emerges as 12.0.1. We’re
The United States government has launched an appeal against a UK court’s decision to refuse to extradite Wikileaks founder Julian Assange. Australian citizen Assange, who is aged 50, was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. The
What cyber security threats should enterprises look out for in 2022? Ransomware, nation states, social media and the shifting reliance on a remote workforce made headlines in 2021. Bad actors will learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns wielding the potential to wreak more havoc in all our
Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom From headline-grabbing stories of ransomware to personal experiences of identity theft, cyber is increasingly finding its way into collective consciousness. During the pandemic, an escalation in threat levels also reminded IT and business leaders what’s
A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. “These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of
by Paul Ducklin Two weeks ago was Cybersecurity Awareness Month’s “Fight the Phish” week, a theme that the #Cybermonth organisers chose because this age-old cybercrime is still a huge problem. Even though lots of us receive many phishing scams that are obvious when we look at them ourselves… …it’s easy to forget that the “obviousness”
A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
Ransomware – A truly frightening cyber security topic It’s October, and at McAfee we love celebrating spooky season. As McAfee’s Chief Technology Officer, I’m also excited that it’s Cyber Security Awareness Month. And while there are no fun-size candy bars, we do talk about some truly bone-chilling stuff when it comes to cyber safety. So gather round, as I tell you all about one of
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed “UltimaSMS” — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including
by Paul Ducklin We’ve just entered the last week of Cybersecurity Awareness Month 2021, and this week’s theme is something dear to our hearts here on Naked Security: Cybersecurity First! This is where we remind, urge, cajole, encourage, provoke, enthuse and remind you to put cybersecurity first in any IT project, for the simple reason
A non-profit educational foundation has teamed up with a cybersecurity company to develop a game that reveals what happens in a cyber-attack. The online simulation is the joint effort of Kaspersky and the DiploFoundation, and is based on the Kaspersky Interactive Protection Simulation (KIPS). The game was created with the intention of helping diplomats and professionals who lack
Cybersecurity detection is a criminal investigation. Cybercrime investigators are experts who are in limited supply. Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. The investigation is taunting and less glamorous, realizing that it can take an average of
A “potentially devastating and hard-to-detect threat” could be abused by attackers to collect users’ browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system “Gummy Browsers,” likening it to a nearly 20-year-old “Gummy Fingers” technique that can impersonate
A new Guinness World Record in cybersecurity training has been set by a cloud-based identity and access management (IAM) provider, a security awareness training platform, and a PR firm. The first-of-its-kind record was for the most views of a virtual cybersecurity lesson in 24 hours, and it was achieved on October 14 through the joint
- 1
- 2
- 3
- …
- 5
- Next Page »