A man from Virginia has admitted cyber-stalking a United States Army recruiter for two years. Braxton Louis Danley, a 26-year-old resident of Luray, began harassing the female victim after failing to pass the army’s entrance exam. Prosecutors said Danley’s first contact with the victim occurred in February 2018 when he sent her an email asking for information
Month: December 2021
As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends As the rollercoaster of a ride that was 2021 comes to a close and we’re entering a more hopeful new year, we thought it apt to compile a list of impactful
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian
by Paul Ducklin If you create any sort of online content at all – even if you’re just a once-in-a-while blogger or an occasional social media user – you almost certainly know how easy it is for other people to rip off your material and present it as their own. We’re not talking about links,
Unique cyber-attacks declined for the first time in nearly three years in Q3 2021, according to new data from Positive Technologies. The researchers observed a 4.8% decline in unique attacks in Q3 compared to the previous quarter, the first time they have recorded a reduction since the end of 2018. They said that this trend was primarily by
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four
by Paul Ducklin Are you a sysadmin who managed to get your Log4Shell mitigations done in time for the US Government’s cybersecurity deadline of 24 December 2021? If so, you may have enjoyed a Christmas mini-vacation along with much of the rest of the world… …only to return to the fray this week and find
A federal grand jury has charged Uber’s former chief security officer (CSO) with three counts of wire fraud for reportedly failing to inform several hundred thousand Uber drivers that their driver’s licenses had been exposed during a 2016 breach. The superseding charges made to Joe Sullivan, 52, who served as Uber’s CSO from April 2015 through November
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832,
German logistics provider Hellmann Worldwide Logistics has warned customers social engineering attacks could target them after being hit by a ransomware attack earlier this month. In an update on the incident, which forced the company to take its IT systems temporarily offline on December 9, Hellmann confirmed that the attackers extracted data. While it is still investigating what type
By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: ATR Team (Steve Povolny, Douglas McKee, Mark Bereza), Frederick House (FireEye) In this post we want to show how an endpoint solution with performant memory scanning capabilities can effectively detect active exploitation scenarios and complement
As we close out another year like no other, let’s look back at some of the most notable cybersecurity stories that shaped 2021 Unsurprisingly, 2021 has seen no shortage of notable cybersecurity moments, so much so that it’s no mean feat to whittle the long list down to just a few stories that rocked (not
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether
The state of New York has passed a law that makes it a crime to falsify information on a COVID-19 vaccination card. New York governor Kathy Hochul signed new legislation on Wednesday that makes falsifying information on a COVID-19 vaccination card a Class D felony comparable under the New York Penal Law to promoting a sexual performance
We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft. Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed “Blister” by researchers from Elastic Security, with
Russia has slapped American tech company Google with a record-breaking fine for failing to remove “banned content.” A Russian court issued the $100m financial penalty on Friday in response to Google’s alleged “systematic failure to remove banned content.” Although the financial penalty is the largest fine of its kind ever to be issued by a
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement’s disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies. “Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this
The prime minister of Albania has issued a public apology after the personal data of hundreds of thousands of Albanian citizens was allegedly leaked online. An Excel file containing what appears to be data relating to employees in the public and private sectors was found circulating on social media and has reportedly been broadly shared through messaging
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake. Let’s start with an overview and a few examples of
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score:
by Paul Ducklin SFW! Here they are! The Top N cybersecurity stories of the year that are totally SFW, and entirely conducive to Happy Holidays! And by totally SFW, we don’t just mean Suitable For Work, but also Something For the Weekend – a double bonus if you’re on official duty over the holiday break and
A Russian cyber-criminal who hacked into three tech companies and stole more than 100 million user credentials will not have to pay restitution to his corporate victims. Yevgeniy Aleksandrovich Nikulin was found guilty in July 2020 of causing data breaches at LinkedIn, Dropbox, and the now defunct social media platform Automatic in 2012. Speaking during the closing
Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults. Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache’s Log4j software library by nefarious adversaries. “These vulnerabilities, especially Log4Shell, are severe,” the intelligence agencies said in the new guidance. “Sophisticated cyber threat actors are actively scanning
by Paul Ducklin The picture you see above is not only a real Fisher-Price product, released in the second decade of the 21st century… …but is also officially NOT A TOY! Sure, it looks like a Chatter Phone toy, with an external appearance that adults of all ages will recognise, perhaps from having had one,
Threat actors have exploited a vulnerability in Log4j software to wage a cyber-attack on Belgium’s Defense Ministry. The attack began on December 16 and was confirmed by Belgium’s Ministry of Defense on Monday. Speaking to the AFP in Brussels on Tuesday, Belgian military spokesman Commander Olivier Séverin said that the incident had caused damage to services that were connected to the
Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability
Don’t leave your kids to their own devices – give them a head start with staying safe online instead The festive season is a time for giving, and what better present to give your children than ensuring that they can enjoy their new connected gadgets and stay safe along the way? As parents, we need
- 1
- 2
- 3
- 4
- Next Page »