Following the launch of a new “Data safety” section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper’s Mishaal Rahman earlier this week. The Data safety section, which Google began rolling
Month: July 2022
Enterprises are failing to plan properly for supply chain risks and cybersecurity threats from the wider digital ecosystem, a leading technology consultancy has warned. According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Our How I Got Here series spotlights the stories of team members who have successfully grown their careers here at McAfee. This journey features Jeremy whose passion for learning has seen him grow his career in our Technology Services Team. My McAfee career journey In 2015, I started as a contract worker to help manage network cabling
The heavyweights are now moving into API security, cementing it as “A Thing” As swarms of IoT gear, seeking richer data retrieval from their cloud mother ships, the more robust – and more potentially dangerously hackable – API interfaces get a fresh push toward center stage. With Google’s API security initiative Apigee, API security is
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for
APT groups are increasingly targeting journalists and impersonating media outlets, according to new research from Proofpoint. The groups – who are state-based or state-aligned actors, are looking to gain access to sensitive information and sources, manipulate news and deceive public relations and other industry professionals into thinking that they are dealing with legitimate news outlets. According to
by Paul Ducklin Have you ever come really close to clicking a phishing link simply through coincidence? We’ve had a few surprises, such as when we bought a mobile phone from a click-and-collect store a couple of years back. Having lived outside the UK for many years before that, this was our first-ever purchase from
Your smartphone comes with built-in location services, which are useful if you lose it or if you use an app that needs to know your location. But what if you don’t want your phone to be tracked? Can the phone be located if you turn off location services? The answer is yes, it’s possible to
In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers Cybersecurity is a cornerstone of today’s digital society, and progress and development in this field wouldn’t be possible without collaboration and the sharing of information on the latest cyberthreats. Such information exchange between various stakeholders from the
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. “Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or
A new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate
by Paul Ducklin Paying money to ransomware criminals is a contentious issue. After all, ransomware demands boil down to one thing, whether you know it in everyday language as extortion, blackmail or standover, namely: demanding money with menaces. Usually, the attackers leave all your precious files where they are, so you can see them sitting
The U.S. Federal Trade Commission (FTC) warned this week that it will crack down on tech companies’ illegal use and sharing of highly sensitive data and false claims about data anonymization. “While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice on the fastest route home, they likely think differently
For online shoppers, Amazon Prime Day has become an annual retail event, an opportunity to pick up bargains and save money. However for hackers, it’s also an opportunity to target consumers eager to secure a deal. Cybersecurity company Avanan has warned of an increase in phishing and credential harvesting email attempts in June in advance
by Paul Ducklin Remember 1999? Well, the Melissa virus just called, and it’s finding life tough in 2022. It’s demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn’t face the trials and tribulations that they do today. In the 1990s, you could insert VBA (Visual Basic for Applications)
McAfee announces a partnership that will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. The partnership
It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games Revenue in the global video games market is set to grow by nearly 11% this year to reach almost $209bn. But when we see this much growth, revenue and users concentrated in one place, there
Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script
French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems on July 4. The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage.
It’s not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be
Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom. The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool. “The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they
Scammers don’t take the summer off – be on your guard when buying your Crit’Air sticker If you drive your own vehicle in certain regions of France at certain times, you will need to purchase a special ‘clean air sticker’ called Crit’Air or risk facing a fine from the French government. Similar schemes already exist
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that’s behind a Windows malware with worm-like capabilities. Describing it as a “persistent” and “spreading” threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable
A fake LinkedIn job offer was the reason behind Axie Infinity’s $600m hack, according to a new investigation by The Block. The digital assets-focused outlet said on Wednesday that while the US government attributed the attack to the North Korean hacker group Lazarus, full details of how the exploit was executed had not been disclosed. The Block said that according
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and Chester Wisniewski. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have
Vacations are a great time to unwind, but if you’re not careful, you may face a digital disaster. Here’s how to keep your devices and data secure while you’re on the move Vacations are the perfect time to unwind, but if you’re not careful, you may face a digital disaster. Being outside of their normal
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. “Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker’s machine,” Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as
Aon recently disclosed that 145,889 of its North American customers had their sensitive information exposed in a large data breach. The British multinational financial services firm that sells a range of risk-mitigation products announced that hackers breached its systems “at various times” from December 29 2020 to February 26 2022. Aon disclosed the breach in