Security

Most consumers prefer to bank digitally rather than in person but are worried about the risk of fraud, according to new research by payments and data security company, Entrust. A survey of 1350 consumers who made or received digital payments in the past 12 months found that 88% of respondents prefer to do their banking online in some

A lengthy investigation into the online trade of child sexual abuse material (CSAM) has led to the arrest of dozens of individuals based in New Zealand. Led by New Zealand’s Te Tari Taiwhenua Department of Internal Affairs (DIA), the two-year international operation identified more than 90,000 online accounts that possessed or traded CSAM.  DIA’s Digital

by Paul Ducklin Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data… …via the GitHub account of a former employee. As you’ve probably figured out already, Adafruit is named after after Ada Lovelace, a nineteenth-century British intellectual who was a computer programmer long before any programmable computers existed. As mysterious as that might

Tesla boss Elon Musk has admitted that users of his Starlink satellite communications system in Ukraine could attract enemy fire. The warning came last week, as a truckload of satellite dishes arrived in the war-torn Eastern European country after a government request. Starlink terminals communicate with a constellation of around 2000 satellites in a low

Cyber-criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud. In a blog post published Friday, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.  Since March 1, researchers have been tracking two specific

by Paul Ducklin Mozilla has published Firefox 97.0.2, an “out-of-band” update that closes two bugs that are officially listed as critical. Mozilla reports that both of these holes are already actively being exploited, making them so-called zero-day bugs, which means, in simple terms, that the crooks got there first: We have had reports of attacks

The United States Senate has passed legislation requiring critical infrastructure operators and federal agencies to report cyber-attacks within 72 hours and ransomware payments within 24 hours. America’s Upper House approved the Strengthening American Cybersecurity Act of 2022 on Tuesday. The Act combines language from three bills, including the cyber-incident reporting bill, introduced to the Senate by the Senate Homeland Security and

Some 97% of multinational cybersecurity vendors have exposed assets in their AWS environments, many of them classed as high severity issues, according to Reposify. The US startup used its scanning technology to analyze the cloud environments of a sample of 35 vendors and over 350 subsidiaries. During a two-week window in January, Reposify’s external attack surface

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

“You’re sold on the idea of zero trust. Now you need to implement it,” was the overarching theme of a star-studded panel discussion session titled ‘Best Policy: A Guide to Implementing Zero Trust and Reducing Overall Risk’ on day one of this year’s Cloud and Cyber Security Expo in Excel, London. Tim Holman, chief executive officer of 2|SEC Consulting,

by Paul Ducklin Just over a year ago, graphics card behemoth Nvidia announced an unexpected software “feature”: anti-cryptomining code baked into the drivers for its latest graphics processing units (GPUs). Simply put, if the driver software thinks you’re using the GPU to perform calculations related to Ethereum cryptocurrency calculations, it cuts the execution speed of

The emergence of hybrid work and growing reliance on cloud technology means that zero trust security model is “becoming the de facto posture at many organizations.” This was the message delivered by Fredrik Hult, chief information security officer at PagoNxt, during his “Master class: Adopting the Zero Trust Security Model” session on the first day

The extensive use of cyber and information operations in the ongoing Ukraine-Russia conflict was highlighted by threat intelligence experts during a virtual session organized by Recorded Future. Opening the session, Christopher Ahlberg, co-founder and CEO of Recorded Future, explained that the Russian invasion of Ukraine represents a new type of warfare, which has been “converted into

by Paul Ducklin We monitor a range of email addresses related to Naked Security, so we receieve a regular (a word we are using here to mean “unrelenting”) supply of real-world spams and scams. Some of our email addresses are obviously directly associated with various Sophos-related social media accounts; others are more general business-oriented addresses;

A notorious ransomware outfit has been given a taste of its own medicine after a vast trove of internal chat data was leaked by a Ukrainian researcher. The leaks were posted online yesterday with rough Google Translate versions of the text in English here. They amount to tens of thousands of messages taken from Conti’s

Cops in Florida have arrested 10 men in a sting operation to catch online child sexual predators.  Operation Peek-a-Boo was conducted over a two-week period by 16 investigators with the Internet Crimes Against Children (ICAC) Unit at the Okaloosa County Sheriff’s Office (OCSO). OCSO said the 10 suspects believed they were chatting with minors online when they were

The Ukrainian government is reportedly seeking volunteer hackers and security experts to help Ukraine defend its critical infrastructure against cyber-attacks.  According to a report by Reuters, Ukraine’s pleas for assistance started appearing on Ukrainian hacking forums on Thursday morning, shortly after the county was invaded on three fronts by Russian armed forces in an attack condemned by US President

by Paul Ducklin If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you’ll know that the version numbers of these products are currently at 97 and 98 respectively. And if you’ve ever looked at your browser’s User-Agent string, you’ll know that these version numbers are, by default, transmitted to

Hacktivist group Anonymous has declared “cyber war” against Vladimir Putin’s government following the Russian invasion of Ukraine. The well-known international hacking collective made the announcement on its Twitter account on Thursday, shortly after the Kremlin commenced military action. The message read: “The Anonymous collective is officially in cyber war against the Russian government. #Anonymous #Ukraine.” Shortly after,

by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.

The UK government has unveiled plans to roll out free cyber skills training for thousands of secondary school pupils. The Cyber Explorers program aims to educate 30,000 11 to 14-year-olds on a range of cybersecurity concepts, such as open-source intelligence, digital forensics and social engineering. The program will be delivered via a new online learning platform, in

by Paul Ducklin When the Apple AirTag hit the market in 2021, it immediately attracted the attention of hackers and reverse engineers. Could AirTags be jailbroken? Could AirTags be simulated? Could the AirTag ecosystem be used for purposes beyond Apple’s own imagination (or at least beyond its intentions)? We soon found ourselves writing up the

The UK’s construction industry has received its first-ever cybersecurity guidance from the National Cyber Security Centre (NCSC). The document, Cyber security for construction businesses, provides practical, tailored advice for construction firms on protecting their businesses and building projects from cyber-attackers. The guidance details the most common attack vectors construction faces, including spear-phishing, ransomware and supply chain attacks. The

by Paul Ducklin WordPress plugins need to be kept up-to-date just as keenly as WordPress itself… …especially if those plugins are designed to help you look after the entirety of your WordPress site data. That’s why we thought we’d write about a recent warning from the creators of Updraft and Updraft Plus, which are free

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report. The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business

by Paul Ducklin Unfortunately, we’ve had to warn about sextortion, also known as porn scamming, many times before. Porn scams are phishing tricks whereby criminals try to squeeze you into making contact with them, or even to pay them money immmediately, by claiming to have evidence that you have committed some sort of sexually-related online

Credit Suisse has hit back at allegations of severe due diligence failures exposed by a major new leak of customer account information. Details of 18,000 accounts linked to 30,000 clients containing an estimated £80bn ($100bn) were shared by an anonymous whistleblower with various media outlets, including The Guardian. “I believe that Swiss banking secrecy laws are

The United States Department of Justice (DOJ) is cracking down on the criminal misuse of cryptocurrencies and digital assets. In a statement released Thursday, the DOJ announced the appointment of prosecutor and former senior counsel to the deputy attorney general, Eun Young Choi, as the first director of the National Cryptocurrency Enforcement Team (NCET). Comprising department attorneys,

by Paul Ducklin Storm conditions in November 2021 in northern and north-eastern parts of the UK brought down powerlines in some areas, leaving many homes without electricity for several days. British power companies, which, for better or worse, are privatised rather that state-run, are required to pay out compensation to customers who did not receive

A man from Florida will not be serving time in prison for his role in a multi-million dollar Medicare fraud scheme involving the sale of patients’ personal and medical data. Boca Raton resident, Nathan LaParl, aged 35, and his 30-year-old accomplice Talia Alexandre, of Palm Springs, worked with foreign call centers to contact Medicare patients