by Paul Ducklin You’ve probably had 42 emails already this week to tell you this… …but we’re going to say it anyway: “Happy Data Privacy Day!” Don’t panic. We’re not going to assail you with an academic argument about asserting your privacy, or provoke you with a polemic positing that privacy and a private life
The National Cyber Security Centre (NCSC) has warned UK organizations to prepare for Russian cyber-attacks amid ongoing geopolitical tensions in Ukraine. The new guidance follows numerous malicious cyber-incidents in Ukraine in the past month, which the NCSC said corresponds with past Russian behavior. These include more than a dozen Ukrainian government websites getting taken offline in a cyber-attack, while
The trade-off between using a free service and giving up our personal data becomes much less palatable when we think about the wider ramifications of the collection and use of our personal data The doorbell rings, you answer, and a representative of a large company is on the doorstep offering to allow you to use
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc,
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A leading maker of network-attached storage (NAS) devices is urging customers to upgrade to the latest software version and reconfigure their systems in order to thwart a new ransomware campaign. Taiwan vendor QNAP released a statement yesterday in response to the mounting threat from a new variant known as “DeadBolt.” It advised customers to ensure their
Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker. Smartwatches, fitness trackers and other wearables are fast becoming almost as familiar to us as our mobile phones and tablets. These connected gadgets do much more than tell the time. They track
Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. “Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click,” the Romanian cybersecurity firm detailed in a report published
by Paul Ducklin Researchers at Qualys have revealed a now-patched security hole in a very widely used Linux security toolkit that’s included in almost every Linux distro out there. The bug is officially known as CVE-2021-4034, but Qualys has given it a funky name, a logo and a web page of its own, dubbing it
There’s been a 29% increase in the number of vulnerabilities exploited by ransomware groups to compromise their targets over the past year, according to a new industry report. The Ransomware Spotlight Year End Report was written by security vendors Ivanti and Cyware alongside CVE numbering authority Cyber Security Works. It’s compiled from multiple data sources, including Ivanti and
Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs On November 11th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering
Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users’ browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users’ browsing history for a
by Paul Ducklin Many countries have taxation forms with names that have entered the general vocabulary, notably the abbreviations of documents that employers are obliged to provide to their staff to show how much money they were paid – and, most importantly, how much tax was already witheld and paid in on the employee’s behalf.
It’s a long-standing question. Can Apple Macs get viruses? While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may
Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud. The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75%
Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here’s how to stay safe from a simple but effective attack I have been fascinated with the thought of being able to break into a bank ever since my love for bank robbery films began in
The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being
by Naked Security writer Russian news agency Tass reported over the weekend that the “purported founder” of a notorious cybercrime group known as Infraud Organisation has been arrested. Naked Security first wrote about law enforcement action against this crime crew almost three years ago, back in February 2018, when the US Department of Justice (DOJ)
The volume of publicly reported data compromises in the US soared 68% year-on-year to a record high of 1862, according to new data from the Identity Theft Resource Center (ITRC). The non-profit said the figure was 23% higher than the previous record, set in 2017. The number of victims was down 5%, continuing a recent trend
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using “unconventional” IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically
Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals. Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration. The amendment defines ransomware
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed “strategic similarities” to NotPetya malware that was unleashed against the country’s infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and
A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors. Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing. Hancock is also suspected of recording more victims while inside his home on Overlook Drive.
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53
by Paul Ducklin Maltese cryptocoin broker Foris DAX MT Ltd, better known by its domain name Crypto.com, experienced a multi-million dollar “bank robbery” earlier this month. According to a brief security report published yesterday, 483 customers experienced ghost withdrawals totalling just over 4800 Ether tokens, just over 440 Bitcoin tokens, and just over $66,000 in
Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations. Fast forward a few dozen decades, and the
Merck has won a long-running legal battle to force its insurer to cover the costs of damages caused by the NotPetya ‘ransomware’ attacks. The pharma giant was one of many big-name multinationals hit by the destructive malware, disguised as ransomware by Russian attackers targeting Ukrainian organizations back in 2017, as they are again today. However, the
Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again Email has been with us for decades. And while social media and mobile messaging apps are increasingly popular, it remains the mainstay of our
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
- « Previous Page
- 1
- …
- 78
- 79
- 80
- 81
- 82
- …
- 107
- Next Page »