A cyber-attack has been carried out against major German logistics provider Hellmann Worldwide Logistics. The security incident forced Hellmann to take its central data center offline yesterday. Today, operations at the Osnabrück-based company remain disrupted. Hellmann said that since the attack was discovered, it has been under the constant observation of its Global Crisis Taskforce, which
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them. Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable. One research group
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated,
by Paul Ducklin Just when you thought it was safe to relax for the weekend… …when your cybersecurity Christmas decorations lit up with the latest funkily-named bug: Log4Shell. Apparently, early reports of the bug referred to it as LogJam, because it allows you to JAM dodgy download requests into entries in LOG files. But LogJam
A political activist and former star of the reality TV show 19 Kids and Counting has been convicted of two charges relating to the sexual abuse of children. On Thursday, after a six-day trial that featured ten witnesses, a jury found Josh Duggar guilty of one count of receiving CSAM and one count of possessing CSAM. It took the jury just
We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you. Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. After demonstrating the ease with which anybody can hijack your WhatsApp in 2020, I took a hiatus in ethically hacking people’s accounts. It’s just not the same hacking
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity
Amazon‘s cloud computing network suffered a five-hour outage on Tuesday, chiefly impacting individuals and businesses in the eastern United States. Online services provided by a swathe of companies were disrupted by the incident at Amazon Web Services, which also affected Amazon’s own e-commerce business. Gaming site League of Legends PUBG went down, and Tinder, Coinbase,
Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be? Device Dependence These conversations weigh heavy on parents for a good reason. According
Google on Tuesday said it took steps to disrupt the operations of a sophisticated “multi-component” botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin’s blockchain as a resilience mechanism. As part of the efforts, Google’s Threat Analysis Group (TAG) said it
by Paul Ducklin Today’s a Firefox Tuesday, when the latest version of Mozilla’s browser comes out, complete with all the security updates that have been merged into the product since the previous release. We used to call them Fortytwosdays, because Mozilla followed a six-weekly coding cycle, instead of monthly like Microsoft, or quarterly like Oracle,
Two brothers from Peru have admitted their role in an international call-center scam that defrauded Spanish-speaking immigrants to the United States. Under the conspiracy, victims were called up and threatened with legal action or deportation if they didn’t buy certain educational products. The scam was perpetrated from a series of call centers in Peru, including
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts. Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool
It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season It’s that time of the year again, when we’re all online looking for presents to give and
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been “unwittingly inherited” by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products,
The United States has imprisoned a woman for her role in a child sexual abuse material (CSAM) subscription service that produced millions of images and videos of sexualized minors. Patrice Eileen Wilowski-Mevorah of Tampa, Florida, was one of four people charged in August in connection with the Newstar Websites operated by Newstar Enterprise, out of Florida. Since then, two
Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report – a digest of all the latest and greatest vulnerabilities from the last 30-ish days based on merits just
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. Around 6,000 of the 60,000 computers connected to ARPANET,
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing
by Paul Ducklin Two weeks ago, after three software audits and three months of live testing, a cryptocurrency startup called MonoX introduced what it described as “the premier bootstrap decentralized exchange, Monoswap”. In an announcement on 23 November 2021, the company declared: MonoX will revolutionize the DeFi ecosystem by fixing the capital inefficiencies of current
Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. Under the new Transportation Security Administration–issued mandate, rail operators, airport operators and airline operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours of detection. All three
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly. Did you know that your device can fall into cybercriminals’ hands without
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is
by Paul Ducklin The UK legislature is currently interested in a law about what it calls PSTI, short for Product Security and Telecommunications Infrastructure. If you’ve seen that abbreviation before, it’s almost certainly in the context of the PSTI Bill. (A Bill is proposed new legislation that has not yet been agreed upon; if ultimately
The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The Information Commissioner’s Office (ICO) said that the safety of hundreds of 2020 New Year Honors recipients had been placed in jeopardy after their personal data was published online. “On 27 December 2019 the Cabinet Office
You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues
by Paul Ducklin Renowned bug-hunter Tavis Ormandy of Google’s Project Zero team recently found a critical security flaw in Mozilla’s cryptographic code. Many software vendors rely on third-party open source cryptographic tools, such as OpenSSL, or simply hook up with the cryptographic libraries built into the operating system itself, such as Microsoft’s Secure Channel (Schannel)
A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting to be working on remediating the theft. Portland resident Nickolas Sharp allegedly stole gigabytes of data from Ubiquiti Inc., a technology company headquartered in New York, where Sharp was employed from August 2018 to
- « Previous Page
- 1
- …
- 84
- 85
- 86
- 87
- 88
- …
- 107
- Next Page »