And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own. Let’s unwrap the top four phishing scams that users should beware
Fraudsters take advantage of the emergence of the new variant to dupe unsuspecting victims out of their sensitive data Sensing another opportunity to take advantage of fears surrounding the COVID-19 pandemic, scammers are deploying a phishing campaign where they attempt to exploit the emergence of the Omicron coronavirus variant in order to line their pockets,
A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes’ latest findings go into detail about the new tactics and tools adopted by the APT group
by Paul Ducklin [00’23”] Fun Fact: Ebooks reach their half-century. [00’58”] Call scammers and cryptocoin treachery. [07’34”] Cloud insecurity and yet more cryptocoin treachery. [16’15”] Tech History: The interwoven story of Mary Shelley, Ada Lovelace and AI ethics. [18’26”] Facial recognition creepiness. [25’23”] Oh! No! The wannabe wizard that went to school with a trainee
A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII). The agency said in a notice posted to its website on Wednesday that suspicious activity was detected on its computer network on October 17. An investigation into the activity remains ongoing; however, it has been determined that an
I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a
Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware Did you ever wonder why researchers behind a cybersecurity discovery chose to go down that particular rabbit hole? What made them curious about that specific malware family, variant, or campaign? Did they come up with
Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. “These people are at the center of critical communities for public debate,”
The United States has sent a fourth member of the international hacking group known as The Community to prison. Garrett Endicott, of Warrensburg, Missouri, was the last of six defendants to be sentenced in connection with a multi-million-dollar SIM-swapping conspiracy that claimed victims across the country, including in California, Missouri, Michigan, Utah, Texas, New York and Illinois.
Online is a little different for everyone How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go. This
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360’s Netlab network security division, which detected the botnet first on October 27, 2021, called it
The former dean of a business school in Philadelphia has been found guilty of involvement in a fraudulent scheme to doctor program rankings using false data. Moshe Porat, of Bala Cynwyd, Pennsylvania, was dean of Temple University’s Richard J. Fox School of Business and Management for more than two decades, from 1996 until 2018. On
Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the precise position where most find themselves today while trying to battle cybersecurity issues across their supply chain. While these supply chains have plenty of their own challenges, such as global disruptions of distribution, our recent
One of the harsh realities of cybersecurity today is that malicious actors and attackers don’t distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has
by Paul Ducklin The UK data protection regulator has announced its intention to issue a fine of £17m (about $23m) to controversial facial recognition company Clearview AI. Clearview AI, as you’ll know if you’ve read any of our numerous previous articles about the company, essentially pitches itself as a social network contact finding service with
The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised. In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11. An internal investigation was launched that determined that the intruder had accessed some data stored on
We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other times it’s a quiz that will magically reveal your celebrity look-alike. While the innocent click connected to most clickbait is seemingly harmless, some clickbait can install dangerous malware onto your devices. According to the FBI’s Crime Complaint Center’s 2020
The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains Law enforcement agencies from around the globe have swooped down on hundreds of people suspected of committing various types of online crime, including romance scams, investment fraud and money laundering operations. The international effort
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm
An APAC marine services multi-national appears to have become the latest victim of the prolific Clop ransomware gang. Swire Pacific Offshore (SPO) has provided crew and ships for specialized tasks such as anchor handling, platform supply and seismic surveys for over 45 years. However, its name recently appeared on the extortion site of the Clop
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even
UK schools are being encouraged to sign-up to a revamped cybersecurity competition designed to improve diversity in the sector. The CyberFirst Girls Competition is the National Cyber Security Centre’s flagship event for schools. Since 2017 more than 43,000 girls aged 12-13 have taken part in a series of cybersecurity challenges. However, the 2022 edition will see some
Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM) said “Google and Apple did not
by Paul Ducklin Google’s Cybersecurity Action Team just published the first ever edition of a bulletin entitled Cloud Threat Intelligence. The primary warnings are hardly surprising (regular Naked Security visitors will have read about them here for years), and boil down to two main facts. Firstly, crooks show up fast: occasionally, it takes them days
“AI will revolutionize every aspect of connectivity,” was the bold message delivered during a recent webinar by the IDC titled ‘AI with everything – the future of Artificial Intelligence in Networking.‘ The synopsis of the webinar argued that artificial intelligence (AI) is changing how networks are built and operated in the most profound of ways. Additionally, IT
The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch By Fred House 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. Some cite this as
‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products As the holiday season beckons, so begins the frantic shopping season to find and acquire the much-wanted gift. This year, depending on what you’re looking to buy, could present some very
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called “Tardigrade.” That’s according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector
by Paul Ducklin The US Securities and Exchange Commission (SEC) has issued numerous warnings over the years about fraudsters attempting to adopt the identity of SEC officials, including by phone call spoofing. Call spoofing is where a scammer calls you up on your landline or mobile phone, claims to be from organisation X, and then
- « Previous Page
- 1
- …
- 85
- 86
- 87
- 88
- 89
- …
- 107
- Next Page »