How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you. The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which
Month: September 2022
The European Commission has publicized new liability rules on digital products and artificial intelligence (AI) in order to protect consumers from harm, including in cases where cybersecurity vulnerabilities fail to be addressed. The two proposals the Commission adopted on September 28, 2022 will modernize the existing rules on the strict liability of manufacturers for defective products
by Paul Ducklin CUTTING THROUGH CYBERSECURITY NEWS HYPE With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” the tech giant
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers. As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials According to
Threat actors make just $1 for every $53 they cost their victims in extra cloud computing bills, according to a new report from Sysdig. To calculate its findings, the security vendor analyzed a single campaign from the infamous crypto-jacking threat group known as TeamTNT, which used over 10,000 compromised endpoints to mine for cryptocurrency. It
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of optusdata offering
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online The digital world has provided countless opportunities for youngsters that their parents never experienced. It helped kids stay in touch with each other during the dark days of pandemic-era lockdowns. And now that
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you. Globally, plenty of people pull double duty
The UK’s data protection regulator has taken action against seven public and private sector organizations for failing to meet their obligations under the GDPR and UK Data Protection Act. UK organizations must respond to requests by members of the public for personal information held on them, known as Subject Access Requests (SARs), within one to
by Paul Ducklin For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video
Security operations (SecOps) teams are struggling to respond to dozens of cybersecurity incidents every single day, according to a new report from Trellix. The security vendor polled 9000 security decision makers from organizations with 500+ employees across 15 markets to compile its latest study, XDR: Redefining the future of cybersecurity. It found that the average
Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again) A friend – let’s call her Ellie – recently called me with a devastated tone in her voice. Her Instagram account had been hacked and she was locked out. Her panic was evident
The Australian Federal Police (AFP) on Monday disclosed it’s working to gather “crucial evidence” and that it’s collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. “Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud,” the AFP said in
Ransomware affiliates appear to be dabbling with new data destruction capabilities in a bid to evade detection, increase their chances of getting paid and minimize the opportunities for the development of decryptor toolst. A new report from US security companies Cyderes and Stairwell reveals analysis of Exmatter-like malware. Exmatter is a .NET-based exfiltration tool often
The social network TikTok is chockfull of interesting, fun, laugh-out-loud videos shared by creators worldwide. Kids, as well as parents, can easily spend hours glued to the platform. But as with most popular platforms, the fun can eventually turn dark, even deadly, when viral challenges make their rounds. The latest viral challenge, the “blackout
Ukrainian law enforcement authorities on Friday disclosed that it had “neutralized” a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a
Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft researchers. It revealed the threat actors launched credential–stuffing attacks (which use lists of compromised user credentials) against high–risk, unsecured administrator accounts that didn’t have multi–factor authentication (MFA)
by Paul Ducklin The curious name LAPSUS$ made huge headlines in March 2022 as the nickname of a hacking gang, or, in unvarnished words, as the label for a notorious and active collective of cybercriminals: The name was somewhat unusual for a cybercrime crew, who commonly adopt soubriquets that sound edgy and destructive, such as
Here’s to the hashtags, the likes, the followers, the DMs, and the LOLs—June 30th marks Social Media Day, a time to celebrate and reflect on how social media has changed our lives over the years. Started in 2010 by media and entertainment company Mashable, celebrations have taken on all kinds of forms. Meetups, contests, calls to increase your social circle
The online world provides children with previously unimagined opportunities to learn and socialize, but it also opens them up to a range of hazards. How can you steer kids toward safe internet habits? The way our digital lives have become entangled with our physical world has brought new, major challenges for parents, caregivers and teachers.
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the
The Department of Air Force (DAF) Enterprise IT as a Service’s (EITaaS) Base Infrastructure Modernization (BIM) procurement said it will evolve its digital modernization strategy to an “as a Service” model that will integrate network, end–user services and computing platforms. According to an announcement by technology company Lumen, which will collaborate with the DAF on the
by Paul Ducklin Morgan Stanley, which bills itself in its website title tag as the “global leader in financial services”, and states in the opening sentence of its main page that “clients come first”, has been fined $35,000,000 by the US Securities and Exchange Commission (SEC)… …for selling off old hardware devices online, including thousands
When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes. But how often should you create new
A major financial services company has learned the hard way about the importance of proper disposal of customers’ personal data The U.S. Securities and Exchange Commission (SEC) has announced that Morgan Stanley has agreed to pay a penalty of $35 million for exposing the personal information of 15 million customers. According to SEC, the financial
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. “On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking,” the agency said, adding “he remains in police custody.” The department said
Law enforcers from over 20 European countries came together earlier this month to clamp down on human traffickers found using online platforms to exploit vulnerable people, including Ukrainian women. The EMPACT joint action day was coordinated by the Netherlands and described by Europol as the first region-wide “hackathon” against human trafficking. Some 85 experts participated
- 1
- 2
- 3
- 4
- Next Page »