Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software. Increasing your personal device’s
Month: October 2022
The world’s second largest copper producer has been hit by a cyber-attack which forced IT systems offline. Hamburg-headquartered Aurubis revealed in a brief statement that the attack struck on Friday evening. “This was apparently part of a larger attack on the metals and mining industry,” it said. “As a result, numerous systems at Aurubis sites
by Paul Ducklin Cryptoguru Bruce Schneier (where crypto means cryptography, not the other thing!) just published an intriguing note on his blog entitled On the Randomness of Automatic Card Shufflers. If you’ve ever been to a casino, at least one in Nevada, you’ll know that the blackjack tables don’t take chances with customers known in
In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one
A previously undocumented dropper has been spotted installing backdoors and other tools using the new technique of reading commands from apparently innocuous Internet Information Services (IIS) logs. The dropper has been discovered by cybersecurity researchers at Symantec, who said an actor is using the piece of malware dubbed Cranefly (aka UNC3524) to install another piece
by Paul Ducklin Google pushed out a bunch of security fixes for the Chrome and Chromium browser code earlier this week… …only to receive a vulnerability report from researchers at cybersecurity company Avast on the very same day. Google’s response was to push out another update as soon as it could: a one-bug fix dealing
Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability can
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online. That’s
A look at a recent string of law enforcement actions directed against (in some cases suspected) perpetrators of various types of cybercrime A Canadian, a Nigerian, a Brit and a Ukrainian – what’s the connection? As Cybersecurity Awareness Month draws to a close, we look at a recent string of law enforcement actions directed against (in
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new report outlining baseline cybersecurity performance goals (CPGs) for all critical infrastructure sectors. The document is the result of a July 2021 security memorandum signed by President Biden. It has tasked CISA and the National Institute of Standards and Technology (NIST) with creating fundamental cybersecurity
by Paul Ducklin WE’RE SCRAPING YOUR FACES FOR YOUR OWN GOOD! (ALLEGEDLY) Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher
Communication services provider Twilio this week disclosed that it experienced another “brief security incident” in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part
When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely. This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust
You probably don’t have to ditch your phone just yet – try these simple tips and tricks to make any Android device or iPhone run faster Mobile phones are so present in our lives that they have become just as important as our wallets; in fact, they have also become our wallets. Unfortunately, no matter
Concerns among global technology leaders about the security of cloud, datacenter and hybrid working environments have increased significantly over the past year, according to a new paper from the IEEE. The professional body polled 350 CIOs, CTOs, IT directors and other technology leaders in the US, UK, China, India and Brazil to compile its pending
by Paul Ducklin Regular readers will know two things about our attitude to Apple’s security patches: We like to get them as soon as we can. Whether it’s a full version upgrade that also includes a bunch of security fixes, or a point release (one where the leftmost verion number doesn’t change) with the primary
A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper “is being used to install
Vernon has been our Manager of Technical Accounting for more than two years, but that doesn’t mean he’s buried in spreadsheets and numbers all day. He’s a part of our team of experts for the complex, technical accounting projects that pop up. My McAfee career journey story It’s been an amazing ride so far. My
As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season Where there are users to be scammed and money to be made, cybercriminals won’t be far behind. So it was during the pandemic, when internet users eager to get hold of the
The Biden–Harris administration has launched a new initiative designed to improve the security of industrial systems in the chemical sector over the next 100 days, as part of ongoing efforts to reduce cyber-risk in critical infrastructure (CNI). The sector is the fourth to be covered by the Industrial Control Systems (ICS) Cybersecurity Initiative, following similar
by Paul Ducklin See Tickets is a major global player in the online event ticketing business: they’ll sell you tickets to festivals, theatre shows, concerts, clubs, gigs and much more. The company has just admitted to a major data breach that shares at least one characteristic with the amplifiers favoured by notorious rock performers Spinal
A now-patched security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected AirPods,” adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited
It’s Diwali, a time of light, a time of togetherness, and, of course, a time of celebration. Along with Diwali comes the traditional acts of dana and seva, as well as gift-giving to the friends and family members they honor and love. However, it’s also a time when thieves get busy—where they hop online and
More than £1.8bn has been lost to fraud and cybercrime in London over the last year, according to the UK’s National Fraud Intelligence Bureau, making the capital and its 1.038 million businesses one of the ecosystems most at risk of digital crime in the country. This threat is particularly daunting for small and medium-sized businesses
by Paul Ducklin The Clearview AI saga continues! If you haven’t heard of this company before, here’s a very clear and concise recap from the French privacy regulator, CNIL (Commission Nationale de l’Informatique et des Libertés), which has very handily been publishing its findings and rulings in this long-running story in both French and English:
ESET Research spots a new version of Android malware known as FurBall that APT-C-50 is using in its wider Domestic Kitten campaign This week, ESET researchers published their analysis of a new variant of the Android malware known as FurBall that APT-C-50 has used in its wider Domestic Kitten campaign. The campaign is known to
A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries
A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update. Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips. What Is Magniber Ransomware? Magniber is a new type of
The Ukrainian authorities have posted information warning of a new ransomware campaign against organizations in the war-torn country. In a brief notice, the Ukrainian CERT said it had discovered phishing emails spoofed to appear as if sent from the “Press Service of the General Staff of the Armed Forces of Ukraine.” If recipients fall for
by Paul Ducklin Apple’s latest collection of security updates has arrived, including the just-launched macOS 13 Ventura, which was accompanied by its own security bulletin listing a whopping 112 CVE-numbered security holes. Of those, we counted 27 arbitrary code execution holes, of which 12 allow rogue code to be injected right into the kernel itself,
- 1
- 2
- 3
- …
- 5
- Next Page »