0 Comments
The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.  New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro
0 Comments
Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers The hospitality, travel, and retail industries, which have been hit particularly hard by the COVID-19 pandemic, have also been increasingly targeted by cybercriminals seeking to profit from the dire situation, a report has found. “During the lockdowns in Q1
0 Comments
A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET.  The tweets were
0 Comments
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting
0 Comments
Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,
0 Comments
by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.
0 Comments
In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers. “Google is aware of reports that an exploit for
0 Comments
Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani security
0 Comments
Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer.  The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today.  While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process
0 Comments
by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday
0 Comments
What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? Most of you probably own at least one USB thumb drive, which you typically use either to transfer data or as a backup for sensitive documents. Alternatively, you may like to
0 Comments
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the
0 Comments
Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.  The data’s appearance online follows
0 Comments
The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout Microsoft has rushed out fixes for two security vulnerabilities affecting Microsoft Windows Codecs Library and Visual Studio Code. The security flaws are classified as Remote Code Execution (RCE) vulnerabilities and if successfully exploited could allow threat
0 Comments
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to
0 Comments
A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization.  Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12.
0 Comments
A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices.  Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September
0 Comments
Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security
0 Comments
Iran has reported falling victim to two large-scale cyber-attacks, one of which was leveled at the country’s government institutions. The Iranian government’s Information Technology Organization on Thursday reported that two institutions had been compromised by attackers. No party has claimed responsibility for the attack, and Iranian government officials have not stated whether the attack was domestic or
0 Comments
by Paul Ducklin The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and
0 Comments
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye’s Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations’ networks, in
0 Comments
Students learning remotely in Massachusetts have had their lessons disrupted by distributed-denial-of-service, or DDoS, attacks. Sandwich Public Schools suffered a week of connection issues after what was first identified as a firewall failure occurred on October 8. A new firewall put in place to resolve the issue subsequently crashed, prompting the technology department to source a firewall