Month: August 2020

0 Comments
Google Android users were pestered last week by a series of fake notifications popping up on their devices. According to Paul Ducklin of Naked Security by Sophos’, the string of phony popups first became an annoyance for users of the Google Hangouts app before bothering users of Microsoft Teams. “Users all over the world, and therefore
0 Comments
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow
0 Comments
The Democratic National Committee sent out a nationwide alert on Wednesday warning romance-seeking campaign staffers to be wary of what information they reveal to people they match with on dating apps. Staffers were instructed to “swipe carefully” and to “trust but verify” any facts they were supplied with by prospective partners. They were also told to use
0 Comments
“In today’s knowledge economy, continual learning is an imperative.” — Those words from Aytekin Tank, the founder of JotForm, are particularly important for anyone working in IT or development. With over 1,000 premium courses (complete list) from top instructors, StackSkills Unlimited provides endless learning opportunities. Right now, you can grab lifetime membership for $59. Categories
0 Comments
A government ministry in Jakarta has suggested that a recent spate of cyber-attacks against its critics could be an attempt by a third party to turn public opinion against the government.  This month, the Southeast Asia Freedom of Expression Network (SafeNet) recorded six cyber-attacks against high-risk groups such as journalists, academics, and activists.  One attack was on
0 Comments
From keeping your account safe to curating who can view your liked content, we look at how you can increase your security and privacy on TikTok TikTok, one of the most recent additions to the roster of major social media platforms, has been enjoying immense popularity since its debut three years ago. The app is
0 Comments
The United States is trying to forfeit 280 cryptocurrency accounts tied to cyber-attacks on two virtual currency exchanges, which were allegedly perpetrated by North Korean threat actors. According to a civil forfeiture complaint filed by the Justice Department yesterday, malicious actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC)
0 Comments
An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware. Detailing the new tactics of the “Charming Kitten” APT group, Israeli firm Clearsky said, “starting July 2020, we have identified a new TTP of
0 Comments
A joint effort by agencies in the United States and Europe has brought down an online piracy group that cost film production studios tens of millions of dollars in lost revenue. Indictments unsealed yesterday in Manhattan federal court charge Umar Ahmad and Jonatan Correa with copyright infringement conspiracy. A third man, George Bridi, was charged with wire
0 Comments
Cybersecurity professionals want stricter measures to tackle the rising amount of online misinformation and fake domains, according to new research by the Neustar International Security Council (NISC). A new report by NISC found that almost half (48%) of cybersecurity professionals regard these problems as a threat to their enterprise, while the other half (49%) rank
0 Comments
Cybercriminals take aim at teleworkers, setting up malicious duplicates of companies’ internal VPN login pages The United States’ Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory to warn about a surge in voice phishing (vishing) attacks targeting staff at a number of companies. The spike in
0 Comments
A cyber-attack has shut down virtual classes in a Los Angeles school district two weeks after the FBI issued a cybersecurity warning to schools offering online learning. In a grim foreshadowing of what was to come, FBI supervisory special agent Corey Harris said on August 11: “We want all school districts to be prepared and understand
0 Comments
Disinformation is a known tool for nation-state threat actors. Learn what it means for threat intelligence practitioners. Tuesday, August 25, 2020 By: Secureworks When the first page of the calendar turned to 2020, none of us knew what would come in a few months’ time. In fact, Secureworks’ Senior Security Researcher Rafe Pilling thought the
0 Comments
Several services, including the national revenue agency, had to be shut down following a series of credential-stuffing attacks Cybercriminals set their sights on the Canadian government at the beginning of August, when several government services were disabled following a series of cyberattacks. On August 15, the Treasury Board Secretariat announced that approximately 11,000 online government
0 Comments
The first day of online classes at a North Carolina school was memorable for all the wrong reasons after a hacker disrupted a lesson with offensive content.  Virtual classes, taught via Google Meet, began at Lee County High School, Sanford, on Monday, August 17, as part of an effort to slow the spread of COVID-19. 
0 Comments
Cross-site scripting has topped the 2020 list of the 25 Most Dangerous Software Weaknesses compiled by the Common Weakness Enumeration (CWE).  The vulnerability, described by the CWE as “improper neutralization of input during web page generation,” was given a threat score of 46.82.  Describing the dangers posed by cross-site scripting (XSS), CWE wrote: “The attacker could transfer private information,
0 Comments
The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed ‘BLINDINGCAN,’ the advanced remote access trojan acts as a backdoor when installed on compromised computers. According to
0 Comments
A new report by Ensono has found that tech conferences are geared specifically toward men and are bad at providing an inclusive experience for women of color. The “2020 Speak Up” report audited 18 major tech conferences from around the world and, in December 2019, surveyed 500 women from the US and the UK who attended a tech conference in
0 Comments
by Younghoo Lee Younghoo Lee is a Senior Data Scientist at Sophos. Together with Joshua Saxe, Sophos Chief Scientist, he recently presented these findings at DEFCON 28 AI Village. Business Email Compromise (BEC), is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn’t,