Month: October 2020

0 Comments
United States Assistant Attorney General Beth Williams has called for people to come together to protect children from being exploited.  Speaking yesterday at a Columbia Law School virtual event, Williams said: “Addressing the problem of online child exploitation requires that all of civil society work collaboratively—including law enforcement, non-governmental organizations, private industry, and individual citizens.”
0 Comments
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to have gone “back
0 Comments
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and
0 Comments
An urban regeneration project is seeking to train a “digital army” of young people to protect the United Kingdom’s businesses and organizations from cyber-attackers.  The HALO project is seeking to recruit people aged 16-24 under its #RockStars program and train them “in the latest digital and cyber skills and techniques” from a new site in Kilmarnock,
0 Comments
Schools have admitted to creating gaps in their security by rapidly transitioning to remote education in an attempt to slow the spread of COVID-19. The admission was announced today by cybersecurity company Netwrix, as one of several additional findings from its “2020 Cyber Threats Report“ that examined how the coronavirus pandemic and remote learning initiatives have changed the IT
0 Comments
In-game chats were flooded with messages from somebody who tried to coerce players into subscribing to a dubious YouTube channel InnerSloth, the developer of the popular whodunnit social deduction game Among Us, has had to fight off a cyberattack affecting its players during their online matches. The incident that started some time on Thursday took the
0 Comments
Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list here) were downloaded nearly eight million times from
0 Comments
The US Space and Rocket Center and the Federal Bureau of Investigation have entered into a joint agreement in support of US Cyber Camp. The camp is the newest of four STEM (science, technology, engineering, and mathematics) camp programs to be launched by the Rocket Center, a museum in Alabama that showcases the rockets, achievements, and
0 Comments
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. “Links shared in chats may contain private information intended only for the
0 Comments
A federal judge has approved a multi-million-dollar settlement to resolve claims made by financial institutions against Equifax following a data breach three years ago.  Between May and June 2017, cyber-criminals gained access to around 150 million records of Atlanta-based credit monitoring service Equifax by exploiting an unpatched Apache Struts vulnerability.  The breach impacted roughly 56% of America’s population and
0 Comments
The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the “most disruptive and destructive series
0 Comments
The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.  New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro
0 Comments
Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers The hospitality, travel, and retail industries, which have been hit particularly hard by the COVID-19 pandemic, have also been increasingly targeted by cybercriminals seeking to profit from the dire situation, a report has found. “During the lockdowns in Q1
0 Comments
A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET.  The tweets were
0 Comments
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting
0 Comments
Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,
0 Comments
by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.
0 Comments
In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers. “Google is aware of reports that an exploit for
0 Comments
Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani security
0 Comments
Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer.  The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today.  While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process
0 Comments
by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday
0 Comments
What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? Most of you probably own at least one USB thumb drive, which you typically use either to transfer data or as a backup for sensitive documents. Alternatively, you may like to