Month: January 2021

0 Comments
An end-to-end multicloud technology solutions company based in Texas has been recognized for achieving workplace equality for a fourth consecutive year. Rackspace Technology announced today that it received a score of 100 on the Human Rights Campaign (HRC) Foundation’s 2021 Corporate Equality Index (CEI) and was named as one of the “Best Places to Work for
0 Comments
The organizers of an English beauty pageant established over nine decades ago are being held to ransom by cyber-criminals. The Daily Mail reports that malicious hackers targeted the organizers of Miss England on Tuesday night with a sophisticated online scam.  Pageant organizer and former Miss England Angie Beasley was sent what appeared to be an authentic message from the
0 Comments
As schools and students continue to contend with the very real cyber-risks of virtual classrooms, we share some advice for protecting children’s data and privacy The COVID-19 pandemic is still here, with pupils and students still soldiering on mostly remotely and focusing on their education from the confines of their houses. While another semester studying
0 Comments
The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest
0 Comments
A retired Nevada cop who headed up a Cyber Crimes Unit has been charged with burglary, bigamy, and forgery.  Former Washoe County Sheriff’s deputy Dennis Carry was arrested on Tuesday on seven different felony counts following a two-year investigation by the Reno Police Department.  The 46-year-old was previously in charge of the Cyber Crimes Unit at the Washoe County
0 Comments
by Paul Ducklin If you’re a user of the venerable, powerful and popular open source programming language Perl, you’ll almost certainly have visited its official website at some point, at: https://perl.org. You may very well also have visited its sister site perl.com, which until very recently looked like this: Main page of perl.com on 2021-01-25,
0 Comments
The law enforcement action is one of the most significant operations against cybercriminal enterprises ever Europol has announced the disruption of the Emotet botnet, one of the longest-lived and most pervasive malware threats, following a large-scale operation that also included a number of national law enforcement agencies across Europe and North America. Authorities in the
0 Comments
The United States Department of Justice has launched a global law enforcement action against a cyber-criminal gang that has made millions by selling ransomware-as-a-service (RaaS). A coordinated international law enforcement action to disrupt NetWalker was announced by the Department yesterday. NetWalker ransomware has claimed numerous victims, including companies, municipalities, hospitals, law enforcement departments, emergency services, school districts,
0 Comments
by Harriet Stone Harriet Stone Hello, Naked Security readers. I’m Harriet Stone, an intern in the Sophos marketing team. Seven months of working (virtually) with cybersecurity professionals has made me realise just how unaware many students are when it comes to their online security. Even before the COVID-19 pandemic drove a switch to online learning,
0 Comments
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed “Oscorp” by Italy’s CERT-AGID, the malware “induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the
0 Comments
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s no predetermined quarterly schedule for
0 Comments
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app Android users should watch out for new wormable malware that spreads through WhatsApp and lures the prospective victims into downloading an app from a website masquerading as Google Play. ESET malware researcher Lukas Stefanko looked
0 Comments
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab‘s investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have
0 Comments
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation
0 Comments
Multi-cloud and multi-ERP managed cloud services provider Syntax released its first ever “IT Trends Report” today. The report is based on an October 2020 survey of 500 IT leaders and decision makers in the US who were asked to describe how the COVID-19 pandemic had impacted their businesses and to share the strategic decisions they plan to make in
0 Comments
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration
0 Comments
A man from Texas has been convicted of operating a website dedicated to publishing stories detailing the sexual abuse of children. Brewster County resident Thomas Alan Arthur was convicted by a federal jury on January 21 following a trial that lasted three days.  According to trial evidence, the 64-year-old started operating a website called Mr. Double in
0 Comments
A former home security technician has admitted habitually hacking into customers’ home surveillance cameras to spy on people without their consent.  Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT.  The 35-year-old carried out the cyber-intrusions for
0 Comments
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle
0 Comments
The European Data Protection Board has issued new advice to hospitals regarding what action to take in the event of a cyber-attack. Currently released in draft form, the new set of recommendations urges healthcare providers hit with ransomware to report the attack even if no patient data is accessed or exfiltrated.  The guidelines state: “The internal documentation