An end-to-end multicloud technology solutions company based in Texas has been recognized for achieving workplace equality for a fourth consecutive year. Rackspace Technology announced today that it received a score of 100 on the Human Rights Campaign (HRC) Foundation’s 2021 Corporate Equality Index (CEI) and was named as one of the “Best Places to Work for
Month: January 2021
by Paul Ducklin Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy Guard team’s own widely deployed
A “persistent attacker group” with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250
The organizers of an English beauty pageant established over nine decades ago are being held to ransom by cyber-criminals. The Daily Mail reports that malicious hackers targeted the organizers of Miss England on Tuesday night with a sophisticated online scam. Pageant organizer and former Miss England Angie Beasley was sent what appeared to be an authentic message from the
by Paul Ducklin What’s the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And who would you call if you spotted a deceased former colleague hanging out on your network? With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith
As schools and students continue to contend with the very real cyber-risks of virtual classrooms, we share some advice for protecting children’s data and privacy The COVID-19 pandemic is still here, with pupils and students still soldiering on mostly remotely and focusing on their education from the confines of their houses. While another semester studying
The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest
A retired Nevada cop who headed up a Cyber Crimes Unit has been charged with burglary, bigamy, and forgery. Former Washoe County Sheriff’s deputy Dennis Carry was arrested on Tuesday on seven different felony counts following a two-year investigation by the Reno Police Department. The 46-year-old was previously in charge of the Cyber Crimes Unit at the Washoe County
by Paul Ducklin If you’re a user of the venerable, powerful and popular open source programming language Perl, you’ll almost certainly have visited its official website at some point, at: https://perl.org. You may very well also have visited its sister site perl.com, which until very recently looked like this: Main page of perl.com on 2021-01-25,
The law enforcement action is one of the most significant operations against cybercriminal enterprises ever Europol has announced the disruption of the Emotet botnet, one of the longest-lived and most pervasive malware threats, following a large-scale operation that also included a number of national law enforcement agencies across Europe and North America. Authorities in the
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed “BlastDoor,” the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project
The United States Department of Justice has launched a global law enforcement action against a cyber-criminal gang that has made millions by selling ransomware-as-a-service (RaaS). A coordinated international law enforcement action to disrupt NetWalker was announced by the Department yesterday. NetWalker ransomware has claimed numerous victims, including companies, municipalities, hospitals, law enforcement departments, emergency services, school districts,
by Harriet Stone Harriet Stone Hello, Naked Security readers. I’m Harriet Stone, an intern in the Sophos marketing team. Seven months of working (virtually) with cybersecurity professionals has made me realise just how unaware many students are when it comes to their online security. Even before the COVID-19 pandemic drove a switch to online learning,
The company emits emergency updates to fix bugs affecting devices ranging from iPhones to Apple Watches Apple has rolled out an update for its iOS and iPadOS operating systems to patch three zero-day security flaws that are being actively exploited in the wild. The trio of flaws affects various versions of iPhones and iPads and
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed “Oscorp” by Italy’s CERT-AGID, the malware “induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the
Speaking at the RSAC 365 Virtual Summit Jason Rivera, director, Strategic Threat Advisory Group at CrowdStrike, explored how the COVID-19 health crisis has fundamentally altered the attack surface for organizations across the world. “We had to use the internet so much more than we ever have in the past. If we use the internet more,
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s no predetermined quarterly schedule for
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app Android users should watch out for new wormable malware that spreads through WhatsApp and lures the prospective victims into downloading an app from a website masquerading as Google Play. ESET malware researcher Lukas Stefanko looked
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab‘s investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation
Multi-cloud and multi-ERP managed cloud services provider Syntax released its first ever “IT Trends Report” today. The report is based on an October 2020 survey of 500 IT leaders and decision makers in the US who were asked to describe how the COVID-19 pandemic had impacted their businesses and to share the strategic decisions they plan to make in
by Paul Ducklin Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave. In particular, most companies have a slick and quick procedure for removing ex-staff from the payroll. Firstly, it doesn’t make economic sense to pay someone who is no longer entitled to the
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration
A man from Texas has been convicted of operating a website dedicated to publishing stories detailing the sexual abuse of children. Brewster County resident Thomas Alan Arthur was convicted by a federal jury on January 21 following a trial that lasted three days. According to trial evidence, the 64-year-old started operating a website called Mr. Double in
by Paul Ducklin Here’s our latest Naked Security Live talk, where we talk about the difference between online “secrets” that aren’t really secret but were hidden away to be found as a bit of fun… …and genuine secrets, such as passwords and encryption keys, that get “hidden” away in apps or websites in the hope
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a
A former home security technician has admitted habitually hacking into customers’ home surveillance cameras to spy on people without their consent. Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT. The 35-year-old carried out the cyber-intrusions for
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle
The European Data Protection Board has issued new advice to hospitals regarding what action to take in the event of a cyber-attack. Currently released in draft form, the new set of recommendations urges healthcare providers hit with ransomware to report the attack even if no patient data is accessed or exfiltrated. The guidelines state: “The internal documentation
by Paul Ducklin Remember Apple’s TouchID sensor, which created quite a stir way back in 2013 when the iPhone 5s came out with a home button that could also read your fingerprint? It wasn’t that having a fingerprint scanner was a new thing, even in 2013, but that the integration of the home button and