Month: March 2021

0 Comments
As many as five vulnerabilities have been uncovered in Ovarro’s TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. “Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition,” the U.S. Cybersecurity
0 Comments
A Plano resident has been sent to prison for his part in a multimillion-dollar fraud and money-laundering scheme that victimized school districts, charities, and senior citizens.  In October last year, Babatope Joseph Aderinoye was found guilty of conspiracy to commit bank fraud, wire fraud, and money laundering; wire fraud; aggravated identity theft; and mail fraud.  According to
0 Comments
The Federal Bureau of Investigation has issued a flash alert to Americans highlighting the dangers of Mamba ransomware. According to the Bureau, Mamba has been deployed against local governments, public transportation agencies, legal services, technology services, and industrial, commercial, manufacturing, and construction businesses. The ransomware works by weaponizing an open source full-disk encryption software called DiskCryptor. By encrypting an entire
0 Comments
The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL
0 Comments
Four states have been chosen by the National Governors Association (NGA) for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity.  Kansas, Missouri, Montana, and Washington have all been selected by the NGA Center for Best Practices to work directly with the NGA on cybersecurity governance, workforce development, and government partnership policies.  “Representatives of the four states will
0 Comments
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app
0 Comments
An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon.  As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida. The attacker is
0 Comments
by Paul Ducklin Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS. He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling. (It’s called a bullseye because that’s the tiny,
0 Comments
Money doesn’t buy you happiness – cryptocurrency doesn’t buy you a genuine COVID-19 vaccine INTERPOL and the United States’ Homeland Security Investigations (HSI) have joined the chorus of warnings about online campaigns peddling bogus COVID-19 vaccines as cybercriminals are increasingly attempting to exploit nations’ vaccination programs. “With criminal groups producing, distributing, and selling fake vaccines,
0 Comments
Tax Season is Here: Avoid These Common Scams Targeting Canadians Tax return preparation might be a little more complicated this year than usual for many Canadians with millions receiving Canada Emergency Response Benefit (CERB) payments and about 40% of the Canadian labor force turned to self-employment options to help them financially weather the pandemic storm. Where there’s money and uncertainty, you’re likely to find
0 Comments
A political activist from Ohio has denied impersonating a leader of the political group Black Lives Matter on social media for his own personal profit. Toledo resident Sir Maejor Page, a.k.a. Tyree Conyers-Page, was arrested in September on one count of wire fraud and two counts of money laundering. An investigation was launched into the 32-year-old after
0 Comments
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute
0 Comments
Relay Medical Corporation has completed the acquisition of an Internet of Things (IoT) cybersecurity firm based in Toronto, Canada. The completion of the deal to acquire Cybeats Technologies Inc was announced yesterday, just 20 days after news of the transaction was published. Cybeats was founded in 2016 by Peter Pinsker, Dmitry Raidman, and Vladislav Kharbash. The company
0 Comments
by Harriet Stone Since its launch in 2010, Instagram has seen more than 1 billion accounts opened, and users on the service share close to 100 million photos every day. Instagram’s popularity may be down to the fact that it is a social media network like no other, offering a unique visual twist. Unlike Twitter
0 Comments
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cybercrime in the 2020
0 Comments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE’s Universal Relay (UR) family of power management devices. “Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition,” the agency said in an advisory published