The United States has imprisoned the cyberstalker of a woman who, as a child, survived a violent assault that claimed the life of her friend. According to court records, the victim was in a Texas bedroom with another girl in December 1999 when an assailant entered and slit both the little girls’ throats. The perpetrator
admin
by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you ‘Half a billion Facebook users’ data breached’, this or something very similar is a headline you may have seen in the media in recent days. Any data breach, especially one that affects such a large quantity of users,
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed “Saint Bot,” the malware is said to have first appeared on the scene in January 2021, with indications that it’s under active development. “Saint Bot is a downloader that appeared quite recently,
Social media giant Facebook has removed thousands of groups from its platforms over the trading of fake and misleading reviews. The cull occurred after two separate interventions by Britain’s competition watchdog, the Competition and Markets Authority (CMA). In January 2020, Facebook committed to improving its identification, investigation, and removal of groups and other pages where
by Paul Ducklin In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”. According to Europol: The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill
The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information Mere days after news broke of a data leak that impacted more than half a billion Facebook users, another massive batch of people’s personal information is being offered for sale on a hacking forum. This time
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that’s similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in
Surging levels of fraud and financial crime during the pandemic threaten to overwhelm banking teams working from home with disjointed internal systems, according to new research from FICO. The predictive analytics company commissioned Omdia to poll 110 senior executives supporting financial crime-fighting efforts in banks across the US, UK, Brazil, Germany, the Nordics and Canada. In
by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with a twist. The end result
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa ESET researchers have discovered a previously undocumented Lazarus backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva. The backdoor consists of multiple components and communicates with its C&C server via the Tor
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business
The legal industry’s first comprehensive data security evaluation and accreditation program has been launched today. The Data Steward Program (DSP), which has been developed by the Association of Corporate Counsel (ACC), will enable quick assessments and comparisons of law firms’ data security standards by prospective clients. The ACC said the program has been introduced in
Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground A cybercriminal has sold almost 900,000 gift cards and over 300,000 payment cards on a top-tier cybercrime forum on the dark web. The total value of the cards was claimed to be some US$38 million. The hacker probably
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. “We no longer believe the git.php.net server has been compromised. However,
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their data via some other means. At the end of the day, fighting ransomware has resulted in the bad actors’ loss of revenue.
Security researchers have discovered new malware disguised as a Netflix application, designed to spread worm-like via victims’ WhatsApp messages. Check Point discovered the wormable malware in an application on the Google Play Store called ‘FlixOnline’. It was designed to attract Android users by promising unlimited entertainment from anywhere in the world, using the Netflix logo to
by Paul Ducklin The Dutch Data Protection Authority (DPA) – the country’s data protection regulator – has fined online travel and hotel booking company Booking.com almost half a million Euros over a data breach. Interestingly, the fine was issued not merely because there was a breach, but because the company didn’t report the breach quickly
ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil ESET Research has been tracking a new banking trojan that has been targeting corporate users in Brazil since 2019 across many verticals affecting sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. This new threat, which we named
Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don’t forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much like we have seen recently with other major ransomware campaigns. In our analysis, we observed that the attackers had access to the network before the infection and were able to collect specific information
Security experts have uncovered a series of close links between ransomware groups Mount Locker and Astro Locker Team, in a new report that will be of interest to incident responders. Sophos’ Managed Threat Response (MTR) team said it recently dealt with an attack that had all the TTPs of a Mount Locker operation. However, when it
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques
The connection between cybersecurity and poet Ralph Waldo Emerson is not directly evident, however he once said, “money often costs too much.” This statement rings true across the financial services industry, as money is a key driver for cybercriminals acting with malicious intent. The always-on eye of Sauron on the financial services industry means there
American multinational technology company Microsoft has been hit by its second outage in two weeks. Striking the company on April Fool’s Day, the substantial cloud outage knocked Microsoft’s Azure cloud services, Teams, Office 365, and OneDrive offline. Skype, Xbox Live, and Bing were also impacted. News of the outage began emanating from Twitter users at around 5pm ET yesterday.
In what’s likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other
The MITRE ATT&CK® Framework proves that authority requires constant learning and the actionable information it contains has never held greater currency. Likewise, XDR, the category of extended detection and response applications, is quickly becoming accepted by enterprises and embraced by Gartner analysts, because they “improve security operations productivity and enhance detection and response capabilities.” It is less well known how these tools align
A cyber-bully has been fined for sending hateful messages to a professional wrestler before she took her own life. Japanese wrestler and Netflix reality show star Hana Kimura was just 22 years old when she killed herself on May 23 last year by inhaling toxic gas in her Tokyo home. Kimura became a target for internet trolls
Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What’s more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the
Myth-busting Antivirus Assumptions The number of new viruses grows every day. In fact, McAfee recently registered a 605% increase in total Q2 COVID-19 themed threat detections, contributing to the millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software is one of the best ways
- 1
- 2
- 3
- …
- 12
- Next Page »