Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani security
admin
Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer. The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today. While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process
by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday
What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? Most of you probably own at least one USB thumb drive, which you typically use either to transfer data or as a backup for sensitive documents. Alternatively, you may like to
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the
Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers. The data’s appearance online follows
by Naked Security writer You’ve probably seen the news that six Russians, allegedly employed by the Russian Main Intelligence Directorate, better known as the GRU, have been charged with cybercrimes by the US Department of Justice (DOJ). The DOJ alleges that the defendants, all men, “caused damage and disruption to computer networks worldwide, including in
The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout Microsoft has rushed out fixes for two security vulnerabilities affecting Microsoft Windows Codecs Library and Visual Studio Code. The security flaws are classified as Remote Code Execution (RCE) vulnerabilities and if successfully exploited could allow threat
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to
A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization. Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12.
by Paul Ducklin Here’s the latest episode of our weekly Naked Security Live video series. By the way, if you want to ask questions in real time while we’re online, we’d love you to join in live – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to
Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect
A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices. Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September
You don’t need a degree in cybersecurity or a bottomless budget to do the security basics well – here are five things that will get you on the right track Many home offices are merely a corporate tentacle complete with a virtual private network (VPN), remotely managed workstations with IT experts at the corporate offices
Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security
Iran has reported falling victim to two large-scale cyber-attacks, one of which was leveled at the country’s government institutions. The Iranian government’s Information Technology Organization on Thursday reported that two institutions had been compromised by attackers. No party has claimed responsibility for the attack, and Iranian government officials have not stated whether the attack was domestic or
by Paul Ducklin The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and
School closings and more screen time can ultimately put children at an increased risk of being kidnapped by strangers they met online With the pandemic-forced closure of schools and a surplus of free time on their hands, minors are currently at greater risk of encountering all manner of criminals online, warns the FBI’s Internet Crime Complaint Center
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye’s Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations’ networks, in
Students learning remotely in Massachusetts have had their lessons disrupted by distributed-denial-of-service, or DDoS, attacks. Sandwich Public Schools suffered a week of connection issues after what was first identified as a firewall failure occurred on October 8. A new firewall put in place to resolve the issue subsequently crashed, prompting the technology department to source a firewall
by Paul Ducklin In this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find the source of mysterious beeping from every computer in the office. Presenters: Kimberly Truong, Doug Aamoth and
The videoconferencing platform is making the feature available to users of both free and paid tiers The Zoom videoconferencing platform has announced that starting next week it will begin rolling out long-awaited end-to-end encryption (E2EE) to users. The feature will be released as a technical preview, with the company proactively seeking the feedback of its
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ
Twitter temporarily suspended the account of the president of the United States’ election campaign for “posting private information.” The account @TeamTrump was locked for attempting to tweet a video referencing a recent article by the New York Post along with text describing presidential candidate Joe Biden as “a liar who has been ripping off our country for years.” The New
by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on
Some footage has already appeared on adult sites, with cybercriminals offering lifetime access to the entire loot for US$150 A hacker collective claims to have breached over 50,000 home security cameras before going on to steal people’s private footage and post some of it online. While a considerable portion of the videos seems to have
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people
Carnival Corporation has disclosed that passenger and employee data from three different cruise lines was accessed in a ransomware attack that took place in August. On August 15, the British-American cruise operator discovered that an unauthorized third party had compromised its computer system and downloaded data files. An update issued by the corporation yesterday states that personal data
by Paul Ducklin Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. After all, why risk letting the crooks sneak in front of you when you could take a
Bad actors have accessed US elections support systems, although there’s no evidence to suggest that election data has been compromised, say FBI and CISA Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United