Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
admin
Social media company Twitter has cited the recent protests at the United States’ Capitol building in its decision to permanently suspend tens of thousands of user accounts. On January 6, protestors forced their way into the Capitol building, interrupting a Joint Session of Congress in which the results of the 2020 US presidential election were
by Paul Ducklin Here’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential. Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what’s making the news. Here are 5 common scams you should look out for. Cybercriminals can be very creative when it comes to swindling people out of money. They will use a variety of methods to
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL
Bridewell Consulting has announced the appointment of Martin Riley as its director of managed security services. Riley, who has joined Bridewell’s board from today, is tasked with leading the expansion of the cybersecurity and data privacy consultancy’s managed security service (MSS) portfolio. This includes its 24/7 security operations center (SOC) and managed detection and response (MDR)
by Paul Ducklin In July 2018, after many years of using Yubico security key products for two-factor authentication (2FA), Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented
A cyber-attack on a Vermont healthcare provider has delayed the rollout of an electronic health record (EHR) system and cost millions of dollars in lost revenue. The University of Vermont Health Network, which is based in Burlington, was hit by ransomware in October 2020, and is yet to make a full recovery. Most computer systems have
The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. “On December 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global
A Russian hacker who was instrumental in one of the largest thefts in history of US customer data from a single financial institution has been sentenced to prison. Moscow resident Andrei Tyurin, also known as Andrei Tiurin, was part of an international hacking campaign that compromised the computer systems of major financial institutions, brokerage firms, news agencies,
Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems Google and Mozilla are each urging users to patch serious vulnerabilities in their respective web browsers, Chrome and Firefox, that could be exploited to allow threat actors to take over users’ systems. The security fixes will be rolled out
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in
The notorious Emotet Trojan is back at the top of the malware charts, having had a makeover designed to make it more effective at escaping detection. Check Point’s newly released Global Threat Index for December 2020 revealed that the malware variant bounced back from fifth place in November. It now accounts for 7% of malware
by Paul Ducklin Towards the end of 2020, a researcher at Dutch cybersecurity company EYE was taking a look at the firmware of a Zyxel network router. He examined the password database that shipped in the firmware and noticed an unusual username of zyfwp. That name didn’t show up in the official list of usernames
Many users have until February 8 to accept the new rules – or else lose access to the app In a major update to its Privacy Policy and Terms of Service, WhatsApp is notifying users in many parts of the world that as of February 8 it will share some of their data with Facebook,
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote
Enterprise security firm Panaseer has announced the appointment of Jonathan Gill as its new CEO. Gill succeeds Panaseer founder Nik Whitfield in the role, with Whitfield becoming chairman and chief seer of the organization. Gill brings a proven record of accomplishment in both leadership and sales, with previous roles including VP EMEA at RSA Security,
by Paul Ducklin We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music: Edith Mudge. LISTEN NOW
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account
Secure Chorus, a not-for-profit membership organization for the development of strategies, standards and capabilities in the field of information security, has announced the transfer of ownership of its interoperability standards for enterprise grade encrypted messaging apps to the European Telecommunication Standards Institute (ETSI). ETSI produces globally applicable standards for ICT-enabled systems, applications and services deployed
It’s hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web More than 500,000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or
Cybersecurity firm Ericom Software has announced the appointment of Dr Chase Cunningham as its first chief strategy officer. Joining from market research company Forrester, Cunningham will be responsible for shaping Ericom’s strategic vision, roadmap and key partnerships. Cunningham has over 19 years of experience in the cybersecurity sector, with particular expertise in the area of
by Paul Ducklin HTTPS, as you probably know, stands for secure HTTP, and it’s a cryptographic process – a cybersecurity dance, if you like – that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and forth. Encrypting HTTP traffic from
The scam starts with a text warning victims of suspicious activity on their accounts A new SMS-based phishing campaign is doing the rounds that attempts to part PayPal users from their account credentials and sensitive information, BleepingComputer reports. The ploy consists of SMS text messages that impersonate the popular payment processor and inform potential victims
Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally. According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry by cybercriminals when compared to an overall 22% increase in
Microsoft has revealed that the nation state group behind a recent global cyber-espionage campaign managed to view some of the firm’s source code. The tech giant has provided several updates in the wake of the discovery of the campaign, which appears to have targeted mainly US government agencies and tech firms and has been linked
A British court has rejected the U.S. government’s request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates’ Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The “very sophisticated nation-state actor” used the unauthorized access to view, but not modify, the source code present in its repositories, the
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 13
- Next Page »