admin

0 Comments
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two
0 Comments
The cybercrime gang Netwalker claims to have exfiltrated data from the College of the Nurses of Ontario in a ransomware attack. A screenshot of data allegedly swiped from the college was posted on Netwalker’s website, where the college’s name has been added to a growing list of the gang’s victims. In a sparsely detailed statement issued yesterday,
0 Comments
When it comes to coercing people into parting with their money, cybercriminals seem to have an endless bag of tricks to choose from. There are some tricks, that they favor more than others, one of which is extortion. According to the FBI’s latest Internet Crime Report, US victims of extortion lost some US$107.5 million to these crimes last year.
0 Comments
The former CEO of the UK government’s National Cyber Security Centre (NCSC) has joined Paladin Capital Group as a managing director.  The appointment of Ciaran Martin by the global cyber and deep tech investor, headquartered in Washington, DC, was announced today.   Previously, Martin was hired as director of security and intelligence at the Cabinet Office in 2008,
0 Comments
by Paul Ducklin You’ve probably heard terms like “spray-and-pray” and “fire-and-forget” applied to cybercriminality, especially if your involvement in cybersecurity goes back to the early days of spamming and scamming. Those phrases recognise that sending unsolicited email is annoyingly cheap and easy for cybercrooks, who generally don’t bother running servers of their own – they
0 Comments
The most common threat in the cybersecurity world often sounds like a plot from a blockbuster movie. The clock is ticking… You have only a few hours… Can you solve the mystery before you have to pay the ransom? According to Secureworks’ Director of Intelligence, Mike McLellan, year after year, threat actors around the world
0 Comments
The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target Rana
0 Comments
The US has indicted two Iranians in connection with the theft of hundreds of terabytes of sensitive data from computers in America, Europe, and the Middle East.  Hooman Heidarian, aged 30, and Mehdi Farhadi, 34, were allegedly involved in a slew of coordinated hacks perpetrated to make money or for political reasons.  Data stolen in the attacks
0 Comments
The cyber attack affects 14 inboxes belonging to the Department of Justice was confirmed by ESET researchers.  ESET’s team of malware researchers in Montreal, in collaboration with journalist Hugo Joncas, helped shed light on a cyber attack that affected the Quebec Department of Justice.  Indeed, on August 11 and 12, the Department of Justice suffered a cyber attack in which malicious actors used malicious software to infect 14 inboxes under the Department‘s
0 Comments
A lawsuit has been filed against Warner Music Group following the disclosure of a data breach that compromised customers’ sensitive personal information. Warner notified customers of a breach earlier this month after discovering a number of its e-commerce websites had fallen victim to a prolonged skimming attack.  Attackers were able to access personal data entered
0 Comments
Zoom now supports phone calls, text messages and authentication apps as forms of two-factor authentication   Zoom is rolling out support for two-factor authentication (2FA) across its web, desktop, and mobile applications, allowing users to double down on the security of their accounts with an extra layer of protection.  For context, 2FA systems require users to pass authentication
0 Comments
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world. Named as APT41 and also known as ‘Barium,’ ‘Winnti, ‘Wicked Panda,’ and ‘Wicked Spider,’ the cyber-espionage group has been operating since at least
0 Comments
A New Jersey man who physically installed keyloggers onto the computer networks of his rivals to steal trade secrets has been sent to prison for nearly eight years.  Ankur Agarwal, of Montville, pleaded guilty to two counts of obtaining information from computers and one count of aggravated identity theft in federal court in Newark back in October
0 Comments
Privacy issues have been detected in an official application of the Joe Biden campaign. The Vote Joe app uses relational organizing to allow users to share data about themselves and their contacts with a voter database run by Target Smart, a service claiming to have over 191 million voter records.   A user who syncs their contacts with
0 Comments
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret
0 Comments
A member of an organization dedicated to disrupting America’s political system has been charged with wire fraud conspiracy.  Project Lakhta manager Artem Mikhaylovich Lifshits of St. Petersburg, Russia, is accused of using IDs stolen from US citizens to open fraudulent accounts at banking and cryptocurrency exchanges.  According to a criminal complaint filed yesterday in the Eastern District
0 Comments
Cyber-criminals who launched a ransomware attack on a US court have published what they claim are stolen court documents online.  Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use
0 Comments
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both —
0 Comments
The data of around 100,000 Razer customers has been exposed online following a misconfiguration faux pas. The lapse by the global hardware manufacturing company and eSports and financial services provider was discovered by cybersecurity expert Volodymyr “Bob” Diachenko. Customer data impacted by the cyber-slipup included full name, email, phone number, customer internal ID, order number, order details, and billing
0 Comments
Oregon’s largest city aims to be a trailblazer when it comes to facial recognition legislation . On Wednesday, The Portland City Council passed what could be considered one of the strictest facial recognition bans in the United States. The legislation bans both city government agencies and private businesses from using the technology on the city’s grounds.  While bans on the public
0 Comments
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. “The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR),” ESET researchers said in a Thursday