Throw open the windows and let in some fresh air. It’s time for spring cleaning. And that goes for your digital stuff too. Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and
admin
The UK’s quest for unhindered data flows to and from the EU took another important step forward yesterday after the European Data Protection Board (EDPB) approved the Commission’s draft adequacy decisions. Adequacy decisions are the process by which the European Union decides whether countries outside the bloc offer an adequate level of protection for the
by Paul Ducklin Remember HAFNIUM? Of course you do – it was the name behind a foursome of Exchange bugs that got patched in an emergency update early in March 2021. Even though there was just a week to go until March 2021’s Patch Tuesday, Microsoft decided to issue what have become known as the
Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities The United States’ Federal Bureau of Investigation (FBI) has carried out a court-approved operation to “copy and remove” malicious web shells from hundreds of systems across the US that were compromised through the mass exploitation of zero-day flaws in Microsoft Exchange Server
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. “Desktop applications which pass
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically posing as app security scanners. These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device
Thycotic and Centrify have completed their previously-announced merger, and are now operating under the temporary name of ThycoticCentrify, it has been announced. The two cybersecurity firms have joined together to form a single cloud identity security vendor, pooling their respective expertise and tools in the area of privileged access management (PAM). The announcement comes amid
by Paul Ducklin Here’s another BWAIN, which is our shorthand for Bug With An Impressive Name. That’s the abbreviation we use for bugs that end up with names, logos and even dedicated websites that are catchy, cool, fancy, important or dramatic, and sometimes even all of these at the same time. Classic examples of the
Reports of another trove of scraped user data add to the recent woes of popular social media platforms It seems that threat actors are increasingly setting their sights on extracting vast amounts of data from social media platforms. The cascade of incidents started off with a data leak impacting more than half a billion Facebook
One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves. This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate “best in class” components instead of finding the best
Let’s Make Security Easy I’ve been hearing a lot lately about tech and information overload, which is understandable given that the average U.S. household now has access to more than ten devices. (No wonder we are all spending more time online!) While technology allows us to be incredibly productive and connected, it can make our
Cyber-attacks against global financial institutions are increasingly characterized by attempts to counter incident response, with destructive efforts surging 118% over the past year, according to VMware. The tech giant’s Modern Bank Heists 4.0 report was compiled from interviews with over 120 CISOs and security leaders from some of the world’s biggest banks. It revealed that
by Paul Ducklin An iPhone and Android app called NHS COVID-19 is the official iPhone and Android coronavirus contact tracing software for the vast majority of the population of Great Britain. (England and Wales have standardised on NHS COVID-19, but Scotland has gone down a different path with an app of its own.) Today also
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for
The McAfee Advanced Threat Research team today published the McAfee Labs Threats Report: April 2021. In this edition, we present new findings in our traditional threat statistical categories – as well as our usual malware, sectors, and vectors – imparted in a new, enhanced digital presentation that’s more easily consumed and interpreted. Historically, our reports
The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA), a new study from the FIDO Alliance has revealed. The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany and the US.
by Paul Ducklin Sometimes, cybercrooks claim to speak from a higher authority than just a missed home delivery… …sometimes they masquerade as an official government body, complete with all the right logos, the right terminology and even a realistic-looking website carefully cloned from the real deal. Learn more about “government” scams and how to avoid
How can organizations tackle the growing menace of attacks that shake trust in software? Cybersecurity is only as good as the weakest link, and in a supply chain this could be virtually anywhere. The big questions may be, “what and where is the weakest link?” and “is it something that you have control over and
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative
The United States has imprisoned the cyberstalker of a woman who, as a child, survived a violent assault that claimed the life of her friend. According to court records, the victim was in a Texas bedroom with another girl in December 1999 when an assailant entered and slit both the little girls’ throats. The perpetrator
by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, Doug Aamoth and Paul Ducklin.
Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you ‘Half a billion Facebook users’ data breached’, this or something very similar is a headline you may have seen in the media in recent days. Any data breach, especially one that affects such a large quantity of users,
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed “Saint Bot,” the malware is said to have first appeared on the scene in January 2021, with indications that it’s under active development. “Saint Bot is a downloader that appeared quite recently,
Social media giant Facebook has removed thousands of groups from its platforms over the trading of fake and misleading reviews. The cull occurred after two separate interventions by Britain’s competition watchdog, the Competition and Markets Authority (CMA). In January 2020, Facebook committed to improving its identification, investigation, and removal of groups and other pages where
by Paul Ducklin In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”. According to Europol: The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill
The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information Mere days after news broke of a data leak that impacted more than half a billion Facebook users, another massive batch of people’s personal information is being offered for sale on a hacking forum. This time
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that’s similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in
Surging levels of fraud and financial crime during the pandemic threaten to overwhelm banking teams working from home with disjointed internal systems, according to new research from FICO. The predictive analytics company commissioned Omdia to poll 110 senior executives supporting financial crime-fighting efforts in banks across the US, UK, Brazil, Germany, the Nordics and Canada. In
by Paul Ducklin The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions. Indeed, Pwn2Own is a bug bounty program with a twist. The end result
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa ESET researchers have discovered a previously undocumented Lazarus backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva. The backdoor consists of multiple components and communicates with its C&C server via the Tor
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 14
- Next Page »