Small-business owners are worried that their employees’ use of social media is a potential security risk, according to new research by the Cyber Readiness Institute. A survey of 400 SMB owners and 1,059 US workers found that 56% of owners believe that their employees’ social media use poses a cybersecurity threat to their business.  Despite their

by Sean Gallagher Internet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise. At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and

Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime.  The DOJ issued a fraud alert on Friday in which it strongly encouraged the public to remain vigilant and urged them not to provide personal information over the phone to anyone claiming to be from the department. An alert

Ransomware could pose a significant threat to the US election infrastructure, as aging software and potentially vulnerable voting machines could be targeted by criminal elements or by foreign-based cyber-attacks. According to NTT Ltd.’s global threat report for September, ransomware could be deployed and lay in wait to be activated on election day, or once voting machines

Warner Music Group has issued a data breach notification following a prolonged skimming attack on an undisclosed number of its e-commerce websites. The cyber-attack was discovered by the multinational entertainment and record label conglomerate on August 5, 2020.  E-commerce websites that are hosted and supported by an external service provider in the US but operated

Marginalized Americans interested in pursuing a career in technology received a boost yesterday with the launch of a free online training program. The Agile Testing Bootcamp is a six-week program geared specifically toward upskilling individuals with non-technical backgrounds to obtain high-paying, high-demand technical jobs in software testing. The program was created by Los Angeles software firm QualityWorks and is

Distributed denial of service (DDoS) attacks against online educational resources are over three times more prevalent in 2020 than they were last year, according to new research by Kaspersky. In a report published today, researchers found that between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350%, compared to the

by Paul Ducklin Sophos Phish Threat, in its own words, is a phishing attack simulator – it lets your IT department send realistic-looking fake phishes to your own staff so that if they do slip up, and click through… …it’s not the crooks on the other end. The crooks are testing you all the time,

America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) requiring the development and publication of vulnerability disclosure policies (VDPs).  A BOD is a compulsory direction to federal executive branch departments and agencies for purposes of safeguarding federal information and information systems. BOD 20-01, officially finalized yesterday, requires most executive branch agencies to create a

by Paul Ducklin Well-known US cybercrime journalist Brian Krebs recently published a warning about vishing attacks against business users. The FBI promptly followed up on Krebs’s article with a warning of its own, dramatically entitled Cyber criminals take advantage of increased telework through vishing campaign. So, what is vishing? And how does it differ from

An American who was employed to moderate disputes on an illegal darknet marketplace has been sentenced to 11 years in prison. Bryan Connor Herrell, of Aurora, Colorado, was hired by AlphaBay to settle arguments between vendors and purchasers.  The site operated by his employers facilitated hundreds of thousands of illicit transactions in which guns, drugs, credit cards

by Paul Ducklin Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage, via an innocent-sounding One Note document, and right into harm’s way. Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in

A white supremacist from Florida has been sentenced to 41 months in prison for threatening an African American who announced his candidacy for city council; he was also convicted of cyber-stalking another victim. In April 2020, Daniel McMahon pleaded guilty to using social media platform Gab to threaten a man identified in court as D.G. after learning in January 2019

Google Android users were pestered last week by a series of fake notifications popping up on their devices. According to Paul Ducklin of Naked Security by Sophos’, the string of phony popups first became an annoyance for users of the Google Hangouts app before bothering users of Microsoft Teams. “Users all over the world, and therefore