Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or
admin
Cybersecurity firm Ericom Software has announced the appointment of Dr Chase Cunningham as its first chief strategy officer. Joining from market research company Forrester, Cunningham will be responsible for shaping Ericom’s strategic vision, roadmap and key partnerships. Cunningham has over 19 years of experience in the cybersecurity sector, with particular expertise in the area of
by Paul Ducklin HTTPS, as you probably know, stands for secure HTTP, and it’s a cryptographic process – a cybersecurity dance, if you like – that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and forth. Encrypting HTTP traffic from
The scam starts with a text warning victims of suspicious activity on their accounts A new SMS-based phishing campaign is doing the rounds that attempts to part PayPal users from their account credentials and sensitive information, BleepingComputer reports. The ploy consists of SMS text messages that impersonate the popular payment processor and inform potential victims
Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally. According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry by cybercriminals when compared to an overall 22% increase in
Microsoft has revealed that the nation state group behind a recent global cyber-espionage campaign managed to view some of the firm’s source code. The tech giant has provided several updates in the wake of the discovery of the campaign, which appears to have targeted mainly US government agencies and tech firms and has been linked
A British court has rejected the U.S. government’s request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates’ Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The “very sophisticated nation-state actor” used the unauthorized access to view, but not modify, the source code present in its repositories, the
The European Court of Human Rights has fallen victim to a cyber-attack after publishing a ruling regarding the fate of an incarcerated Turkish political leader. According to Bloomberg, hackers struck at the Court’s website on Tuesday, knocking it offline for approximately 16 hours. The website has now been restored, and the order is one again accessible
Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to “cut [the company] off at the knees.” A subsidiary of Live Nation, the California-based ticket sales and distribution company used the stolen information to gain an
The infamous advanced persistent threat group (APT) Lazarus is behind two recent cyber-attacks that targeted two separate entities related to COVID-19 research. In one attack, a Ministry of Health body was hit with malware. The other incident involved the use of a different kind of malware against a pharmaceutical company that is developing a vaccine
by Paul Ducklin How did the movie “Hackers” inspire a girl to grow up to become a hacker herself? Find out from security analyst and friendly hacker Keren Elazari. Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career. Keren Elazari Interviewer: Kimberly Truong. Special
Is the message real or fake? Take our Phishing Derby quiz to find out how much you know about phishing. Phishing comes in a number of forms and remains one of the most pervasive online scams, as both consumers and businesses face an incessant stream of unsolicited emails, texts and even phone calls where bad
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified
A man from New York City has been charged with waging a grim cyber-stalking campaign against a female college student. Desmond Babloo Singh allegedly created over 100 accounts on social media platforms and email services and used them to harass a former classmate of his sister for whom he claimed to have developed romantic feelings. Nineteen-year-old Singh
by Paul Ducklin A lot of technical articles, especially in the fields of computer science and information security, put you on the horns of a dilemma. To become an expert, you first need to read the article; yet to understand the article, you first need to be an expert. Well, here on Naked Security, we
Cybercriminals look to cash in on the vaccine rollout, including by falsely offering to help people jump the line The US Department of Treasury has added its voice to a growing chorus of warnings about ransomware attacks, fraud and other cybercrimes that attempt to exploit the rollout of COVID-19 vaccines. “The Financial Crimes Enforcement Network
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries’ vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting similarities
Dozens of customers of a popular smart doorbell are suing the Amazon-owned manufacturer after their devices were hijacked, according to a new class action lawsuit. The new legal case joins together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them. They allege that
UK police also give some food for thought to those on the verge of breaking the law The long arm of the law has caught up with 21 people who are believed to have bought purloined login credentials on the now-defunct WeLeakInfo.com website and used them to break into other people’s online accounts and commit
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of
A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70
The UK’s National Cyber Security Centre (NCSC) has issued its first ever guidance for farmers, in a sign of the growing cyber-threat facing rural businesses. Published on Tuesday, Cybersecurity for Farmers is a comprehensive guide to best practices covering everything from spotting suspicious emails and phone calls to password management, device security and the importance
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. “An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to outbound bandwidth
America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over the widespread impact of a recent hacking attack that compromised the SolarWinds Orion software supply chain. The assault on SolarWinds hit the headlines earlier this month after it was discovered and disclosed by researchers at FireEye. The advanced persistent threat (APT) group behind the attack was
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from
American cybersecurity company White Ops announced today that it has been acquired by Goldman Sachs‘ Merchant Banking Division in partnership with ClearSky Security and NightDragon. Terms of the transaction, which follows Goldman Sachs’ and ClearSky’s initial investment in White Ops earlier this year, were not disclosed. The business was acquired from previous investors Paladin Capital Group, Grotech Ventures, and other shareholders. White Ops was
Cyberthreats can take the fun out of connected gadgets – here’s how to make sure your children enjoy the tech without putting themselves or their family at risk This Holiday season, you may have treated your kids to a smart gadget. But have you also remembered to set up the shiny new device for them
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the NCA said. Of the 21 arrested—all
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 13
- Next Page »