An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon. As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida. The attacker is
admin
by Paul Ducklin Regular Naked Security readers will know we’re huge fans of Alan Turing OBE FRS. He was chosen in 2019 to be the scientist featured on the next issue of the Bank of England’s biggest publicly available banknote, the bullseye, more properly Fifty Pounds Sterling. (It’s called a bullseye because that’s the tiny,
Money doesn’t buy you happiness – cryptocurrency doesn’t buy you a genuine COVID-19 vaccine INTERPOL and the United States’ Homeland Security Investigations (HSI) have joined the chorus of warnings about online campaigns peddling bogus COVID-19 vaccines as cybercriminals are increasingly attempting to exploit nations’ vaccination programs. “With criminal groups producing, distributing, and selling fake vaccines,
Merely weeks after releasing out-of-band patches for iOS, macOS, and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process
Tax Season is Here: Avoid These Common Scams Targeting Canadians Tax return preparation might be a little more complicated this year than usual for many Canadians with millions receiving Canada Emergency Response Benefit (CERB) payments and about 40% of the Canadian labor force turned to self-employment options to help them financially weather the pandemic storm. Where there’s money and uncertainty, you’re likely to find
A political activist from Ohio has denied impersonating a leader of the political group Black Lives Matter on social media for his own personal profit. Toledo resident Sir Maejor Page, a.k.a. Tyree Conyers-Page, was arrested in September on one count of wire fraud and two counts of money laundering. An investigation was launched into the 32-year-old after
by Paul Ducklin How a social engineer ripped off a victim lured in by one of those “small outstanding fee to pay” home delivery scams. The ransomware crooks targeting networks that still haven’t done their Hafnium patches. And the Linux kernel security holes that lay there undiscovered for 15 years. With Kimberly Truong, Doug Aamoth
The company was left to deal with three months’ worth of IT problems An IT contractor has been sentenced to two years in prison and ordered to pay $567,000 in restitution to cover the damage he caused by deleting the majority of a company’s Microsoft Office 365 user accounts in an act of revenge, according
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute
What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes Imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everyone is moving smoothly at a crisp, legal speed limit. Then, as you approach an entry ramp, more cars join.
Relay Medical Corporation has completed the acquisition of an Internet of Things (IoT) cybersecurity firm based in Toronto, Canada. The completion of the deal to acquire Cybeats Technologies Inc was announced yesterday, just 20 days after news of the transaction was published. Cybeats was founded in 2016 by Peter Pinsker, Dmitry Raidman, and Vladislav Kharbash. The company
by Harriet Stone Since its launch in 2010, Instagram has seen more than 1 billion accounts opened, and users on the service share close to 100 million photos every day. Instagram’s popularity may be down to the fact that it is a social media network like no other, offering a unique visual twist. Unlike Twitter
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cybercrime in the 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE’s Universal Relay (UR) family of power management devices. “Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition,” the agency said in an advisory published
How to Stay Connected and Protected in a Remote Work Environment Advancements in cloud solutions and collaboration tools in recent years, coupled with the necessity of going remote due to the pandemic, have empowered today’s workforce to choose where they want to work. While the ability to work from anywhere—home, the library, coffee shops or
The approach organizations should take to develop and maintain an effective DevSecOps culture were highlighted by Patrick Debois, director of market strategy at Snyk during a session at the Infosecurity Magazine Online Summit EMEA 2021. Debois firstly emphasized the importance of an organization’s culture in determining the DevSecOps strategy that should be employed. “The CEO and culture of your company will
by Paul Ducklin It’s three weeks since the word HAFNIUM hit the news. The word Hafnium refers to a cybergang who are said to focus on stealing data from pretty much anyone and everyone they can infiltrate, across an eclectic range of industry sectors, and this time they hit a sort-of cybercrime jackpot. The Hafnium
How do you balance the right to repair with the requirement to remain secure? Images of jackbooted, militarized cops descending into dimly-lit basements where appliance techs slap grimy, roughshod parts of doubtful lineage together come to mind in the still-simmering fight – yes, it’s a fight – to allow people to work on the tech
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a “novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated software installed on computers used in K-12 school districts. The focus of this blog is on Netop Vision Pro produced by Netop. Our research
Police in India have arrested 34 people for allegedly impersonating Apple and McAfee employees to con foreign nationals out of their money. The defendants were detained during a March 20 raid on two fake call centers located in the same building in Uttam Nagar, a mostly residential area in southwestern New Delhi. Delhi Police’s Cyber
by Paul Ducklin Just one tiny line of script in your Xcode project – and you’ve been pwned! Learn all about it, and what you can do to avoid supply chain problems if you’re a coder yourself: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback
Why do many organizations have a hard time keeping up with the evolving threat landscape and effectively managing their cyber-risks? Financial services companies have been a popular target for cybercriminals for a long time. Not without good reason, since beyond working with money, financial companies handle a slew of sensitive client data that criminals utilize
Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an “improper input validation” issue in Qualcomm’s Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access
Keep Remote Classes Safe and in Session: What You Need to Know About Netop Vision Pro Distance and hybrid learning environments are now the norm, and it remains to be seen if or when this will change. To adapt, many schools have adopted new software to support remote classroom management. One such platform is Netop
The Ontic Center for Protective Intelligence has launched a new monthly honor program to recognize the pioneers and thought leaders driving the physical security and protection industry. Each month, the program will recognize groundbreaking professionals who have developed either new models or new areas of knowledge, and veteran practitioners who are actively contributing to advancing their industry. Among
The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication Cybercriminals are attempting to take advantage of the popularity of Clubhouse to deliver malware that aims to steal users’ login information for a variety of online services, ESET malware researcher Lukas Stefanko has found. Disguised as the (as yet
Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed “XcodeSpy,” the trojanized Xcode project is a tainted version of a legitimate, open-source project
An advanced persistent threat group (APT) with links to the Chinese government has been blamed for a cyber-espionage attack on Finland’s parliament. The Finnish Security and Intelligence Service (Supo) announced on Thursday that APT31 was behind a cyber-espionage campaign that targeted the Finnish parliament last fall. Security companies including Checkpoint and FireEye have linked APT31’s activities with the state cyber-operations of
by Paul Ducklin Remember when a whole bunch of celebs and top brands apparently went crazy tweeting about Bitcoin? It happened in July 2020, when many prominent blue-badged Twitter accounts suddenly starting sending out scammy cryptocoin messages. Fake tweets were blasted out from compromised accounts belonging to an eclectic range of high-profile people and companies,
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 12
- Next Page »