Santa will soon come down the chimney, but there are potential entry points into your home and digital life that you should never leave open Many of us associate early December with the first snowfall, Holiday preparations and the beginning of Advent. And what better way to celebrate the preparations for the most wonderful time

Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds Earlier this year, Apple patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range. However, details about the flaw, which was

ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox ESET researchers found a previously undocumented backdoor and document stealer. Dubbed Crutch by its developers, we were able to attribute it to the infamous Turla APT group. According to our research, it was used from 2015 to, at least, early

Without ever setting foot in the lab, a threat actor could dupe DNA researchers into creating pathogens, according to a study describing “an end-to-end cyber-biological attack” Researchers have described a theoretical cyberattack that could be used to dupe unsuspecting scientists into producing dangerous biological substances, toxins and synthetic viruses. The paper, authored by researchers from Israel’s

Are mobile payments and digital wallets safe? Are the apps safer than credit cards? What are the main risks? Here’s what to know. While cash transactions aren’t going anywhere anytime soon, the convenience of electronic payment solutions has been steadily growing in popularity over the years. According to a recent survey by the US Federal Reserve,

Here’s what to know about attacks where a fraudster has your number, literally and otherwise SIM swap scams have been a growing problem, with fraudsters targeting people from various walks of life, including tech leaders, and causing untold damage to many victims. Here’s why you should be on the lookout for attacks where someone can

The operation was carried out against fraudsters trying to monetize stolen credit card data on the internet’s seedy underbelly Europol and several national law enforcement agencies have teamed up to disrupt trade in stolen credit card data on the dark web, ultimately preventing around €40 million (US$48 million) in losses for both consumers and financial

The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently The Federal Bureau of Investigation (FBI) has issued a warning about domains designed to spoof the Bureau’s official website, fbi.gov. The alert lists more than 90 such fraudulent websites that have been registered recently. “The FBI observed unattributed cyber actors

This won’t be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree Researchers have found an unsecured internet-facing database containing over 380 million individual records, including login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. The exposed records included a variety

The peace of mind that comes with connected home security gadgets may be false – your smart doorbell may make an inviting target for unwanted visitors Smart doorbells commonly found on marketplaces such as Amazon and eBay contain serious vulnerabilities that expose their owners to a host of security and privacy threats, according to an

From the impact of the pandemic on cybersecurity careers to workers’ job satisfaction, the report offers a number of interesting findings For the first time on record, the cybersecurity workforce gap has shrunk, the 2020 (ISC)2 Cybersecurity Workforce Study has found. While companies have been facing a plethora of new security challenges due to the COVID-19-powered

They’re supremely easy to remember, as well as easy to crack. Here’s how to improve your password security. Cybersecurity experts often share advice about the do’s and don’ts of passwords as a vital part of good cyber-hygiene practices. And yet, annual roundups of the most common passwords show that many of us continue to prioritize

The information at risk of theft due to API flaws included people’s pictures, locations, dating preferences and Facebook data Security vulnerabilities in Bumble, one of today’s most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs – which affected Bumble’s application programming interface (API) and stemmed

ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software ESET telemetry data recently led our researchers to discover attempts to deploy Lazarus malware via a supply-chain attack in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates

Sharing is caring – except when it isn’t. Here’s why you shouldn’t share your password for online media services with other people. If I were to ask you if you share your email account password with anyone else, the vast majority of you would probably say “absolutely no chance!”… but when it comes to media

Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by hundreds of thousands of

Looking for vulnerabilities, securing systems or dismantling them, these are all viable career paths in the cybersecurity industry. Could one of them be right for you? The abundance of cyberthreats and shortage of skilled professionals, as well as competitive salaries and interesting job descriptions, are some of the reasons why a career in cybersecurity remains

The last three weeks have seen a bumper crop of patches for zero-day bugs across software from Google, Apple and Microsoft Google has patched two new zero-day vulnerabilities in its Chrome web browser, bringing to five the number of fixes for actively-exploited bugs in the browser over the past three weeks. “Google is aware of

The second Tuesday of the month brings another fresh batch of fixes for security vulnerabilities in various Microsoft products It’s that time of the month again when Microsoft rolls out patches for security vulnerabilities in Windows and other software. This time round, the patch bundle brings fixes for no fewer than 112 security vulnerabilities, including

The cache of data sitting wide open on a server included full names, national ID numbers and credit card data A wide range of sensitive information of millions of hotel guests has been discovered sitting on an unsecured server and accessible for anyone to view. The data was stored on a misconfigured Amazon Web Services

The vulnerabilities, which are all being abused for targeted attacks, affect a long list of devices Just days after Google disclosed an actively-exploited bug in Windows and discovered and squashed two zero-day bugs in its Chrome web browser, Apple has released patches of its own to fix three zero-day vulnerabilities under active attacks. The trio

Could a career in cybersecurity be right for you? – Google discloses a zero-day bug in Windows – Video game maker Capcom suffers a breach This week, we marked Antimalware Day and on this occasion we looked at the global cybersecurity workforce gap and some of the ways in which it could be plugged. Google

The developer of popular video game franchises took swift action to prevent the attack from spreading further across its systems Japanese video game developer Capcom has disclosed that it was the victim of a cyberattack that affected some of its systems. The publisher of a long list of popular franchises, including Street Fighter and Resident

There’s no shortage of opportunities for cybersecurity professionals and people looking to break into this field of endeavor. Could this also be the right career path for you? You’re most probably aware of the unbalanced equation between demand and supply in cybersecurity workforce, a fact all the more dire when you consider the myriad hazardous

The updates come on the heels of news of attacks exploiting another zero-day in Chrome in tandem with a previously-unknown Windows flaw Two weeks after patching an actively-exploited vulnerability affecting Chrome for desktop, Google is squashing another zero-day bug in the browser’s version for Windows, macOS, and Linux, as well as pushing out an update

The security hole isn’t expected to be plugged until the forthcoming Patch Tuesday bundle of security fixes Google’s Project Zero researchers have disclosed details about a zero-day vulnerability in Windows that they say is being exploited by attackers. The memory-corruption flaw resides in the Windows Kernel Cryptography Driver (cng.sys) and, according to Google, “constitutes a

Better IoT security and data protection are long overdue. Will they go from an afterthought to everyone’s priority any time soon? As October draws to a close, so does Cybersecurity Awareness Month, and we can all sit back and congratulate each other on a job well done and forget about the need to think about

Just in time for Halloween, we look at the haunting reality of data breaches and highlight five tales that spooked not only the cyber-world Halloween, the scariest day of the year, is upon us! However, traditional observations of the popular holiday may be hindered by the pandemic raging outside. Instead of children roaming the streets

As Election Day draws near, here’s a snapshot of how this election cycle is faring in the hands of the would-be digitally meddlesome We’ve been talking about election security for months now. With the current pre-election fever pitch in the U.S., there almost couldn’t be a stronger focus on getting it right; indeed, it could

The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago Although Microsoft issued a patch for the critical SMBGhost vulnerability in the Server Message Block (SMB) protocol back in March, over 100,000 machines remain susceptible to attacks exploiting the flaw. This wormable Remote Code