Streaming media feature among services that take the spotlight in a report on credential-stuffing attacks in 2018 Hackers made 30 billion attempts last year that involved testing out purloined or leaked login details en masse in a bid to invade other people’s online accounts, reads a report by content delivery network provider Akamai. In automated attacks

Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users Early in March 2019, a new macOS malware sample from the OceanLotus group was uploaded to VirusTotal, a popular online multi-scanner service. This backdoor executable bears the same features as the previous macOS variant we looked

How can smaller businesses address their cybersecurity risks without the resources of large organizations? There are a lot of challenges to being a small-business owner, including safely managing technology. Every risk can have an outsized effect on your ability to stay in business. And resources for protecting your business are often geared towards much larger

The databases, sitting unprotected on cloud servers, contained reams of information amassed by two apps integrated with the social network Two caches of data on millions of Facebook users were recently discovered sitting unprotected on cloud-computing servers. In one security lapse, no fewer than 540 million records on Facebook users were found lying around in

Aren’t we just making it too easy for online followers to become real-life trackers with the amount of open data we are posting online? Cyber-stalking has never been so widespread: it’s increasingly easy for stalkers to watch, analyze and even physically follow their victims. In extreme cases, we have seen murders as a result after

Bithumb believes that, unlike in the past, this theft was the work of rogue insiders Major South Korea-based cryptocurrency exchange Bithumb has announced that it was hit by a heist that impacted its own virtual coins. The exchange didn’t say how much was lost. However, ZDNet wrote that cryptocurrency insiders tracked down the outgoing transactions from

World Backup Day is a reminder that organizations and individuals need to make data backup and protection a priority The loss of data – whether a result of human error, technological failure, or a cyberattack – is one of the greatest threats to organizations and individuals today. In our increasingly digitized world, we rely on our

After he was fired for poor performance, the ex-employee was back with a vengeance, literally A British man has been sent to prison for two years after he wiped out his ex-employer’s business-critical data in cloud storage, according to a report by the United Kingdom’s Thames Valley Police. Steffan Needham, of Bury, Greater Manchester, worked

More trouble in dark markets? A notorious black-market bazaar announces plans to close up shop on the same day as police announce the arrests of 61 people Law enforcement from Europe, the United States and Canada have announced the results of a recent international operation against dozens of people who reportedly sold and bought illicit

Cyberblackmail/sextortion again raises its not-so-pretty little head Vox Emptoris: “Voice of the Customer” For more than 30 years, I’ve had the privilege of assisting people get rid of viruses and other malicious software.  In the course of doing so, I’ve often been asked questions about computer security-related topics that are not product-specific.  Some are simple or

The electric automaker is working to release a fix for the underlying vulnerability in a matter of days A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser. Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric

ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar This article will first describe how the OceanLotus group (also known as APT32 and APT-C-00) recently used one of the publicly available exploits for CVE-2017-11882, a memory corruption vulnerability present in Microsoft Office software, and how

More advice for detecting and avoiding sextortion scams Vox Emptoris: “Voice of the Customer” In my previous post, we examined a particular example of a sextortion scam, showing several indications that it was not a threat to be taken seriously.  But that kind of analysis – point-by-point deconstruction – is relatively hard work, and perhaps not

The social network says that the passwords were never exposed externally and that it found no abuse of the glitch Facebook has fixed a bug that caused that the passwords of many of its users were stored in plain text and were visible for the social network’s employees. “As part of a routine security review

Our penchant for plugging in random memory sticks isn’t the only trouble with our USB hygiene, a study shows Many computer users don’t take enough precautions when disposing of their USB sticks, leaving a trove of what is often sensitive information about themselves for the drives’ new owners, a study has shown. Researchers from the

The third penalty that Europe has levied on the tech giant in less than two years brings the total to €8.25 billion European Union (EU) authorities have handed down a €1.49 billion (US$1.7 billion) fine to Google for abusing its dominant position in the brokering of online search adverts, according to a statement by the

It’s prudent to get a security solution for your device, but a test by AV-Comparatives shows why you need to choose judiciously A recent test of anti-malware apps available in Google Play showed that most are not, in fact, worthy of the name and, indeed, the space they take up on the Android device. Independent

Facebook owned Instagram and WhatsApp also affected by unexplained interruption Facebook along with some of its most prominent family of apps were down on Wednesday leaving users around the globe unable to use their favorite services for a prolonged period of time. It was the longest outage in the history of Facebook, but at the

Every year on March 8, we celebrate International Women’s Day to honor the social, economic, cultural and political achievements of women. But we also acknowledge that there is still a long way to go before we’ve truly reached gender parity. This day gives us the opportunity to reflect on how we can achieve that balance.

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software This is not the first time the gaming industry has been targeted by attackers who compromise game developers, insert backdoors into a game’s build environment, and then have their malware distributed as legitimate software. In April 2013, Kaspersky Lab reported that

The repository of email addresses and other records would offer a gold mine of data for scammers Security researchers have discovered a humongous collection of email addresses and other data that was left sitting on the internet with no protection whatsoever. Bob Diachenko revealed late last week that he’d found an unsecured MongoDB server with

Protecting your privacy is no longer just an option but a legal requirement in many parts of the world To protect privacy, you must act securely. Here at RSA, lots of companies are thinking of better ways to do both. But with the explosion of General Data Protection Regulation (GDPR) and related initiatives like the

A bright tomorrow of technical delight, or a dismal future of digital dysfunction? If I had to sum up the 2019 RSA Security Conference in three key words they would be: trust, cybercrime, and victims. Let’s start with trust. Here’s how the opening keynote of the conference was reported: “To avoid a potentially cataclysmic future

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix Two smart alarm systems for cars have plugged critical security holes that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals. If exploited, the vulnerabilities would have enabled anyone to turn

Users should waste no time in updating to the browser’s latest version Google has revealed that the update for Google Chrome, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild. “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted

Some tips that businesses can do to get better at it without breaking the bank Here at RSA Small and Medium Businesses (SMBs) are squarely faced with the daunting task of securing the explosion of IoT devices, now ever-present in the business environment. In the past, IoT in a business setting could largely be ignored,

The latest report from the Anti-Phishing Working Group offers a mixed bag of findings about the phishing landscape in 2018 The Anti-Phishing Working Group (APWG) has released its latest Phishing Activity Trends Report, which shows that the number of fraudulent websites designed to steal people’s sensitive data fell as 2018 went on. The drop –

A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016 A little over a year ago, we looked at how well bug hunting can pay. The tale of an Argentinian teenager now shows that sleuthing for security holes in code can be a lucrative pursuit. Santiago

Following the revelation that a list containing millions of stolen usernames and passwords had appeared online, we tell you a few different ways to find out if your credentials were stolen in that—or any other—security breach In mid-January, researcher Troy Hunt revealed that a list was floating around in the storage space of the MEGA

The organization was the victim of a water-hole attack, likely attributable to the APT LuckyMouse group The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016. Indeed, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of