Cyberblackmail/sextortion again raises its not-so-pretty little head Vox Emptoris: “Voice of the Customer” For more than 30 years, I’ve had the privilege of assisting people get rid of viruses and other malicious software.  In the course of doing so, I’ve often been asked questions about computer security-related topics that are not product-specific.  Some are simple or

The electric automaker is working to release a fix for the underlying vulnerability in a matter of days A duo of white-hat hackers have earned themselves a brand new Tesla Model 3 after exposing a vulnerability in the car’s integrated browser. Richard Zhu and Amat Cam, aka team ‘Fluoroacetate’, managed to break into the electric

ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar This article will first describe how the OceanLotus group (also known as APT32 and APT-C-00) recently used one of the publicly available exploits for CVE-2017-11882, a memory corruption vulnerability present in Microsoft Office software, and how

More advice for detecting and avoiding sextortion scams Vox Emptoris: “Voice of the Customer” In my previous post, we examined a particular example of a sextortion scam, showing several indications that it was not a threat to be taken seriously.  But that kind of analysis – point-by-point deconstruction – is relatively hard work, and perhaps not

The social network says that the passwords were never exposed externally and that it found no abuse of the glitch Facebook has fixed a bug that caused that the passwords of many of its users were stored in plain text and were visible for the social network’s employees. “As part of a routine security review

Our penchant for plugging in random memory sticks isn’t the only trouble with our USB hygiene, a study shows Many computer users don’t take enough precautions when disposing of their USB sticks, leaving a trove of what is often sensitive information about themselves for the drives’ new owners, a study has shown. Researchers from the

The third penalty that Europe has levied on the tech giant in less than two years brings the total to €8.25 billion European Union (EU) authorities have handed down a €1.49 billion (US$1.7 billion) fine to Google for abusing its dominant position in the brokering of online search adverts, according to a statement by the

It’s prudent to get a security solution for your device, but a test by AV-Comparatives shows why you need to choose judiciously A recent test of anti-malware apps available in Google Play showed that most are not, in fact, worthy of the name and, indeed, the space they take up on the Android device. Independent

Facebook owned Instagram and WhatsApp also affected by unexplained interruption Facebook along with some of its most prominent family of apps were down on Wednesday leaving users around the globe unable to use their favorite services for a prolonged period of time. It was the longest outage in the history of Facebook, but at the

Every year on March 8, we celebrate International Women’s Day to honor the social, economic, cultural and political achievements of women. But we also acknowledge that there is still a long way to go before we’ve truly reached gender parity. This day gives us the opportunity to reflect on how we can achieve that balance.

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software This is not the first time the gaming industry has been targeted by attackers who compromise game developers, insert backdoors into a game’s build environment, and then have their malware distributed as legitimate software. In April 2013, Kaspersky Lab reported that

The repository of email addresses and other records would offer a gold mine of data for scammers Security researchers have discovered a humongous collection of email addresses and other data that was left sitting on the internet with no protection whatsoever. Bob Diachenko revealed late last week that he’d found an unsecured MongoDB server with

Protecting your privacy is no longer just an option but a legal requirement in many parts of the world To protect privacy, you must act securely. Here at RSA, lots of companies are thinking of better ways to do both. But with the explosion of General Data Protection Regulation (GDPR) and related initiatives like the

A bright tomorrow of technical delight, or a dismal future of digital dysfunction? If I had to sum up the 2019 RSA Security Conference in three key words they would be: trust, cybercrime, and victims. Let’s start with trust. Here’s how the opening keynote of the conference was reported: “To avoid a potentially cataclysmic future

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix Two smart alarm systems for cars have plugged critical security holes that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals. If exploited, the vulnerabilities would have enabled anyone to turn

Users should waste no time in updating to the browser’s latest version Google has revealed that the update for Google Chrome, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild. “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted

Some tips that businesses can do to get better at it without breaking the bank Here at RSA Small and Medium Businesses (SMBs) are squarely faced with the daunting task of securing the explosion of IoT devices, now ever-present in the business environment. In the past, IoT in a business setting could largely be ignored,

The latest report from the Anti-Phishing Working Group offers a mixed bag of findings about the phishing landscape in 2018 The Anti-Phishing Working Group (APWG) has released its latest Phishing Activity Trends Report, which shows that the number of fraudulent websites designed to steal people’s sensitive data fell as 2018 went on. The drop –

A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016 A little over a year ago, we looked at how well bug hunting can pay. The tale of an Argentinian teenager now shows that sleuthing for security holes in code can be a lucrative pursuit. Santiago

Following the revelation that a list containing millions of stolen usernames and passwords had appeared online, we tell you a few different ways to find out if your credentials were stolen in that—or any other—security breach In mid-January, researcher Troy Hunt revealed that a list was floating around in the storage space of the MEGA

The organization was the victim of a water-hole attack, likely attributable to the APT LuckyMouse group The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016. Indeed, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of

The first virtual concert to take place inside a video game attracted interest not only from players but also from scammers, who tried to take advantage of the huge event by tricking users into buying tickets even though the concert was free At the start of February first ever concert to take place inside a

The service became notorious for its use by ne’er-do-wells looking to make a quick buck by hijacking the processing power of victim machines to generate virtual money Coinhive, a cryptocurrency mining service that rose to infamy after it began to be co-opted for cryptojacking campaigns in 2017, is shutting down. In a short blog post

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution

With FIDO2 certification for Android, Google is setting the stage for password-less app and website sign-ins on a billion devices Android is now certified for the FIDO2 authentication standard, meaning that people who use Google’s mobile operating system may soon be able to forgo passwords when logging into apps and websites on their Android-powered devices,

The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications The Internet Corporation for Assigned Names and Numbers (ICANN) – which supervises the Domain Name System (DNS) – is urging all DNS stakeholders to do their parts in order to enhance the security of one of the internet’s foundations.

Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? If you are an MSP, as in managed service provider, or your organization uses the services of an MSP, then you need to be aware

As the use of this technology grows so does the risk that attackers may hijack it While artificial intelligence (AI) and machine learning (ML) have been transforming various fields of human activity for some time now, their full transformative potential is yet to be realized. ML-based technologies will increasingly help fight fraud, evaluate and optimize

A new report shines some light on multiple aspects of the growing threat of cyber-extortion Criminals are trying to tempt people with promises of six-figure annual rewards in return for help with cyber-extortion campaigns that target high-net-worth individuals, research by the threat intelligence firm Digital Shadows shows. The prospective victims, such as corporate executives, lawyers

And that’s on top of the heartache experienced by the tens of thousands of people who fall for romance scams each year Last week, as couples all over the world celebrated Valentine’s Day, we highlighted the risks of romance fraud. Even with V-Day safely behind us, it’s important to remain on high alert for online