Security

0 Comments
by Sean Gallagher Internet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise. At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and
0 Comments
Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime.  The DOJ issued a fraud alert on Friday in which it strongly encouraged the public to remain vigilant and urged them not to provide personal information over the phone to anyone claiming to be from the department. An alert
0 Comments
Ransomware could pose a significant threat to the US election infrastructure, as aging software and potentially vulnerable voting machines could be targeted by criminal elements or by foreign-based cyber-attacks. According to NTT Ltd.’s global threat report for September, ransomware could be deployed and lay in wait to be activated on election day, or once voting machines
0 Comments
Warner Music Group has issued a data breach notification following a prolonged skimming attack on an undisclosed number of its e-commerce websites. The cyber-attack was discovered by the multinational entertainment and record label conglomerate on August 5, 2020.  E-commerce websites that are hosted and supported by an external service provider in the US but operated
0 Comments
Marginalized Americans interested in pursuing a career in technology received a boost yesterday with the launch of a free online training program. The Agile Testing Bootcamp is a six-week program geared specifically toward upskilling individuals with non-technical backgrounds to obtain high-paying, high-demand technical jobs in software testing. The program was created by Los Angeles software firm QualityWorks and is
0 Comments
Distributed denial of service (DDoS) attacks against online educational resources are over three times more prevalent in 2020 than they were last year, according to new research by Kaspersky. In a report published today, researchers found that between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350%, compared to the
0 Comments
America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) requiring the development and publication of vulnerability disclosure policies (VDPs).  A BOD is a compulsory direction to federal executive branch departments and agencies for purposes of safeguarding federal information and information systems. BOD 20-01, officially finalized yesterday, requires most executive branch agencies to create a
0 Comments
An American who was employed to moderate disputes on an illegal darknet marketplace has been sentenced to 11 years in prison. Bryan Connor Herrell, of Aurora, Colorado, was hired by AlphaBay to settle arguments between vendors and purchasers.  The site operated by his employers facilitated hundreds of thousands of illicit transactions in which guns, drugs, credit cards
0 Comments
A white supremacist from Florida has been sentenced to 41 months in prison for threatening an African American who announced his candidacy for city council; he was also convicted of cyber-stalking another victim. In April 2020, Daniel McMahon pleaded guilty to using social media platform Gab to threaten a man identified in court as D.G. after learning in January 2019
0 Comments
Google Android users were pestered last week by a series of fake notifications popping up on their devices. According to Paul Ducklin of Naked Security by Sophos’, the string of phony popups first became an annoyance for users of the Google Hangouts app before bothering users of Microsoft Teams. “Users all over the world, and therefore
0 Comments
The Democratic National Committee sent out a nationwide alert on Wednesday warning romance-seeking campaign staffers to be wary of what information they reveal to people they match with on dating apps. Staffers were instructed to “swipe carefully” and to “trust but verify” any facts they were supplied with by prospective partners. They were also told to use
0 Comments
A government ministry in Jakarta has suggested that a recent spate of cyber-attacks against its critics could be an attempt by a third party to turn public opinion against the government.  This month, the Southeast Asia Freedom of Expression Network (SafeNet) recorded six cyber-attacks against high-risk groups such as journalists, academics, and activists.  One attack was on
0 Comments
The United States is trying to forfeit 280 cryptocurrency accounts tied to cyber-attacks on two virtual currency exchanges, which were allegedly perpetrated by North Korean threat actors. According to a civil forfeiture complaint filed by the Justice Department yesterday, malicious actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC)
0 Comments
A joint effort by agencies in the United States and Europe has brought down an online piracy group that cost film production studios tens of millions of dollars in lost revenue. Indictments unsealed yesterday in Manhattan federal court charge Umar Ahmad and Jonatan Correa with copyright infringement conspiracy. A third man, George Bridi, was charged with wire
0 Comments
Cybersecurity professionals want stricter measures to tackle the rising amount of online misinformation and fake domains, according to new research by the Neustar International Security Council (NISC). A new report by NISC found that almost half (48%) of cybersecurity professionals regard these problems as a threat to their enterprise, while the other half (49%) rank
0 Comments
A cyber-attack has shut down virtual classes in a Los Angeles school district two weeks after the FBI issued a cybersecurity warning to schools offering online learning. In a grim foreshadowing of what was to come, FBI supervisory special agent Corey Harris said on August 11: “We want all school districts to be prepared and understand
0 Comments
The first day of online classes at a North Carolina school was memorable for all the wrong reasons after a hacker disrupted a lesson with offensive content.  Virtual classes, taught via Google Meet, began at Lee County High School, Sanford, on Monday, August 17, as part of an effort to slow the spread of COVID-19. 
0 Comments
Cross-site scripting has topped the 2020 list of the 25 Most Dangerous Software Weaknesses compiled by the Common Weakness Enumeration (CWE).  The vulnerability, described by the CWE as “improper neutralization of input during web page generation,” was given a threat score of 46.82.  Describing the dangers posed by cross-site scripting (XSS), CWE wrote: “The attacker could transfer private information,
0 Comments
A new report by Ensono has found that tech conferences are geared specifically toward men and are bad at providing an inclusive experience for women of color. The “2020 Speak Up” report audited 18 major tech conferences from around the world and, in December 2019, surveyed 500 women from the US and the UK who attended a tech conference in
0 Comments
by Younghoo Lee Younghoo Lee is a Senior Data Scientist at Sophos. Together with Joshua Saxe, Sophos Chief Scientist, he recently presented these findings at DEFCON 28 AI Village. Business Email Compromise (BEC), is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn’t,
0 Comments
The Tennessee Bureau of Investigation said yesterday that the number of tips received regarding cybercrimes against children has increased sharply since the outbreak of COVID-19. Speaking to media, TBI Director David Rausch said investigators had received more than twice the usual number of tips concerning this type of cybercrime since the pandemic began.  In 2020, the
0 Comments
Researchers have discovered a sophisticated new peer-to-peer botnet that has been actively breaching Secure Shell servers since January.  FritzFrog, which executes a worm malware written in Golang, was unearthed by a team at Guardicore. The malware deployed by the botnet is multi-threaded and fileless and disconcertingly leaves no trace on the disks of the machines it
0 Comments
Users of Google’s cross-platform web browser Chrome are to be shown a warning when they start to complete a form that may not be secure.  Beginning in M86, Chrome will warn users when they try to complete forms on secure (HTTPS) pages that are submitted insecurely. These forms, which are described on the Chromium Blog