The Israel Defense Forces (IDF) claim to have thwarted a cyber-attack from Hamas by targeting the building where Hamas cyber operatives work, according to IDF. After the alleged cyber-attack, IDF responded with a physical attack in what Forbes contributor Kate O’Flaherty called “a world first.” According to the commander of the IDF’s cyber division, identified only by his

by Lisa Vaas In December 2018, the CEO of Canada’s major cryptocurrency exchange, QuadrigaCX, allegedly died of Crohn’s disease while in India without telling anybody the password for his storage wallet. Oh, really? Funny, that. Experts say that Crohn’s is hardly likely to kill an otherwise healthy 30-year-old. Nor was there an autopsy. Or, apparently,

In an effort to address the cybersecurity skills gap and create a more resourceful and effective cybersecurity workforce, the US Senate has passed the Federal Rotational Cyber Workforce Program Act of 2019.   In 2017 the Government Accountability Office (GAO) determined that the country’s cyber workforce challenges posed high risk and reported that “the federal government needs

by Paul Ducklin Update. Shortly ater publishing this article we were able to fetch Firefox 66.0.4, which claims to fix this issue by repairing a broken certificate chain. We haven’t yet received notification of an update to the Tor Browser, but we expect to see one soon. [2019-05-05T22:15Z] It’s a long weekend here in the

In advance of the California Consumer Privacy Act (CCPA) going into effect January 1, 2020, researchers analyzed how prepared US organizations are for the new regulations and found that nearly half of all companies will not be ready to comply with CCPA. According to research conducted by the International Association of Privacy Professionals (IAPP) and OneTrust, reputation

by John E Dunn When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram. There’s nothing new in malware piggybacking on popular services but why Twitter and Telegram, and is the recent migration to secure messaging significant?

Since 2017, digital ad spending has increased while fraud losses have declined, according to the fourth annual Bot Baseline Report, published by White Ops and the Association of National Advertisers (ANA). The report found that for the first time more fraud will be stopped than will succeed, suggesting that defenders are gaining ground in the

by Paul Ducklin April 2019 was a good month for bold Belgians! Professsional Belgian cyclist Victor Campanaerts broke the world hour record, covering an amazing, unassisted, undrafted 55km in a velodrome (55,089 metres, in fact) in 60 minutes. The previous record, set by Sir Bradley Wiggins in 2015, had stood for nearly four years. But

Legacy software vulnerabilities have created opportunities for hackers to steal credit card data and other personal information using tiny point of sale (POS) malware, according to research published by Forcepoint. Researchers reportedly analyzed 2,000 samples of POS malware and found that many are handcrafted, written in assembly code and very small; thus, researchers aptly named the

by Paul Ducklin Today is World Password Day, and that means it’s a day that’s all about caring and sharing… …but WITHOUT THE SHARING! We made a short video to catch your attention: (Watch directly on YouTube if the video won’t play here.) None of the passwords in the video seem truly terrible – there’s

Cyber-attacks in the UK grew by an alarming 140% in 2018, according to a cyber-threat landscape report by eSentire that discusses the most impacted industries in the UK and which types of attacks were the most successful. Attacks on IoT devices have also seen significant growth, with “a growing trend in IoT exploits targeting cameras, door

by Maria Varmazis Our whole lives and livelihoods are wrapped up in our data. That data is especially vulnerable at border crossings and in unfamiliar environments. There are plenty of security products available on the internet for the privacy-minded traveler – if you feel like going shopping, a quick search will turn those up for

Organizations continue to face challenges with managing open source risk, according to a new report published today by published today by Synopsys Cybersecurity Research Center (CyRC). The annual Open Source Security and Risk Analysis (OSSRA) Report, analyzed the anonymized data of over 1,200 commercial codebases from 2018 and found that 96% contained open source components, with

by Danny Bradbury When is an address bar not an address bar? When it’s a fake. Security researcher James Fisher has run across a sneaky attack that could fool unwitting mobile users into browsing a phishing site with an address bar displaying a legitimate URL. The trick exploits the way that the Android version of

App developer DO Global, a Chinese developer partly owned by Baidu that generates over a half billion installs, has been banned from Google Play after the store received reports the apps were part of an ad fraud scheme, according to BuzzFeed News. As of April 26, 46 apps from DO Global had reportedly been removed from

by John E Dunn After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software

After Facebook alerted the Data Protection Commission (DPC) that it had found hundreds of millions of user passwords stored in its internal servers in plain text format, DPC launched an investigation to determine whether the company had acted in compliance with the General Data Protection Regulation (GDPR), according to an April 25 press release. According

by John E Dunn What is it about a secure password that makes us think it’s secure? Traditionally, for businesses it’s been things like complexity, minimum length, avoiding known bad passwords, and how often passwords are changed to counter the possibility of undetected compromise. And yet, recently, the last of those orthodoxies – password expiration

The Hong Kong branch of Amnesty International has reportedly been the target of a sophisticated state-sponsored attack believed to have been carried out by a group of hostile threat actors within the Chinese government. An April 25 press release from Amnesty International said the cyber-attack was detected on March 15, 2019, after monitoring tools identified

by Lisa Vaas True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors. The Copenhagen Post quoted Jonathan Jørgensen: It’s difficult to imagine that

After years of requesting a seat at the table, cybersecurity professionals are starting to feel that they see eye to eye with their stakeholders, according to a new report. The AT&T cybersecurity report surveyed 733 security experts at the RSA 2019 conference and found that the vast majority of respondents feel mostly or somewhat in

by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating

A new law in Washington expanded regulations that mandate when consumers must be notified if a malicious actor gains access to their private data, according to a press release from the state’s office of the attorney general (AG). In response to AG Bob Ferguson’s request for legislators to strengthen the state’s data breach notification laws,

by Paul Ducklin A US security researcher has come up with an open-source Windows backdoor that is loosely based on NSA attack code that leaked back in 2017 as part of the the infamous Shadow Brokers breach. The researcher, who goes by @zerosum0x0 online and Sean Dillon in real life, has dubbed his new malware

Across the healthcare sector, ransomware is reportedly no longer the most prevalent security threat, according to new research from Vectra that found attacks decreased during the second half of 2018. The Vectra 2019 Spotlight Report on Healthcare found that internal human error and misuse occur much more frequently than hacking. In addition, a growing number

by Danny Bradbury Malware isn’t the only toxin you can deliver to a computer via a USB key. Just ask Vishwanath Akuthota, who faces a potential ten-year stretch after frying at least 66 computers at his former college. Akuthota originally pled not guilty to intentionally damaging a protected computer at the College of St. Rose, in

The European Parliament has approved plans to boost physical security by implementing a mass identity database, although privacy concerns persist. The Common Identity Repository (CIR) will centralize the personal information of nearly all non-EU citizens in the EU’s visa-free Schengen region. The latter covers the vast majority of the EU except for Ireland and the

by Paul Ducklin Nokia’s funky new phone, known as the Nokia 9 PureView, has some very cool features. Five of them, in fact – five cameras, arranged on the back of the phone like a spider’s eye, capturing 12 megapixels each to make the device a snapper’s delight. The Nokia 9 also includes a fingerprint

During a visit to San Francisco, Singapore foreign affairs minister Vivian Balakrishnan commented that the country cannot “go back to pen and paper. … If people lose confidence in the integrity and security of the system, then all these aspirations cannot be fulfilled.” The comments follow information coming into the open regarding data breaches, one

by Paul Ducklin Last week we wrote about “ransomware from afar” – attacks in which cybercrooks apparently aim ransomware at you across the internet. Whether they hack someone else’s computer on which to run the malware program, or deliberately set up a sacrificial laptop or virtual machine (software-based computer) of their own, the outcome is