by Paul Ducklin How did the movie “Hackers” inspire a girl to grow up to become a hacker herself? Find out from security analyst and friendly hacker Keren Elazari. Hear about Keren’s incredible journey, why hackers should be welcomed with open arms, and the inspiration that guided her career. Keren Elazari Interviewer: Kimberly Truong. Special

A man from New York City has been charged with waging a grim cyber-stalking campaign against a female college student.  Desmond Babloo Singh allegedly created over 100 accounts on social media platforms and email services and used them to harass a former classmate of his sister for whom he claimed to have developed romantic feelings.  Nineteen-year-old Singh

by Paul Ducklin A lot of technical articles, especially in the fields of computer science and information security, put you on the horns of a dilemma. To become an expert, you first need to read the article; yet to understand the article, you first need to be an expert. Well, here on Naked Security, we

Dozens of customers of a popular smart doorbell are suing the Amazon-owned manufacturer after their devices were hijacked, according to a new class action lawsuit. The new legal case joins together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them. They allege that

A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be

The UK’s National Cyber Security Centre (NCSC) has issued its first ever guidance for farmers, in a sign of the growing cyber-threat facing rural businesses. Published on Tuesday, Cybersecurity for Farmers is a comprehensive guide to best practices covering everything from spotting suspicious emails and phone calls to password management, device security and the importance

America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over the widespread impact of a recent hacking attack that compromised the SolarWinds Orion software supply chain. The assault on SolarWinds hit the headlines earlier this month after it was discovered and disclosed by researchers at FireEye. The advanced persistent threat (APT) group behind the attack was

American cybersecurity company White Ops announced today that it has been acquired by Goldman Sachs‘ Merchant Banking Division in partnership with ClearSky Security and NightDragon.  Terms of the transaction, which follows Goldman Sachs’ and ClearSky’s initial investment in White Ops earlier this year, were not disclosed. The business was acquired from previous investors Paladin Capital Group, Grotech Ventures, and other shareholders. White Ops was

An ethical hacker from Romania has become the first person to earn $2m in bug bounties through the bounty hunting platform HackerOne. Talented hacker Cosmin Lordache, also known by his HackerOne handle @inhibitor181, hit his first significant earning milestone almost a year ago when he became the seventh person to pass the million-dollar earning milestone by reporting 468

HelpSystems has announced the acquisition of cloud-based data protection provider Vera. The IT software firm said the deal will enable it to expand its data security portfolio and help meet a growing demand for solutions that can protect information throughout the full data lifecycle. This includes data classification, file transfer, data loss prevention and encryption.

by Paul Ducklin How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Rachel Tobac, CEO of SocialProof Security Join us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who

The global cyber insurance market is projected to grow by 21% next year, reaching $9.5bn in value, according to new data by insurance firm Finaria.it. This is as a result of greater recognition of the increasing cyber-threat landscape, exacerbated by the shift to remote working this year. Finaria added that the cyber insurance market is

by Paul Ducklin Thanks to Naked Security reader M Carter for their help with this article. Last week, we warned of a Facebook Messenger scam that used a bogus video to lure you onto a phoney Facebook login page. In that scam, the crooks were using stolen Messenger passwords to phish for yet more Messenger

Microsoft, Google, Cisco and a host of other tech giants have added their names to a legal filing supporting Facebook’s case against controversial spyware developer NSO Group. The social network took the Israeli firm to court after alleging that the latter exploited a vulnerability in WhatsApp which helped its clients spy on over 1400 users globally.

The price of stolen credit card details and cybercrime tools has in many cases seen triple-digit growth over the past two years, according to new dark web research compiled by Flashpoint. The risk intelligence firm trawled some of the more established cybercrime marketplaces across the deep and dark web, across eight categories: from government-issued IDs

by Paul Ducklin Here’s our latest Naked Security Live talk, discussing IM scams and how to avoid them, as well as giving you some pointers on how to think like a scammer and thereby stay one step ahead. Don’t forget that receiving a message from a friend’s account doesn’t always mean your friend actually sent

The Justice Institute of British Columbia (JIBC) has launched a new online Graduate Certificate in Cybercrime Analysis to help meet Canada’s growing demand for professionals with cybersecurity skills. This new post-graduate program has been established to furnish professionals with the advanced knowledge and applied analytical skills necessary to help prevent, detect, and respond to the constantly evolving landscape

by Paul Ducklin We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music: Edith Mudge. LISTEN NOW

A new information sharing and analysis center (ISAC) set up to help American school districts protect themselves against cyber-threats has named its first national director. Heading up the Kindergarten Through Twelfth Grade Security Information Exchange, or K12 SIX, is president of consulting firm EdTech Strategies and the K–12 Cybersecurity Resource Center, Douglas Levin. Levin is the founder of the

by Paul Ducklin The first thing people want to know when there’s a new ransomware story going around is: How much are the crooks asking for this time? Sadly, that is one question that victims themselves don’t need to ask, because the blackmailers who just attacked them will make jolly sure they know the “price”.

UK energy supplier People’s Energy has suffered a data breach affecting its entire database, including information on previous customers. Co-founder of the company, Karin Sode, told BBC News that sensitive personal information of its customers, including names, addresses, dates of birth, phone numbers, tariff and energy meter IDs had been stolen by hackers. Following discovery

by Paul Ducklin If you’ve ever wondered why cybercriminals are interested in your IM passwords… …well, it’s not just so they can sneak into your account and snoop through your personal data with a view to abusing it themselves or selling it on to someone else who will. Access to your account also gives crooks

Three million Google Chrome and Microsoft Edge users could be at risk of data theft and phishing after researchers discovered malware hidden in multiple browser extensions. At least 28 third-party extensions were found to contain malicious JavaScript which could download additional malware, according to Avast. The extensions themselves are mainly designed to help users download

Co-authored by Juan Badell and Russell Petrich As two people for whom creating phishing emails constitutes legitimate employment (we are on the product team behind the Sophos Phish Threat phishing simulation service) we know we’re in the minority. Like our not-so-lawful counterparts, we spend our days using social engineering techniques to trick people into opening

The past 12 months have seen a record number of CVEs published by the US authorities, the fourth year in a row volumes have risen. As of December 15, the number of vulnerabilities in production code discovered and assigned a CVE number by the US-CERT Vulnerability Database, topped the 2019 figure. Last year there were

by Paul Ducklin Here’s our latest Naked Security Live talk, about how to avoid email scams that arrive under the guise of a well-known brand – in this case, global sandwich seller Subway. Watch directly on YouTube if the video won’t play here.Click the Settings cog to speed up playback or show subtitles. Don’t forget

The company at the center of revelations over a widespread Russian information-stealing campaign has said that fewer than 18,000 of its global customers were affected. SolarWinds produces popular software that helps organizations manage their IT networks and infrastructure. However, it was revealed by FireEye that attacks which compromised the security vendor and US government departments

Russian hackers who stole red team tools from FireEye may have been in action on a much broader scale, operating a sophisticated supply chain campaign targeting multiple global organizations and governments. FireEye revealed in an update on Sunday that nation state attackers inserted malicious code into legitimate software for SolarWinds’ popular Orion product to gain

by Paul Ducklin Naked Security’s Paul Ducklin interviews Sophos expert John Shier about his recently published paper, “20 years of cyberthreats that shaped information security“. Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk

Norwegian police have blamed Russian advanced persistent threat (APT) group Fancy Bear for the summer cyber-attack on Norway’s single-chamber parliament, the Storting. In what was described as “a significant attack” by the parliament’s director, Marianne Andreassen, unauthorized individuals managed to gain access to the email accounts of several elected members of parliament and to some accounts belonging