The Weather Channel, based in Atlanta, Georgia, has been hit with a cyber-attack that knocked it off the air for 90 minutes.  On April 18, 2019, the organization took to its Twitter channel to confirm that it had been hit by a “malicious software attack” on its network but as of press time hasn’t released any

by Lisa Vaas User privacy is super-duper important, Facebook has said publicly for years out of one side of its mouth, while on the other side it’s been whispering to third-party app developers to come on in and feast – this user data is tasty. Well, that’s confusing, its own employees have said, according to

After two years of investigating, yesterday Robert S. Mueller III finally released his investigation, Report on the Investigation into Russian Interference in the 2016 Presidential Election. The 448-page report looks into Russian interference specifically but also into any individuals in the US that may have been involved.  Appointed in May 2017 as Special Counsel to the

by Paul Ducklin About a month ago, Facebook owned up to a programming blunder that’s been a top-of-the-list coding “no-no” for decades. The social networking behemoth admitted that it had been logging some passwords in plaintext, saving a record of exactly what your password was, character by character, rather than just keeping a cryptographic hash

A security researcher identified eight unsecured databases that held “approximately 60 million records of LinkedIn user information.” GDI Foundation, where the security researcher is from, is a nonprofit organization with a mission to “defend the free and open Internet by trying to make it safer.” The researcher, Sanyam Jain, contacted Bleeding Computer when he noticed “something

by Paul Ducklin Imagine that you’ve been hit by ransomware. All your data files are scrambled, you’re staring at a ransom note demanding $1000, and you’re thinking, “I wish I hadn’t put off updating that cybersecurity software.” When the dust has settled – hopefully after you’ve restored from your latest backup rather than by paying

The government department that is responsible for implementing the General Data Protection Regulation (GDPR) has committed an email faux pas with UK journalists which could also mean it has broken its own rules.  Flagged by Guardian journalist Alex Hern on Twitter, the email was regarding its announcement on age verification rules on online pornography. Hern tweeted:

by Paul Ducklin In this episode, the Naked Security podcast tells you how to make your web signup forms safer [02’52”], explains how Android phones can be used as security tokens [08’13”], and looks into a Facebook “hidden message” that escaped into the wild [14’04”]. With Anna Brading, Paul Ducklin and Matthew Boddy. This week’s links: Serious Security:

A spear-phishing email campaign targeting government entities in Ukraine could have been active as early as 2014, according to FireEye. In a blog post published on April 16, 2019, FireEye Threat Intelligence found the latest spear-phishing email in early 2019, which included a “malicious LNK file” with PowerShell script to download the second-stage payload from

by John E Dunn For nearly a week, Instagram users have been receiving odd messages from followers expressing shock that their accounts have somehow ended up on something called the “Nasty List.” If you receive one, the message with an embedded link will look something like the following example (the list and placement numbers vary):

The Belgian Centre for Cybersecurity (CCB) has reportedly decided not to issue “a negative opinion” on Huawei following several months of investigation with no concrete evidence found.  According to The Brussels Times, the CCB has been looking for evidence of spying by Huawei. This comes as the Chinese technology company has faced several accusations globally

by John E Dunn Identified as CVE-2018-20250, an ancient WinRAR vulnerability made public in February is now well on its way to becoming one of the most widely and rapidly-exploited security flaws of recent times. The latest evidence is a report from Microsoft’s Office 365 Threat Research team which identified it as being used by

Matrix users are encouraged to change their passwords after an unauthorized actor gained access to the servers hosting Matrix.org. Those using IRC bridging are also encouraged to change their NickServ passwords. An open network for secure, interoperable, decentralized, real-time communication over IP, Matrix is used across instant messaging, VoIP/WebRTC signaling and internet of things (IoT)

by Paul Ducklin Last week, we wrote about a New Zealand family that stumbled across a snoopy spycam in an AirBnB they’d paid for while vacationing in Ireland. The Emerald Isle is a long way from the Land of the Long White Cloud, so they couldn’t just cut their holiday short, get in the car

Email automation and delivery service Mailgun, announced that it has resolved a security incident that resulted from a massive coordinated attack against WordPress sites. “The mailgun.com webpage began issuing redirects to sites outside of our domain. We immediately launched an incident to determine the source of the redirects and determined that a plugin for WordPress

by Danny Bradbury A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race. The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution

Researchers at GreatHorn have identified what they are calling a widespread attack in which attackers spoofed both the Microsoft brand in the display name and the Barracuda Networks brand in the return path and received headers, with the goal of stealing credentials. The team identified an attack notable in that the return path spoofs a

by Paul Ducklin Julian Assange, founder of whistleblowing organisation WikiLeaks (or co-founder, depending on whom you ask) , and arguably Ecuador’s most famous Londoner (or infamous, depending on whom you ask), is in custody following his arrest yesterday. Assange rose to fame by leaking secret government documents that the WikiLeaks organisation acquired from a wide

Kicking off the second day of the ISC West 2019 conference in Las Vegas, keynote speaker Russ Butler, VP of security for the San Francisco 49ers and Levi’s Stadium, talked about the evolution of the ever-changing stadium security landscape in his talk, “Stadium Security: As It Was, Where It Is and Where It Is Going.” Butler

by Paul Ducklin Spamming is a word we all know and an activity we all loathe – it’s when crooks blast out unwanted emails for products we don’t want at a price we won’t pay from from suppliers we’ll never trust. And the word spam has given us related terms such as SPIM for spam

Advances in machine learning and artificial intelligence (AI) are driving investments from the Department of Homeland Security (DHS) science and technology directorate (S&T) with the goal of enhancing security and resiliency in public safety, transportation and communications, according to William N. Bryan, acting under secretary of S&T, who delivered the opening-day keynote speech at the

by Paul Ducklin The Naked Security podcast reveals how long you can expect to go unnoticed online [01’25”], explains why we still have applications where every bit matters [13’05”], and comes up with a new vocabulary for “data loss” on the scale of MySpace’s music file implosion [17’07”]. With Anna Brading, Paul Ducklin, Matthew Boddy

Researchers suspect that a new stealer malware dubbed Baldr, first detected in January, has incorporated three known threat actors, according to Malwarebytes. In today’s blog post, researchers said that Baldr has earned positive reviews on Russian hacking forums for its use of three threat actors: Agressor for distribution, Overdot for sales and promotion and LordOdin for development.

by Matt Boddy If you have an IoT device in your home, you could be receiving an average of 13 login attempts to these devices per minute. That’s what I found in my latest research project. Over the past 3 months, I’ve setup and monitored 10 honeypots located across 5 different continents. These have been

With the use of deep learning, researchers Yisroel Mirsky, Tom Mahler, Ilan Shelef and Yuval Elovici at Cyber Security Labs at Ben-Gurion University demonstrated in a video proof of concept (PoC) that an attacker could fool three expert radiologists by falsifying CT scans, inserting or removing lung cancer, the Washington Post reported.  “In 2018, clinics and

by Lisa Vaas Last week, malicious code was slipped into Bootstrap for Sass, the free, open-source, very popular, and widely deployed front-end web framework. The good news: the good guys stamped it into oblivion lickety-split. According to the timeline provided by Snyk – a company that provides tools to find and fix known vulnerabilities in

Regulators in Australia are cracking down on social media sites in the aftermath of the deadly shooting at two mosques in Christchurch that killed 50 people, according to Reuters. The Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 would prohibit social media sites and internet or hosting services from allowing “abhorrent violent material.” Such material would

by Lisa Vaas Should you “share, share, share” the “urgent warning” that hackers are “posting sexual videos and pictures on your walls” that are completely invisible to you? No, you should not sharedy-sharedy-SHARE-share-share, because this latest viral Facebook copy-and-paste-me warning is just another social media sneeze, spreading its hoaxy germs in spite of the fact

Researchers at Cisco Talos detected an excess of 70 Facebook groups that have been selling black-market cyber-fraud services, some of which have managed to remain on Facebook for up to eight years, according to a Talos Intelligence blog post. For several months, researchers have been investigating online criminal flea markets on Facebook, discovering a collective

by John E Dunn Cybercriminals are reportedly exploiting a critical flaw in the Magento e-commerce platform only days after it was made public by the researchers who discovered it. Scoring a 9.0 on CVSS, the bug doesn’t yet have a CVE number to identify it but Magento refers to its patching list as PRODSECBUG-2198 (the