Security

0 Comments
Printers around the world appear to have been hijacked again with a message to subscribe to a popular YouTube vlogger, and improve their cybersecurity. Those behind the attack are thought to be the same ones that managed to get a message in support of social media star PewDiePie printed out on 50,000 machines last month.
0 Comments
Law enforcement agencies across the country spent the better part of yesterday evening investigating a slew of bomb threats delivered by email to businesses and universities across the US and Canada. The hoax email warning that an explosive device was in the recipient’s place of work evoked fear among many Americans yesterday, according to KrebsonSecurity.
0 Comments
by Lisa Vaas Facebook filed a patent, titled “Offline Trajectories,” last week in which it proposes predicting users’ “location trajectories” – in other words, where we’re likely headed. Knowing when we’re about to hurtle into a no-WiFi-connection limbo means Facebook can “prefill” our phones with content and ads. It knows enough to know a lot more
0 Comments
An unprotected ElasticSearch server led to a potentially massive data leak for a popular avatar app maker, Boomoji. The app, which is based in China and has 5.3 million users across the globe, allows iOS and Android users to create 3D avatars. The personal data of its entire user base was exposed after Boomoji reportedly left
0 Comments
by Danny Bradbury Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too. Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site.
0 Comments
Unpatched security vulnerabilities remain the biggest threat to UK retailers as they increase spending to mitigate risk during the busy Christmas shopping period, according to Infoblox. The security vendor polled 3000 consumers and retail IT professionals across Europe and the US to better understand their attitudes to data security during December. In the UK, the
0 Comments
The Chinese government is responsible for the massive breach recently disclosed by Marriott International, according to new reports. Two people briefed on the ongoing investigation told the New York Times that the attackers are suspected of working for China’s sprawling Ministry of State Security (MSS). The hack, it is claimed, was part of a major
0 Comments
Security researchers have discovered a major targeted attack campaign aimed at stealing info from scores of mainly English-speaking organizations around the world and using source code from the infamous Lazarus Group. What McAfee has dubbed “Operation Sharpshooter” targets government, defence, nuclear, energy and financial organizations, mainly in the US but also the UK, Canada, Australia,
0 Comments
New research has revealed a dearth of qualified cybersecurity staff in the NHS and low levels of spending on in-house training for employees. RedScan received Freedom of Information (FOI) responses from 159 trusts between August and November. It found that nearly a quarter of trusts have no qualified security professionals working in-house despite some of
0 Comments
by John E Dunn What’s the safest way for a criminal to buy counterfeit banknotes? Curiously, it’s not necessarily from the dark web, as 235 people now “detained” by police have just discovered. According to Europol, between 19 November and 3 December police forces in 13 countries searched 300 properties, uncovering caches of drugs, guns
0 Comments
Over two-thirds of UK firms have fallen victim to a cyber-attack over the past year, with many claiming they don’t get enough guidance from the government on how to combat threats, according to RedSeal. The security vendor polled over 500 UK IT professionals from mainly SMBs to better understand their cyber-resilience levels. Some 68% claimed
0 Comments
According to the EU GDPR (General Data Protection Regulation) Implementation Review Survey conducted by IT Governance, six months after the GDPR went into effect, the majority of organizations are failing to implement the mandatory regulations. The study included 210 responses from participating organizations ranging in size from fewer than 10 to more than 1,001 employees from across
0 Comments
A series of cyber-robbery attacks have been targeting financial organizations in Eastern Europe, according to new research from Kaspersky Lab. Researchers found that the series of attacks, dubbed DarkVishnya, have affected at least eight banks in the region, with estimated losses running into the tens of millions of dollars. Based on data collected through Kaspersky Lab’s
0 Comments
by John E Dunn If you’re among the holdouts still running Flash, you have some more updating homework to do. Adobe has issued an out-of-band patch after researchers spotted a Flash zero-day flaw being exploited in the wild. The discovery was made by Qihoo 360 which on 29 November noticed a targeted APT (Advanced Persistent
0 Comments
Over two-fifths of organizations have fallen victim to a so-called Business Process Compromise (BPC) attack, despite widespread ignorance from senior execs about the threat, according to Trend Micro. The security giant polled over 1100 IT decision makers responsible for security across the UK, US, Germany, Spain, Italy, Sweden, Finland, France, Netherlands, Poland, Belgium and the
0 Comments
by Paul Ducklin On the Naked Security podcast this week: Marriott’s huge and scary data breach, a bug in software management software could be a data thief’s goldmine, and a self-righteous “hacker” prints out an advert on 50,000 internet printers. With Anna Brading, Mark Stockley, Matthew Boddy and Paul Ducklin. LISTEN NOW (Audio player above
0 Comments
Speaking at Black Hat Europe in London, Nahman Khayet, security researcher and Shlomi Boutnaru, CTO at Rezilion, explored the current cybersecurity skills shortage and its link to the education system. Khayet explained that there are three main characteristics of security experts, which are ‘thinking outside the box,’ ‘adversarial thinking’ and ‘technical knowledge.’ He also cited
0 Comments
Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files. Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help them recover from ransomware like Dharma/Crisis, for which there is no known
0 Comments
There has been an increase in the volume of cybercrime incidents reported to English police of 14% over the past two financial years, according to a new report. Think tank Parliament Street filed Freedom of Information (FOI) requests with the country’s police forces, asking for a breakdown of Computer Misuse Act crimes which involve hacking,