Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts
Global IT innovator NTT DATA and payments technology provider Conferma Pay have announced a partnership to bring secure, digital virtual payment communications to hotels. The news comes at a time when more and more companies are seeking to implement contact-free payment processes to help reduce the spread of COVID-19 whilst also bolstering payment security and
by Paul Ducklin We explain how two French researchers hacked the Google Titan security key product (but why you don’t need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music: Edith Mudge. LISTEN
The documents related to COVID-19 vaccine and medications were stolen from the EU’s medicines agency last month The European Medicines Agency (EMA), which evaluates and approves medicines for the European Union (EU), has disclosed that cybercriminals have posted online a portion of the documents that are related to COVID-19 vaccines and were stolen in a
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities
Mimecast has disclosed that some of its customers have been targeted by an advanced attack designed to compromise their Microsoft 365 (M365) environments. The security vendor said in a brief statement yesterday that a “sophisticated threat actor” obtained one of its certificates used to authenticate Mimecast Sync and Recover, Continuity Monitor and IEP products to Microsoft
Co-authored by Sally Adam and Doug Aamoth Many pupils are starting their new school term from home rather than the classroom. For families with younger kids, home schooling is often the first time that their children have needed to use computers (rather than gaming consoles) in earnest. Whether you’re new to home schooling, going back to it after a break, or an old hand, it’s worth
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
Social media company Twitter has cited the recent protests at the United States’ Capitol building in its decision to permanently suspend tens of thousands of user accounts. On January 6, protestors forced their way into the Capitol building, interrupting a Joint Session of Congress in which the results of the 2020 US presidential election were
by Paul Ducklin Here’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential. Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what’s making the news. Here are 5 common scams you should look out for. Cybercriminals can be very creative when it comes to swindling people out of money. They will use a variety of methods to
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL
Bridewell Consulting has announced the appointment of Martin Riley as its director of managed security services. Riley, who has joined Bridewell’s board from today, is tasked with leading the expansion of the cybersecurity and data privacy consultancy’s managed security service (MSS) portfolio. This includes its 24/7 security operations center (SOC) and managed detection and response (MDR)
by Paul Ducklin In July 2018, after many years of using Yubico security key products for two-factor authentication (2FA), Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented
A cyber-attack on a Vermont healthcare provider has delayed the rollout of an electronic health record (EHR) system and cost millions of dollars in lost revenue. The University of Vermont Health Network, which is based in Burlington, was hit by ransomware in October 2020, and is yet to make a full recovery. Most computer systems have
The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. “On December 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global
A Russian hacker who was instrumental in one of the largest thefts in history of US customer data from a single financial institution has been sentenced to prison. Moscow resident Andrei Tyurin, also known as Andrei Tiurin, was part of an international hacking campaign that compromised the computer systems of major financial institutions, brokerage firms, news agencies,
Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems Google and Mozilla are each urging users to patch serious vulnerabilities in their respective web browsers, Chrome and Firefox, that could be exploited to allow threat actors to take over users’ systems. The security fixes will be rolled out
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in
The notorious Emotet Trojan is back at the top of the malware charts, having had a makeover designed to make it more effective at escaping detection. Check Point’s newly released Global Threat Index for December 2020 revealed that the malware variant bounced back from fifth place in November. It now accounts for 7% of malware
by Paul Ducklin Towards the end of 2020, a researcher at Dutch cybersecurity company EYE was taking a look at the firmware of a Zyxel network router. He examined the password database that shipped in the firmware and noticed an unusual username of zyfwp. That name didn’t show up in the official list of usernames
Many users have until February 8 to accept the new rules – or else lose access to the app In a major update to its Privacy Policy and Terms of Service, WhatsApp is notifying users in many parts of the world that as of February 8 it will share some of their data with Facebook,
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote
Enterprise security firm Panaseer has announced the appointment of Jonathan Gill as its new CEO. Gill succeeds Panaseer founder Nik Whitfield in the role, with Whitfield becoming chairman and chief seer of the organization. Gill brings a proven record of accomplishment in both leadership and sales, with previous roles including VP EMEA at RSA Security,
by Paul Ducklin We advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music: Edith Mudge. LISTEN NOW
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account
Secure Chorus, a not-for-profit membership organization for the development of strategies, standards and capabilities in the field of information security, has announced the transfer of ownership of its interoperability standards for enterprise grade encrypted messaging apps to the European Telecommunication Standards Institute (ETSI). ETSI produces globally applicable standards for ICT-enabled systems, applications and services deployed
It’s hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web More than 500,000 login credentials linked to the employees of 25 leading game publishers have been found for sale on dark web bazaars, according to a report by threat intelligence
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 13
- Next Page »