Attention! If you use Amazon’s voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. Cybersecurity researchers today disclosed severe security vulnerabilities in Amazon’s Alexa virtual assistant that could render it vulnerable to a number of malicious attacks. According
The personal health information (PHI) of over 72,000 Walgreens customers has been exposed after looters broke into nearly 200 stores and stole prescriptions. America’s second-largest pharmaceutical chain contacted impacted customers in July to disclose the data breach. Walgreens spokesperson Jim Cohn told the Philadelphia Inquirer that 180 Walgreens stores had been looted but declined to state which
Another in our occasional series demystifying Latin American banking trojans In this installment of our series, we introduce Mekotio, a Latin American banking trojan targeting mainly Brazil, Chile, Mexico, Spain, Peru and Portugal. The most notable feature of the newest variants of this malware family is using a SQL database as a C&C server. Figure
by Paul Ducklin An article published on the open-to-allcomers blogging site Medium earlier this week has made for some scary headlines. Written as an independent research piece by an author going only by nusenu, the story is headlined: How Malicious Tor Relays are Exploiting Users in 2020 (Part I) [More than] 23% of the Tor
A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called ‘ReVoLTE,’ that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The attack doesn’t exploit any flaw in
Security researcher Kristin Paget, known in the cybersecurity industry as Hacker Princess, has won the (ISC)² Diversity Award. US resident Paget was among the 2020 Global Achievement Awards honorees named today by the world’s largest nonprofit association of certified cybersecurity professionals. The annual awards recognize and celebrate the most outstanding annual and lifetime achievements in the field of cybersecurity.
The price tag is higher if the incident exposed customer data or if it was the result of a malicious attack, an annual IBM study finds The average cost of a data breach has declined by 1.5% year-over-year, costing companies US$3.86 million per incident, according to IBM’s 2020 Cost of a Data Breach Report. The annual
Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month’s Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity. In a nutshell, your Windows
An apparent glitch is preventing a number of users from signing into their accounts A number of Twitter users from around the globe report experiencing problems when attempting to log into their accounts. The microblogging site is investigating what seems to be a glitch in its verification systems that is affecting some people who utilize
Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published today. A survey commissioned by Tripwire and carried out last month by Dimensional Research found that 93% of security professionals were concerned that human error could result in the accidental exposure of their cloud data. Despite their concern over
With the big voting day rapidly approaching, can the security of the election still be shored up? If so, how? Following the Black Hat keynote about voting security, we wonder how fixing elections might be possible in the next few months amidst pressure of U.S. elections rapidly approaching, requiring massive, coordinated effort at immense expense.
by Paul Ducklin So far this year, the use of facial recognition by law enforcement has been successfully challenged by courts and legislatures on both sides of the Atlantic. In the US, for example, Washington State Senate Bill 6280 appeared in January 2020, and proposed curbing the use of facial recognition in the state, though
Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees’ mobile devices remotely. Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities. It allows companies to control
An Australian woman has been jailed for her part in the theft of XRP cryptocurrency worth nearly $400,000. Kathryn Nguyen was arrested in October 2018 for pulling off a crypto-heist with an associate. The 25-year-old was one of the first people in Australia to be charged with the theft of cryptocurrency. The theft of 100,000
by Naked Security writer Read the latest articles: Business Email Compromise – fighting back with machine learning Porn blast disrupts bail hearing of alleged Twitter hacker GandCrab ransomware hacker arrested in Belarus Servers at risk from “BootHole” bug – what you need to know Watch the latest Naked Security Live video: (Watch directly on YouTube
If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password
A Hawaii man has admitted sending over 500 unwanted visitors to the home of a Utah family in a case police have described as “stalking on steroids.” Loren M. Okamura was arrested in December 2019 on charges of cyber-stalking, making interstate threats, and transporting a person over state lines for the purpose of prostitution. The 44-year-old entered
Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider Is yet another data breach newsworthy enough to write a blogpost? Probably not, unless there is a personal connection or something interesting. In the case of Blackbaud, for me, there are both. The majority of
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and
Illegal TV subscription services in the United States have grown into a billion-dollar industry, according to new research jointly released yesterday by Digital Citizens Alliance and NAGRA. The investigative report Money for Nothing reveals the existence of a sophisticated piracy ecosystem made up of thousands of retailers and wholesalers. This nefarious network steals from creators and circumvents legitimate TV operators
Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? According to the World Bank, small and medium-sized businesses (SMBs) play a huge role in most economies, accounting for 90% of businesses worldwide and representing over 50% of employment. These are businesses that range from family-owned restaurants, through
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. “The idea is simple and consists of using characters that look the same in order
The world’s largest online cybersecurity career development platform has released a second installment of free educational courses. Cybrary made a clutch of courses free in July in a bid to support people who are considering a career in cybersecurity and those impacted professionally by the ongoing COVID-19 pandemic. A Cybrary spokesperson said: “These free courses aim to
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware Stadeo is a set of tools primarily developed to facilitate analysis of Stantinko, which is a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and
by Paul Ducklin If you’re interested in artificial intelligence (AI) and how it can be used in cybersecurity… …here’s a DEF CON presentation you’ll like, coming up this weekend! DEF CON is perhaps the ultimate “come one/come all” hackers’ convention, now in its 28th year, and it famously takes place in Las Vegas each year
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought From KrØØk to finding related vulnerabilities KrØØk (formally CVE-2019-15126) is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.
Britain’s National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May. The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach. National Trust data exposed as a result of the ransomware attack
The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared The United States’ National Security Agency (NSA) has published guidance on how to reduce the variety of risks that stem from having your location tracked when using smartphones, IoT devices, social media and mobile apps.
by Paul Ducklin One of the alleged Twitter hackers faced a bail hearing in a Florida court yesterday. ICYMI, the Twitter hack we’re referring to involved the takeover of 45 prominent Twitter accounts, including those of Joe Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a laundry list of others with huge numbers