As the teams prepare to battle it out on the gridiron, fraudsters are waiting to intercept your funds One of the most-anticipated sporting events of the year is almost here. Like any popular event, the Super Bowl can be a fertile breeding ground for various malicious actors looking to scam you out of your hard-earned
Month: January 2020
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile
An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from
Payment card information from the Wawa data breach last month has reportedly been put up for sale on a dark web marketplace, though questions remain about the validity of the information and the scope of the breach. The convenience store and gas station chain first disclosed on Dec. 19 a data breach that resulted in
by Alice Duckett This week we discuss 70,000 images being stolen from Tinder, the weleakinfo.com FBI bust and how Sonos annoyed its longstanding customers. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon and producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
No more default logins on new IoT devices if UK legislators get their way I just returned from CES, where virtually every aisle was chock-full of IoT devices. But how secure are they? While we’ve been promoting security on these devices for some time now, IoT developers have been slow to adopt. Lawmakers in California
Remember the recent payment card breach at Wawa convenience stores? If you’re among those millions of customers who shopped at any of 850 Wawa stores last year but haven’t yet hotlisted your cards, it’s high time to take immediate action. That’s because hackers have finally put up payment card details of more than 30 million
A hacker has taken to Twitter to share design secrets they allegedly obtained by compromising American automotive and energy company Tesla. Posting on the account @greentheonly on Friday night, a hacker who calls themself “Green” said that Tesla was planning to introduce new hardware to their S and X model cars. Modifications that Green claims are in the
by Paul Ducklin Apple has just announced its latest round of security updates. As usual, Apple’s fixes arrived unheralded, given the company’s insistence that security fixes are best handled simply by publishing them when they’re ready, rather than following any sort of formal schedule. Not everyone agrees – Microsoft has followed its Patch Tuesday process
Have you had a Google Privacy Checkup lately? If not, when better than Data Privacy Day to audit the privacy of your Google account? Users have become increasingly sensitive about how their data is handled, which in turn means that tech companies face increasing scrutiny. Google, for example, has introduced new privacy features in recent
Facebook is one of the world’s biggest advertising platforms, and that’s because it knows a lot about you, me, and everyone. Facebook uses many tools to track people across the Internet, whether they have an account with the social networking site or not, and most of them rely on the online activity data other apps
The US Securities and Exchange Commission (SEC) has published a 10-page document detailing cybersecurity practices observed to be in use in the financial industry. The observations were gathered by the SEC’s Office of Compliance Inspections (OCIE) and are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants. OCIE
by Paul Ducklin Today is Data Privacy Day. As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It’s a day to think about changes you can make in your digital life that will keep you safer today, and tomorrow, and the day
The league and scores of teams were caught off-guard by the re-emergence of an infamous hacking group Fifteen National Football League (NFL) teams, including this year’s Super Bowl contenders the San Francisco 49ers and Kansas City Chiefs, have had their social media accounts hacked. To add insult to injury, the NFL’s official account on Twitter
Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel’s secured SGX enclave. Dubbed
US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill was introduced on Thursday by Senators Ron Wyden, Zoe Lofgren, Pramila Jayapal, Warren Davidson, and Steve Daines. According to a statement on Wyden’s website, the changes
Corporate data needs to be secure, private and protected. That’s obvious advice, but the steps organizations should take to prevent data security threats and keep their data safe from hackers are much less apparent. This article looks at some of the tactics — both old and new — hackers are using in their attempts to
by Danny Bradbury Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served
Cybercriminals are putting a new twist on an old trick Scammers are combining spoofed company websites and fake job ads to trick unsuspecting job seekers into surrendering their sensitive information and paying fraudulent fees. According to a recent public service announcement by the FBI’s Internet Crime Complaint Center (IC3), fraudsters increasingly post job openings on
Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment? “Decide
London’s Metropolitan Police Service has announced that it will start using live facial recognition (LFR) technology to scan public areas for suspected criminals. After trialing the technology for two years, the Met has said that it will have cameras up and running within a month. The cameras will be linked to a database containing images
by Lisa Vaas New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. Methbot got its name from White Ops,
What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand the common practices, prioritization, and preferences of the organization today in protecting themselves from breaches.
Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC). Safety notices were published yesterday by both the US Food and Drug Administration (FDA) and the US Department of Homeland Security’s Industrial Control Systems—Cyber Emergency Response Team (ICS-CERT) regarding vulnerabilities in certain
by Danny Bradbury The street outside ICANN’s offices in Playa Vista, California, may be a little more crowded than normal. People worried about the .org top-level domain will be there protesting its sale to a private equity firm. They’ll be handing over a petition signed by over 21,000 people to the Internet Corporation for Assigned
The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative
A Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei Burkov admitted operating the Cardplanet website, which sold card data acquired through illegal computer intrusions. Many of the cards offered for sale
A new round of Citrix patches arrived Thursday for the vendor’s Application Delivery Controller and Gateway products as reports of ransomware attacks targeting vulnerable systems emerged. The directory traversal flaw allows an unauthenticated party to perform arbitrary code execution. Originally, the Citrix patches were scheduled for release later this month, but last week the vendor
by John E Dunn Far from protecting the security and privacy of Safari users as advertised, Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave them exposed to a raft of privacy issues, including – ironically – being tracked. That’s the surprising conclusion of a group of Google researchers who this week published a short but
Safari’s anti-tracking feature could apparently give access to users’ browsing habits An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed
- 1
- 2
- 3
- 4
- Next Page »