Month: February 2020

The deadline for filing taxes in the United States is eight weeks away, but new research has shown that small businesses are already being hit by tax season–related cyber-attacks. Research conducted by Proofpoint indicates that attackers are “aggressively jumping into tax season,” with the deployment of two main attack strategies.  The first strategy is to send tax-themed emails
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. While anomaly detection and reporting are the primary functions, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.
A 19-year-old American man has been arrested for allegedly engaging in a six-year cybercrime wave that involved swatting, computer fraud, and the stalking of multiple victims, including a New York schoolgirl. Tristan Rowe was arrested on February 12 after allegedly threatening to kill one victim and bomb their school. Cops say he sent multiple disturbing messages to
by Paul Ducklin If you’re a regular Naked Security reader, you’ll know that we’ve been fans of HTTPS for years. In fact, it’s nearly nine years since we published an open letter to Facebook urging the social networking giant to adopt HTTPS everywhere. HTTPS is short for HTTP-with-Security, and it means that your browser, which
During a 2018 incident response engagement, Secureworks® analysts discovered strong evidence of a Russia-based espionage group using ‘man-on-the-side’ techniques to install malware on targeted networks. The threat actors used the same techniques in other incidents as well. This type of attack can undermine the integrity of the Internet’s fundamental communications infrastructure. What is a man-on-the-side
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed “Fox Kitten,” the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and
British police have been investigating children as young as six over their involvement in sexting offenses.  Figures released by London’s Metropolitan Police Service reveal that between January 2017 and August 2019, a total of 353 children aged from six to thirteen were investigated in relation to sending and receiving sexual images.  Sexting investigations involving children under
By Securing, managing and monitoring an enterprise IT infrastructure requires meticulous planning. Rather than create a framework from scratch, there are several publicly available methodologies security leaders can adopt to benefit their own infosec programs. One of the more high-profile examples of available frameworks is known as the zero-trust model. This model differs from other
The LYCEUM threat group targets organizations in sectors of strategic national importance, including oil and gas and possibly telecommunications. The activity observed by Secureworks® Counter Threat Unit™ (CTU) researchers focuses on obtaining and expanding access within a targeted network. CTU™ research indicates that LYCEUM may have been active as early as April 2018. Domain registrations
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ‘ThemeGrill Demo Importer‘ that comes with free as well as premium themes sold by the
The alleged source of a series of information leaks that rocked soccer and sparked an FFP investigation into the finances of Manchester City Football Club is to be tried before a Portuguese court. An appeal lodged by Portuguese national Rui Pinto to have the accusations against him dismissed as “unfounded” was rejected earlier this month
Secureworks® Counter Threat Unit™ (CTU) researchers continually monitor the TrickBot botnet operated by the GOLD BLACKBURN threat group. A key feature of TrickBot is its ability to manipulate web sessions by intercepting network traffic before it is rendered by a victim’s browser. TrickBot has targeted hundreds of organizations, mostly financial institutions, since it began widespread
That’s for apps from third-party marketplaces; another 790,000 policy-breaking apps were stopped from reaching Google Play Strengthened app safety policies, a better developer approval process, and enhancements to its machine learning detection system made the Google Play Store an even more secure place last year, according to Google’s 2019-in-review blog post this week. “Last year,
Indicator Type Context Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations Domain name Hosting phishing website used by COBALT DICKENS for August/July 2019 operations Domain name Hosting phishing website used by COBALT DICKENS
A Chattanooga, Tennessee, information technology infrastructure and cybersecurity consulting firm has unveiled an $8m expansion plan that will see its workforce double by 2023. Currently, the Conversant Group operates with 46 employees from its headquarters on Cowart Street. On Monday, the company’s president and chief listening officer, John Anthony Smith, revealed plans to relocate the firm to a new site
On May 31, 2019, the developers of the highly profitable GandCrab ‘ransomware-as-a-service’ announced that they were retiring after earning over $2 billion USD since January 2018. The news was met with interest and skepticism within the security community, as multiple affiliate groups regularly conducted extremely successful GandCrab campaigns since its inception. After analyzing the threat