by Paul Ducklin According to reports, Minnesota-based business travel company CWT is the latest victim of the latest trend in ransomware. In fact, we’re probably at the point where we need to stop calling them just “ransomware” attacks, because it’s increasingly common that there’s a lot more to these attacks than just keeping you out
Month: July 2020
A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam. According to the U.S. Department of Justice, Mason Sheppard, aka “Chaewon,” 19, from the United Kingdom,
An American researcher has admitted stealing scientific trade secrets from a children’s hospital and selling them to China. Former Ohio resident Li Chen pleaded guilty yesterday to conspiring to steal scientific trade secrets and conspiring to commit wire fraud concerning the research, identification, and treatment of a range of pediatric medical conditions. Chen and her husband, alleged
by Paul Ducklin Another month, another BWAIN! That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune). This month’s bug with an impressive name (see what we did there?)
Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who
Britain’s Department for Digital, Culture, Media and Sport is funding a new wave of projects aimed at putting the UK at the forefront of 5G technology. Among the research and development projects to secure funding are a remote music festival that will take place in the Brighton Dome, trials of autonomous lorries, and a traffic system
A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts With half a year passed from the outbreak of COVID-19, the world is now trying to come to terms with the new normal. But even with the initial panic settled, and
by Paul Ducklin The Beatles famously sang about The Taxman back in 1966, when Britain had much higher taxes on the rich than it does now: Let me tell you how it will be There's one for you, nineteen for me 'Cause I'm the taxman, yeah, I'm the taxman Should five per cent appear too
A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed ‘BootHole‘ and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers
Rite Aid‘s quiet use of facial recognition technology in its stores has ended after nearly a decade. Since 2012, the American drugstore had gradually implemented the technology in 200 stores around the country, according to an investigation by Reuters. Analysis of where the technology had been deployed indicated that Rite Aid had primarily installed it in
The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks The Federal Bureau of Investigation (FBI) has issued an alert warning private sector organizations in the United States about a ramp-up in the use of built-in network protocols for large-scale distributed denial-of-service (DDoS) amplification attacks. “A DDoS amplification attack occurs when
by Paul Ducklin You’ve probably heard of a Blue Moon, which is the second full moon in any calendar month. The last one was back in 2018; the next one is coming up in October 2020. Well, 28 July 2020 is a Blue Firefox Update event – the second major security fix of the month,
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to create,
A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected. The controller was designed for secure local and remote server management to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers. Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy
The attackers and their motivations remain unknown; however, the incidents yet again highlight the risks of careless data security Thousands of unsecured internet-facing databases have been on the receiving end of automated ‘Meow’ attacks that involve destroying the data without leaving as much as an explanatory note. A search on Shodan shows that as the
by Paul Ducklin SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Let’s start at the very top of the ransomware dilemma. Should you ever pay blackmail money to ransomware crooks? As you can imagine, law enforcement
Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skills are highly valued in tech, finance, sales, marketing, and many other
The CEO of a technology startup based in Virginia is facing federal charges for allegedly masterminding an investment scam whose victims lost millions of dollars. Danny Boice was the founder and CEO of the now bankrupt privately held company Trustify Inc that was established in 2015. From its headquarters in Crystal City, the firm provided
American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m. According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal
The Identity Theft Resource Center doesn’t expect the trend to last, however While cybercriminals have been busy targeting people with various flavors of COVID-19-related scams, the number of publicly reported data breaches in the United States in the first half of 2020 dropped by 33% year-on-year. This is according to a report published by the Identity Theft
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity. The company’s website and the Twitter account say, “We are currently experiencing an outage
The United States government is teaming up with the University of Chicago to develop a nationwide quantum internet. The network, which would run in parallel with the current internet, could be used to securely send sensitive financial information and data pertaining to matters of national security. If all goes to plan, a functional network could
In another incident, ransomware attackers almost forced the cancellation of a match, a report reveals Sports organizations from around the United Kingdom have been urged to tighten their cybersecurity after a report revealed a string of attacks against various sports clubs, including an attempt to disrupt a lucrative Premier League transfer deal. In its first
by Paul Ducklin If you’re interested in cybersecurity you’ve probably read any number of reports in recent years about the often tenuous state of security in consumer devices. From insecure doorbells to webcams, and from light bulbs to home routers, we’ve written our own share of horror stories in recent years. That’s disappointing, but hardly
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI’s servers. The twin reports, courtesy of cybersecurity firms Synacktiv and
A former Florida tax collector has been indicted on charges of stalking a political opponent and stealing their identity. Federal stalking charges were brought against Lake Mary resident Joel Greenberg in June. The 35-year-old is accused of spreading false information about a political opponent who worked at a Seminole County school. According to the indictment, Greenberg created
The tech giant introduces its own version of verified accounts in Gmail, rolls out increased moderation controls in Meet, and enhances phishing protection in Chat Google has announced a host of new features for its G Suite family of applications that are aimed at bolstering the security of Gmail, Meet and Chat users. The company is
by Paul Ducklin If you were about to spend more than a million dollars, how careful would you be about where you sent the money? More importantly, how would you check with the recipient of the money – and how would they check with you – that both ends of the transaction were lined up
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors’
The open letter highlights five security and privacy principles that require heightened attention from videoconferencing services Six data protection and privacy authorities from countries in four continents have addressed an open letter to video teleconferencing (VTC) companies, asking them to re-evaluate how they safeguard the privacy rights and data of citizens around the globe. With people
- 1
- 2
- 3
- …
- 5
- Next Page »