Month: September 2020

0 Comments
The most common threat in the cybersecurity world often sounds like a plot from a blockbuster movie. The clock is ticking… You have only a few hours… Can you solve the mystery before you have to pay the ransom? According to Secureworks’ Director of Intelligence, Mike McLellan, year after year, threat actors around the world
0 Comments
The US has indicted two Iranians in connection with the theft of hundreds of terabytes of sensitive data from computers in America, Europe, and the Middle East.  Hooman Heidarian, aged 30, and Mehdi Farhadi, 34, were allegedly involved in a slew of coordinated hacks perpetrated to make money or for political reasons.  Data stolen in the attacks
0 Comments
The cyber attack affects 14 inboxes belonging to the Department of Justice was confirmed by ESET researchers.  ESET’s team of malware researchers in Montreal, in collaboration with journalist Hugo Joncas, helped shed light on a cyber attack that affected the Quebec Department of Justice.  Indeed, on August 11 and 12, the Department of Justice suffered a cyber attack in which malicious actors used malicious software to infect 14 inboxes under the Department‘s
0 Comments
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world. Named as APT41 and also known as ‘Barium,’ ‘Winnti, ‘Wicked Panda,’ and ‘Wicked Spider,’ the cyber-espionage group has been operating since at least
0 Comments
Zoom now supports phone calls, text messages and authentication apps as forms of two-factor authentication   Zoom is rolling out support for two-factor authentication (2FA) across its web, desktop, and mobile applications, allowing users to double down on the security of their accounts with an extra layer of protection.  For context, 2FA systems require users to pass authentication
0 Comments
A New Jersey man who physically installed keyloggers onto the computer networks of his rivals to steal trade secrets has been sent to prison for nearly eight years.  Ankur Agarwal, of Montville, pleaded guilty to two counts of obtaining information from computers and one count of aggravated identity theft in federal court in Newark back in October
0 Comments
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret
0 Comments
Privacy issues have been detected in an official application of the Joe Biden campaign. The Vote Joe app uses relational organizing to allow users to share data about themselves and their contacts with a voter database run by Target Smart, a service claiming to have over 191 million voter records.   A user who syncs their contacts with
0 Comments
A member of an organization dedicated to disrupting America’s political system has been charged with wire fraud conspiracy.  Project Lakhta manager Artem Mikhaylovich Lifshits of St. Petersburg, Russia, is accused of using IDs stolen from US citizens to open fraudulent accounts at banking and cryptocurrency exchanges.  According to a criminal complaint filed yesterday in the Eastern District
0 Comments
Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe’s Premier Digital Asset Exchange. Based
0 Comments
Cyber-criminals who launched a ransomware attack on a US court have published what they claim are stolen court documents online.  Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use
0 Comments
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed “CDRThief” that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. “The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR),” ESET researchers said in a Thursday
0 Comments
The data of around 100,000 Razer customers has been exposed online following a misconfiguration faux pas. The lapse by the global hardware manufacturing company and eSports and financial services provider was discovered by cybersecurity expert Volodymyr “Bob” Diachenko. Customer data impacted by the cyber-slipup included full name, email, phone number, customer internal ID, order number, order details, and billing
0 Comments
Oregon’s largest city aims to be a trailblazer when it comes to facial recognition legislation . On Wednesday, The Portland City Council passed what could be considered one of the strictest facial recognition bans in the United States. The legislation bans both city government agencies and private businesses from using the technology on the city’s grounds.  While bans on the public
0 Comments
The cyber incident has taken most of Newcastle University’s systems offline and officials estimates it will take weeks to recover.  While students are slowly preparing to return to their universities and colleges after a prolonged absence due to the Covid-19 pandemic, Newcastle University in England has been left reeling from a cybersecurity incident that has affected almost all its systems.  The university first became
0 Comments
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both —
0 Comments
The People’s Republic of China says the Twitter account of an ambassador who ‘liked’ a tweet containing pornographic content was hacked. The account in question belongs to Liu Xiaoming, the PRC’s ambassador to the United Kingdom. While Twitter is banned in the PRC, Chinese diplomats and their staff who live overseas are permitted to use the social media
0 Comments
by Sean Gallagher Internet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise. At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and
0 Comments
We have all heard of the “cybersecurity skills gap” — firms’ inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary
0 Comments
Small-business owners are worried that their employees’ use of social media is a potential security risk, according to new research by the Cyber Readiness Institute. A survey of 400 SMB owners and 1,059 US workers found that 56% of owners believe that their employees’ social media use poses a cybersecurity threat to their business.  Despite their
0 Comments
…but there are no conferences or exhibitions??? Being a regular presenter and visitor at conferences and exhibitions, it is not unusual for me to get unsolicited emails with offers to acquire the “verified” list of visitors or attendees, with function and contact details. Even for conferences and exhibitions I do not attend and often do