As Election Day draws near, here’s a snapshot of how this election cycle is faring in the hands of the would-be digitally meddlesome We’ve been talking about election security for months now. With the current pre-election fever pitch in the U.S., there almost couldn’t be a stronger focus on getting it right; indeed, it could
Month: October 2020
by Paul Ducklin There are some cybersecurity issues that just never seem to go away. As a result, we have written about them, on and off, for years – at first with ever-increasing quizzicality, but ultimately, once we could raise our eyebrows no further, with a sort of saggingly steady fatalism. Examples include: the fact
Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed “Operation Earth Kitsune” by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two
The Information Commissioner’s Office (ICO) has fined hotel chain Marriott International £18.4m over a data breach that exposed the information of millions of guests worldwide. The UK’s independent body set up to uphold information rights imposed the financial penalty on Marriott for “failing to keep millions of customers’ personal data secure.” In November 2018, Marriott reported a data breach that
The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago Although Microsoft issued a patch for the critical SMBGhost vulnerability in the Server Message Block (SMB) protocol back in March, over 100,000 machines remain susceptible to attacks exploiting the flaw. This wormable Remote Code
by Paul Ducklin You’ve probably heard or seen the news that the US CISA issued an alert this week with the unassuming identifier AA20-302A. CISA is short for Cybersecurity and Infrastructure Security Agency, and the AA20-302A report was a joint alert from CISA, the FBI and the HHS (US Department of Health and Human Services).
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and
United States Assistant Attorney General Beth Williams has called for people to come together to protect children from being exploited. Speaking yesterday at a Columbia Law School virtual event, Williams said: “Addressing the problem of online child exploitation requires that all of civil society work collaboratively—including law enforcement, non-governmental organizations, private industry, and individual citizens.”
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to have gone “back
by Paul Ducklin Did you know you can join us for a live cybersecurity lecture every Friday? Just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to find out the time we’ll be on air – it’s usually somewhere between 18:00 and 19:00 UK time, which is late
The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an “imminent” increase in ransomware and other cyberattacks against hospitals and healthcare providers. “Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware
An urban regeneration project is seeking to train a “digital army” of young people to protect the United Kingdom’s businesses and organizations from cyber-attackers. The HALO project is seeking to recruit people aged 16-24 under its #RockStars program and train them “in the latest digital and cyber skills and techniques” from a new site in Kilmarnock,
by Paul Ducklin Do you look after any sort of social media content? If so, especially if it’s business related, you’ve probably received your fair share of copyright infringement complaints. No matter how scrupulous you are about correctly licensing and attributing your content, you may be the victim of a scurillous or over-zealous complainant. For
Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, which said the 21 malicious apps (list here) were downloaded nearly eight million times from
Schools have admitted to creating gaps in their security by rapidly transitioning to remote education in an attempt to slow the spread of COVID-19. The admission was announced today by cybersecurity company Netwrix, as one of several additional findings from its “2020 Cyber Threats Report“ that examined how the coronavirus pandemic and remote learning initiatives have changed the IT
In-game chats were flooded with messages from somebody who tried to coerce players into subscribing to a dubious YouTube channel InnerSloth, the developer of the popular whodunnit social deduction game Among Us, has had to fight off a cyberattack affecting its players during their online matches. The incident that started some time on Thursday took the
by Paul Ducklin As regular readers will know, we write up real-world scams fairly frequently on Naked Security. Despite ever more aggressive spam filtering, including blocking some senders outright without even seeing what they’ve got to say, many of us receive a daily crop of outright dishonest and manipulative messages anyway. This sort of spam,
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. “Links shared in chats may contain private information intended only for the
The US Space and Rocket Center and the Federal Bureau of Investigation have entered into a joint agreement in support of US Cyber Camp. The camp is the newest of four STEM (science, technology, engineering, and mathematics) camp programs to be launched by the Rocket Center, a museum in Alabama that showcases the rockets, achievements, and
A federal judge has approved a multi-million-dollar settlement to resolve claims made by financial institutions against Equifax following a data breach three years ago. Between May and June 2017, cyber-criminals gained access to around 150 million records of Atlanta-based credit monitoring service Equifax by exploiting an unpatched Apache Struts vulnerability. The breach impacted roughly 56% of America’s population and
The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays. New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro
Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers The hospitality, travel, and retail industries, which have been hit particularly hard by the COVID-19 pandemic, have also been increasingly targeted by cybercriminals seeking to profit from the dire situation, a report has found. “During the lockdowns in Q1
by Paul Ducklin This week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”. Presenters: Kimberly Truong, Doug Aamoth and Paul
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting
A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET. The tweets were
Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor. There’s virtually no realm in healthcare today that isn’t adopting more technology. From real-time wireless access to your own health parameters through smart watches and wearables to implanted devices inside your
by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to
Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,
In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers. “Google is aware of reports that an exploit for
- 1
- 2
- 3
- 4
- Next Page »