Month: October 2020

0 Comments
by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday
0 Comments
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the
0 Comments
Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer.  The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today.  While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process
0 Comments
What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? Most of you probably own at least one USB thumb drive, which you typically use either to transfer data or as a backup for sensitive documents. Alternatively, you may like to
0 Comments
Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani security
0 Comments
Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.  The data’s appearance online follows
0 Comments
The flaws, neither of which is being actively exploited, were fixed merely days after the monthly Patch Tuesday rollout Microsoft has rushed out fixes for two security vulnerabilities affecting Microsoft Windows Codecs Library and Visual Studio Code. The security flaws are classified as Remote Code Execution (RCE) vulnerabilities and if successfully exploited could allow threat
0 Comments
The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the “most disruptive and destructive series
0 Comments
A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization.  Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12.
0 Comments
Managed Security Services Providers (MSSPs) have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are turning to multitenant solutions to help reduce the complexity of managing multiple security
0 Comments
by Paul Ducklin The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and
0 Comments
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye’s Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least since 2016 that involves monetizing their access to organizations’ networks, in
0 Comments
Iran has reported falling victim to two large-scale cyber-attacks, one of which was leveled at the country’s government institutions. The Iranian government’s Information Technology Organization on Thursday reported that two institutions had been compromised by attackers. No party has claimed responsibility for the attack, and Iranian government officials have not stated whether the attack was domestic or
0 Comments
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ
0 Comments
Students learning remotely in Massachusetts have had their lessons disrupted by distributed-denial-of-service, or DDoS, attacks. Sandwich Public Schools suffered a week of connection issues after what was first identified as a firewall failure occurred on October 8. A new firewall put in place to resolve the issue subsequently crashed, prompting the technology department to source a firewall
0 Comments
German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor’s Office, searched a total of 15 properties
0 Comments
Twitter temporarily suspended the account of the president of the United States’ election campaign for “posting private information.” The account @TeamTrump was locked for attempting to tweet a video referencing a recent article by the New York Post along with text describing presidential candidate Joe Biden as “a liar who has been ripping off our country for years.” The New
0 Comments
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people
0 Comments
Carnival Corporation has disclosed that passenger and employee data from three different cruise lines was accessed in a ransomware attack that took place in August. On August 15, the British-American cruise operator discovered that an unauthorized third party had compromised its computer system and downloaded data files. An update issued by the corporation yesterday states that personal data
0 Comments
Bad actors have accessed US elections support systems, although there’s no evidence to suggest that election data has been compromised, say FBI and CISA Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United