Get back into the cybersecurity groove for 2021
Month: December 2020
New warning issued over COVID‑19 vaccine fraud, cyberattacks
North Korean Hackers Trying to Steal COVID-19 Vaccine Researc
A man from New York City has been charged with waging a grim cyber-stalking campaign against a female college student. Desmond Babloo Singh allegedly created over 100 accounts on social media platforms and email services and used them to harass a former classmate of his sister for whom he claimed to have developed romantic feelings. Nineteen-year-old Singh
As part of your data storage and retention activities, there will be times when you need to completely remove data from storage media. There will also be times when it makes sense to destroy the media on which data is stored. Data sanitization is the process of totally and irreversibly destroying data stored on a
UK police also give some food for thought to those on the verge of breaking the law The long arm of the law has caught up with 21 people who are believed to have bought purloined login credentials on the now-defunct WeLeakInfo.com website and used them to break into other people’s online accounts and commit
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of
Dozens of customers of a popular smart doorbell are suing the Amazon-owned manufacturer after their devices were hijacked, according to a new class action lawsuit. The new legal case joins together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them. They allege that
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
The UK’s National Cyber Security Centre (NCSC) has issued its first ever guidance for farmers, in a sign of the growing cyber-threat facing rural businesses. Published on Tuesday, Cybersecurity for Farmers is a comprehensive guide to best practices covering everything from spotting suspicious emails and phone calls to password management, device security and the importance
Chief information security officers who work with the U.S. Department of Defense must understand and comply with the Cybersecurity Maturity Model Certification requirements, but even organizations that do not work with the government can learn from the CMMC. In early 2020, the U.S. Office of the Under Secretary of Defense for Acquisition and Sustainment released
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. “An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to outbound bandwidth
HelpSystems has announced the acquisition of cloud-based data protection provider Vera. The IT software firm said the deal will enable it to expand its data security portfolio and help meet a growing demand for solutions that can protect information throughout the full data lifecycle. This includes data classification, file transfer, data loss prevention and encryption.
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that’s used to interface with all other Orion system monitoring and management products suffers from
America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over the widespread impact of a recent hacking attack that compromised the SolarWinds Orion software supply chain. The assault on SolarWinds hit the headlines earlier this month after it was discovered and disclosed by researchers at FireEye. The advanced persistent threat (APT) group behind the attack was
Cyberthreats can take the fun out of connected gadgets – here’s how to make sure your children enjoy the tech without putting themselves or their family at risk This Holiday season, you may have treated your kids to a smart gadget. But have you also remembered to set up the shiny new device for them
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the NCA said. Of the 21 arrested—all
White Ops Acquired by Goldman Sachs
IBM Security X-Force’s COVID-19 threat intelligence task force discovered a massive phishing campaign earlier this month aimed at organizations within the vaccine distribution cold chain. Caleb Barlow, president and CEO of healthcare cybersecurity firm CynergisTek, said that part of the supply chain, which ensures vaccines are stored at the proper temperature, is especially vital for
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email. The hacking endeavor was reported to the company by Microsoft’s Threat Intelligence Center on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal
An ethical hacker from Romania has become the first person to earn $2m in bug bounties through the bounty hunting platform HackerOne. Talented hacker Cosmin Lordache, also known by his HackerOne handle @inhibitor181, hit his first significant earning milestone almost a year ago when he became the seventh person to pass the million-dollar earning milestone by reporting 468
7 ways malware can get into your device
A chat with social engineering hacker Rachel Tobac
Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24.
A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be
by Paul Ducklin Thanks to Naked Security reader M Carter for their help with this article. Last week, we warned of a Facebook Messenger scam that used a bogus video to lure you onto a phoney Facebook login page. In that scam, the crooks were using stolen Messenger passwords to phish for yet more Messenger
As if the exponential rise in phishing scams and malware attacks in the last five years wasn’t enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol’s COVID-19 Cybercrime Analysis Report,
A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how
When it comes to holiday gifts, surprise and wonder are always welcome. When it comes to protecting your security, however, you don’t want to leave anything to chance. Jingle bells are ringing, kids are getting as excited as ever as they look at the Christmas tree with anticipation, and depending on where you live, a
SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC. Cybersecurity attacks are on the rise, and the new challenge of supporting a largely remote workforce amid the pandemic and
- 1
- 2
- 3
- 4
- Next Page »