Month: January 2021

The organizers of an English beauty pageant established over nine decades ago are being held to ransom by cyber-criminals. The Daily Mail reports that malicious hackers targeted the organizers of Miss England on Tuesday night with a sophisticated online scam.  Pageant organizer and former Miss England Angie Beasley was sent what appeared to be an authentic message from the
Organizations often focus their security efforts on the data center and invest significant financial and intellectual capital to secure the centralized servers and storage that drive their productivity, but they may be overlooking endpoint security. However, the data center’s resources are useless without user endpoints that can access and manipulate vital business data from almost
The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest
A retired Nevada cop who headed up a Cyber Crimes Unit has been charged with burglary, bigamy, and forgery.  Former Washoe County Sheriff’s deputy Dennis Carry was arrested on Tuesday on seven different felony counts following a two-year investigation by the Reno Police Department.  The 46-year-old was previously in charge of the Cyber Crimes Unit at the Washoe County
The law enforcement action is one of the most significant operations against cybercriminal enterprises ever Europol has announced the disruption of the Emotet botnet, one of the longest-lived and most pervasive malware threats, following a large-scale operation that also included a number of national law enforcement agencies across Europe and North America. Authorities in the
by Paul Ducklin If you’re a user of the venerable, powerful and popular open source programming language Perl, you’ll almost certainly have visited its official website at some point, at: You may very well also have visited its sister site, which until very recently looked like this: Main page of on 2021-01-25,
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed “BlastDoor,” the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project
by Harriet Stone Harriet Stone Hello, Naked Security readers. I’m Harriet Stone, an intern in the Sophos marketing team. Seven months of working (virtually) with cybersecurity professionals has made me realise just how unaware many students are when it comes to their online security. Even before the COVID-19 pandemic drove a switch to online learning,
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app Android users should watch out for new wormable malware that spreads through WhatsApp and lures the prospective victims into downloading an app from a website masquerading as Google Play. ESET malware researcher Lukas Stefanko looked
The infamous Emotet botnet operation has been disrupted, thanks to an international operation coordinated by Europol and Eurojust. Emotet’s infrastructure has been taken over as part of an “international coordinated action” between law enforcement agencies in Canada, France, Germany, Lithuania, Netherlands, Ukraine, the United Kingdom and the U.S., “with international activity coordinated by Europol and
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s no predetermined quarterly schedule for
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab‘s investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have
Increased digital adoption since the start of COVID-19 is leaving consumers more vulnerable to cyber-attacks, according to McAfee’s 2021 Consumer Security Mindset Report. The analysis found that Brits across all age groups have embraced new digital solutions amid ongoing social distancing restrictions. Nearly three-quarters purchased at least one connected device in 2020 and one in
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration
Application security threat modeling solutions provider IriusRisk has announced the appointment of Dr Gary McGraw to its threat modeling technical advisory board. Dr McGraw – who has a PhD in computer science and cognitive science – joins existing advisor Adam Shostack and will assist in the strategic direction and development of the AppSec firm. The
The Russian government has issued cybersecurity guidance to businesses in the country after claiming they are at risk of US reprisals for the recent SolarWinds attacks. The alert came late last week from the National Coordination Center for Computer Incidents (NKTsKI), an agency created in 2018 by KGB successor the Federal Security Service (FSB). It
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle