Over the last five years, there has been a 183% increase in the number of disclosed vulnerabilities, according to new research by Tenable. The “2020 Threat Landscape Retrospective,” released Thursday, provided an overview of key vulnerabilities disclosed or exploited throughout 2020, as well as trends that impacted the year including breaches and ransomware attacks. The
Month: January 2021
by Paul Ducklin Here’s our latest Naked Security Live talk, where we discuss the tips in our article Home schooling– how to stay secure . Even if you don’t have school-age children, or aren’t living in a region where schools are currently closed, the video contains a wide range of advice that will help you
Apple has removed a controversial feature from its macOS operating system that allowed the company’s own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called “ContentFilterExclusionList,” it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were
The UK’s Ministry of Defense (MoD) experienced an 18% rise in personal data loss incidents in the financial year 2019/20, according to official figures analyzed by the Parliament Street Think Tank. The UK government’s defense department revealed there were 546 reported incidents of personal data loss during the last financial year, up from 463 in 2018/19.
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors. “DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS
The Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE) yesterday announced a Memorandum of Understanding with the Women in Cybersecurity (WiCyS) Mid-Atlantic affiliate. The executed MOU creates a cooperative agreement between the two parties to partner in the furthering of their missions and objectives around the adoption, use, and expansion of CMMC-based cybersecurity practices for the
New mesh Wi-Fi routers may be the answer to your wireless signal woes, but how about your privacy and security? Wi-Fi is hard, especially powering the swarms of smart devices in the average home. To combat dead spots, metal surfaces which block or reflect signals, and distant garages too far to connect, manufacturers at CES
WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking
A man from Florida has admitted cyberstalking a woman who survived a violent attack in her childhood that left another young girl dead. Alvin Willie George of Cross City pleaded guilty to two counts of cyberstalking related to the online harassment of the survivor and her sisters. According to court records, the victim was in a Texas
Nobody said parenting was easy, but in the digital age it comes with a whole slew of new challenges. How do parents view the role of parental monitoring in children’s online safety? Experience from my nearly 20 years of being involved in the conversation around child online safety has caused me to be skeptical when
2020 was a tough year for cybersecurity. Security teams had to secure remote work environments in a matter of days as the COVID-19 pandemic triggered widespread, extended lockdowns. Then, they had to maintain secure operations throughout the year without physical access to the resources they typically use. Meanwhile, ransomware attacks expanded in scale and intensity,
by Paul Ducklin You probably don’t need to be told what sort of products were on offer at an online retail site called DarkMarket. As you can imagine, it operated on the so-called dark web, and you’d have needed the Tor browser to access it, using a special web address ending in .onion. Onion addresses
Your ‘networked computer on wheels’ has a privacy problem – when it comes to your data, you may not really be in the driver’s seat The CES 2021 conference heralds the natural progression of car-spying apps built directly into the car and tied directly to insurance companies. Originally slated to assist drivers in an emergency,
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts
The US National Security Agency (NSA) has warned enterprises that adoption of encrypted DNS services can lead to a false sense of security and even disrupt their own DNS-monitoring tools. DNS over HTTPS (DoH) has become an increasingly popular way to improve privacy and integrity by protecting DNS traffic between a client and a DNS
The documents related to COVID-19 vaccine and medications were stolen from the EU’s medicines agency last month The European Medicines Agency (EMA), which evaluates and approves medicines for the European Union (EU), has disclosed that cybercriminals have posted online a portion of the documents that are related to COVID-19 vaccines and were stolen in a
by Paul Ducklin We explain how two French researchers hacked the Google Titan security key product (but why you don’t need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music: Edith Mudge. LISTEN
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed “Operation Spalax” — began in 2020, with the modus operandi sharing some similarities
Controversial connected device company Ring has added video end-to-end encryption (E2EE) to some of its products in a bid to boost user privacy and security. The Amazon-owned maker of smart doorbells first flagged the move last autumn, but will begin the roll-out this week as part of a “technical preview. “By default, Ring already encrypts
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries In 2020 ESET saw several attacks targeting Colombian entities exclusively. These attacks are still ongoing at the time of writing and are focused on both government institutions and private companies. For the latter, the most targeted sectors
Co-authored by Sally Adam and Doug Aamoth Many pupils are starting their new school term from home rather than the classroom. For families with younger kids, home schooling is often the first time that their children have needed to use computers (rather than gaming consoles) in earnest. Whether you’re new to home schooling, going back to it after a break, or an old hand, it’s worth
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker’s newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel’s vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
Big tech companies need to “raise the bar” on enhancing privacy and trust in their services in 2021. This was the message from a panel discussion at the Consumer Electronics Show (CES) 2021, which included representatives from Google, Twitter and Amazon. This need for greater transparency has emerged as a result of the growing reliance
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what’s making the news. Here are 5 common scams you should look out for. Cybercriminals can be very creative when it comes to swindling people out of money. They will use a variety of methods to
Editor’s note The pervasiveness of SolarWinds backdoor attack, the sophistication of the hackers behind it and the number of high-profile victims make it the biggest cyber attack of 2020 — and possibly the past decade. The ongoing SolarWinds breach also shines a light on how dangerous a supply chain attack can be and gives infosec
by Paul Ducklin Here’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential. Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL
More than two-thirds (68%) of UK workers do not consider the cybersecurity impact of working from home, according to a new study by VPNOverview.com. The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks. The shift
by Paul Ducklin In July 2018, after many years of using Yubico security key products for two-factor authentication (2FA), Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented