Supporting the Women Hit Hardest by the Pandemic Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988. That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the
Month: February 2021
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit
The Federal Bureau of Investigation and Michigan State Police are investigating a cyber-attack on a Michigan school district. District administrators at Saginaw Township Community Schools began experiencing IT issues on Sunday following what is believed to have been a ransomware attack on the district’s computer network. Investigators are in contact with the cyber-criminals behind the attack. It
Neither clinical research into the coronavirus nor any patient data were affected by the incident Oxford University has confirmed that one of its biology laboratories that is researching ways to combat the COVID-19 pandemic has fallen victim to a cyberattack. Details about the incident at the Division of Structural Biology (Strubi) were released by Forbes.
6 Steps to Help Your Family Restore Digital Balance in Stressful Times Editor’s Note: This is part II in a series on helping families protect their mental and digital health in times of chronic stress. The content is not intended to be a substitute for professional advice or treatment. Over the past year of remote
Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the
French multinational information technology services and consulting company Atos has completed the acquisition of two cybersecurity companies. On February 24, the self-styled decarbonization services and products pioneer announced the successful acquisition of Motiv ICT Security. Founded in 1998, Motiv is the largest independent Managed Security Services (MSS) provider in the Netherlands. In a statement released Wednesday, Atos said
Two new tools will warn users about the risks of searching for and sharing content that exploits children, including the potential legal consequences of doing so Facebook has announced a pair of new tools to help combat child abuse and exploitation content on its platform and apps. While one tool aims to curb the potentially malicious
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual
New research by cybersecurity company Kaspersky has found that Russia, Brazil, and the United States of America were the countries most affected by stalkerware last year. A new report, “The State of Stalkerware 2020,” that was released today found that 53,870 Kaspersky users were affected globally by malicious surveillance software in 2020. Russia had the most affected users
A snapshot of some of the ways ESET makes an impact supporting the well-being of people, communities and the environment Technology companies have been developing software and hardware that has over time become an integral part of our lives. But besides providing people with the products they need, many companies are also an essential part
First came the breach, then came the blackmail; now the Vastaamo Psychotherapy Centre has closed its doors for good. Four months after revealing it suffered a data breach in which patient records were stolen, Finland’s largest psychotherapy center has declared bankruptcy. A significant part of the incident occurred after threat actors attempted to extort the
It is near-certain the need for security across the enterprise will never cease – only increase if year-over-year trends are any indication. We constantly see headlines with repetitive buzzwords and phrases calling attention to the complexity of today’s security operations center (SOC) with calls to action to reimagine and modernize the SOC. We’re no different here at McAfee
by Paul Ducklin The graphics card that wants you to stick to playing games, the man that didn’t weigh 100 tons after all, and the marketing gang that used a browser bug to bombard iPhone users with scammy online surveys. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge.
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. “Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an
Addressing the cyber-skills gap requires a variety of career pathways and greater collaboration between governments, academia and industry, according to experts speaking during a webinar entitled Closing The Cyber Skills Gap: Can We Make a Difference? This session involved security vendor Palo Alto Networks and academics, government members and security experts from Scotland, and took place
People who use devices running Android 9 or newer will be alerted if their login credentials have been stolen Google is extending its Password Checkup feature to Android in a bid to help people make their online accounts more secure. Originally introduced as an extension for the Google Chrome web browser two years ago, the tool was
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using MVISION Insights, McAfee was able
by Paul Ducklin Last week, a UK journalist reported an incident that he subtitled with the words, “Hilarious mix-up may have highlighted a potential issue with the vaccine roll-out.” As you probably know, medical mix-ups have a habit of ending badly, especially when they involve automated calculations that determine drug doses. In this case, happily,
The incident raises concerns about the privacy and security of conversations taking place on the platform Clubhouse, the social media platform du jour, has experienced a data incident as an unidentified user found a way to stream audio feeds from the app’s chat rooms to a third-party website. Speaking to Bloomberg, Clubhouse spokeswoman Reema Bahnasy confirmed
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users’
The United States Senate’s select committee on intelligence met yesterday to hear evidence from tech executives regarding the historic hack on Texas-based company SolarWinds. Government agencies issued emergency directives in December after cybersecurity company FireEye detected a supply-chain attack trojanizing SolarWinds’ Orion business software updates to distribute malware. Using SolarWinds and Microsoft programs, hackers believed to have been working for Russia attacked
A bug in the ad blocking component of Brave’s Tor feature caused the browser to leak users’ DNS queries Brave, one of the top-rated browsers for privacy, has fixed a bug in its Private Windows with Tor feature that leaked the .onion URLs for websites visited by the browser’s users, according to a report by an anonymous
by Paul Ducklin Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.” End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San
The vast majority (86%) of critical national infrastructure (CNI) organizations in the UK have experienced cyber-attacks on their operational technology (OT) and industrial control systems (ICS) in the past 12 months, according to a new study by Bridewell Consulting. Worryingly, more than nine in 10 (93%) of those that experienced attacks in this period admitted
A nation-state threat group cloned and used a U.S. government cyberweapon years before it was exposed by the Shadow Brokers in 2017. A China-based advanced persistent threat group, known as APT31 or Zirconium, utilized a Windows zero-day exploit belonging to the Equation Group — an American APT widely understood to be a part of the
by Paul Ducklin Nvidia, the graphics chip company that wants to buy ARM, made a unusual announcement last week. The company is about to launch its latest GeForce GPU (graphics processing unit) chip, the RTX 3060, and wants its users know that the chip is “tailored to meet the needs of gamers and those who
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay
A number of influential companies have formed a consortium that aims to reduce the amount of disinformation, misinformation, and fraudulent content on the internet. The Coalition for Content Provenance and Authenticity (C2PA), a Joint Development Foundation project, has been founded by Adobe, Arm, BBC, Intel, Microsoft, and photo and video verification platform Truepic. Member organizations plan to jointly develop technical standards for certifying the
- 1
- 2
- 3
- …
- 5
- Next Page »