You’re fully aware of the need to stop threats at the front door and then hunt any that got through that first gate, so your company installed an EPP/ EDR solution. But like most companies, you’ve already come across its shortcoming – and these are amplified since you have a small security team. More than
Month: March 2021
The United States’ Internal Revenue Service (IRS) has issued a warning over an ongoing phishing scam targeting higher education establishments in the United States. In a statement released yesterday, the IRS said that it was being actively impersonated over email by cyber-attackers seeking to trick victims into handing over sensitive data. Students and staff have received
Merritt Hummer Contributor Merritt Hummer is a partner at Bain Capital Ventures, where she invests in the fintech, e-commerce and proptech sectors. In 2019, my colleague Matt Harris coined the term “embedded fintech” to describe how virtually all software-driven companies will soon embed financial services into their applications, from sending and receiving payments to enabling
A new ransomware variant known as Hades has been hitting large enterprises, and threat researchers have cited connection to two possible threat groups: a Chinese nation-state group and an infamous Russian cybercrime gang. Awake Security, a division of Arista Networks, published a blog post Monday about Hades ransomware, which was first discovered in late 2020
Otrium has raised a $120 million round just a year after raising its $26 million Series B round. BOND and returning investor Index Ventures are leading the round. Existing investor Eight Roads Ventures is also participating. The concept behind Otrium is quite simple. When items reach the end-of-season status, brands can list those items on
The bug is under active exploitation by unknown attackers and affects a wide range of devices, including iPhones, iPads and Apple Watches Apple has released an emergency update for its iOS, iPadOS, and watchOS operating systems to patch a zero-day security flaw that is being actively exploited in the wild. The vulnerability affects multiple models
Check up on Your Virtual Safety: Tips for Telehealth Protection In a poll conducted by the Canadian Medical Association, nearly half of Canadians have used telehealth services since the start of the pandemic. Additionally, in a recent McAfee study, we found that 21% of Canadians have used the internet for a doctor visit in 2020,
by Paul Ducklin Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions: Code change in Trojanised ext/zlib/zlib.c
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as: customer names,
A fictional dog is to teach elementary and middle school kids how to maintain a secure digital footprint in a new book co-authored by Fortinet’s deputy CISO. Lacey the pooch is the creation of Renee Tarun, a cybersecurity veteran of two and half decades. The character is based on Tarun’s pet chocolate Labrador, Lacey, who died
Autonomous, electric mobility service provider Optimus Ride announced a partnership with powersports vehicle manufacturer Polaris to bring fully autonomous GEM electric vehicles to market. The two will introduce a new line of Polaris GEM low-speed vehicles that will be engineered to fully integrate Optimus Ride’s autonomous software and hardware suite. The microtransit vehicles are expected
Everli, the European marketplace for online grocery shopping that started in Italy but now also operates in Poland, Czech Republic and France, has raised a $100 million in Series C funding. The round is led by Verlinvest, with participation from new investors Luxor, DN Capital, C4 Ventures, and Convivialité Ventures. FITEC (part of Fondo Italiano
Protect Your Digital Wellness: Don’t Post Your Vaccination Card Online Think Twice Before Posting Your Vaccination Card on Social Media After much anticipation, you finally get a notification that you’re eligible to receive your COVID-19 vaccine. Upon getting your first dose, you may be eager to celebrate by sharing a picture of your vaccination card
by Paul Ducklin Cybercrime isn’t about just one sort of attack, one type of crook, or one method of protection! Learn more: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles. Why not join us live next time? Don’t forget that these talks
As many as five vulnerabilities have been uncovered in Ovarro’s TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. “Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition,” the U.S. Cybersecurity
A Plano resident has been sent to prison for his part in a multimillion-dollar fraud and money-laundering scheme that victimized school districts, charities, and senior citizens. In October last year, Babatope Joseph Aderinoye was found guilty of conspiracy to commit bank fraud, wire fraud, and money laundering; wire fraud; aggravated identity theft; and mail fraud. According to
Dominik Schiener Contributor Dominik Schiener is co-founder and chairman of the IOTA Foundation. He has been in the blockchain space since 2011, with several startups in Switzerland, the U.K. and Germany. His primary focus is how to improve physical infrastructure with digital infrastructure such as DLT and AI. More posts by this contributor The road
Last week the Canadian Supreme Court ruled that the national government’s plan to tax carbon emissions was legal in a decision that could have significant implications for the nation’s climate-focused startup companies. The ruling put an end to roughly two years of legal challenges and could set the stage for a boom in funding and
by Paul Ducklin We’re sure you’ve heard of OpenSSL, and even if you aren’t a coder yourself, you’ve almost certainly used it. OpenSSL is one of the most popular open-source cryptography libraries out there, and lots of well-known products rely on it, especially on Linux, which doesn’t have a standard, built-in encryption toolkit of its
Merely weeks after releasing out-of-band patches for iOS, macOS, and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process
The Federal Bureau of Investigation has issued a flash alert to Americans highlighting the dangers of Mamba ransomware. According to the Bureau, Mamba has been deployed against local governments, public transportation agencies, legal services, technology services, and industrial, commercial, manufacturing, and construction businesses. The ransomware works by weaponizing an open source full-disk encryption software called DiskCryptor. By encrypting an entire
The beauty of podcasting is that anyone can do it. It’s a rare medium that’s nearly as easy to make as it is to consume. And as such, no two people do it exactly the same way. There are a wealth of hardware and software solutions open to potential podcasters, so setups run the gamut
The COVID-19 pandemic sparked a dramatic rise in online activity, including online purchases, learning and financial transactions. With the spike in internet traffic came an increase in internet fraud, and, on the other side, more use of fraud prevention technology. Jumio, an identity verification technology vendor, is among the fraud prevention companies seeing a boost
Apple has released an update for iPhones, iPads and Watches to patch a security vulnerability under active attack by hackers. The security update lands as iOS 14.4.2 and iPadOS 14.4.2, which also covers a patch to older devices as iOS 12.5.2. watchOS also updates to 7.3.3. Apple said the vulnerability, discovered by security researchers at
Phishing Email Examples: How to Recognize a Phishing Email You get an email from bank0famerica@acc0unt.com claiming that they have found suspicious activity on your credit card statement and are requesting that you verify your financial information. What do you do? While you may be tempted to click on a link to immediately resolve the issue,
by Paul Ducklin Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones and iPads who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as follows: iOS 14
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app
Four states have been chosen by the National Governors Association (NGA) for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity. Kansas, Missouri, Montana, and Washington have all been selected by the NGA Center for Best Practices to work directly with the NGA on cybersecurity governance, workforce development, and government partnership policies. “Representatives of the four states will
Who knew building a vertical software as a service toolkit focused on home heating and cooling could be worth $8.3 billion? That’s how much Los Angeles-based ServiceTitan, a startup founded just eight years ago is worth now, thanks to some massive tailwinds around homebuilding and energy efficiency that are serving to boost the company’s bottom
When it comes to dealing with an unplanned and potentially disruptive event that affects the security and integrity of an organization’s IT infrastructure, incident response plans are the first line of defense. Without an incident response plan in place, an organization’s response to an incident — especially a cyber attack — could be haphazard and
- 1
- 2
- 3
- …
- 7
- Next Page »