Month: October 2021

by Paul Ducklin [00’29”] Don’t miss our cybersecurity podcast minisodes! [01’46”] Bliss is a hill in wine country. [03’37”] Lessons from a cryptotrading hamster. [08’46”] Ransomware gang hacked back. [20’27”] Docusign phishers go after 2FA codes. [30’23”] Oh! No! Sleep mode considered harmful. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith
Law enforcement agencies in the United States have searched the Florida premises of a Chinese payment-terminal provider. A warehouse and offices belonging to multinational Pax Technology were scoured by the Federal Bureau of Investigation, the Department of Homeland Security, and other agencies on Tuesday after concerns were reportedly raised over the company’s security. The FBI said that
By What is shoulder surfing? Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN at an
Kathryn Kosmides Contributor Kathryn Kosmides is a survivor of gender-based violence and the founder of nonprofit background check Garbo. Facebook whistleblower Frances Haugen’s message about Instagram’s impact on teenage girls was unequivocal: Facebook’s studies found that 13% of British teens said Instagram prompted thoughts of suicide, and 17% of teen girls say Instagram makes eating
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting
by Naked Security writer In an intriguingly worded news statement issued today, Europol has announced police action in both Switzerland and Ukraine against 12 cybercrime suspects. The document doesn’t actually use words such as a “arrested” or “charged with criminal offences”, saying merely that: A total of 12 individuals wreaking havoc across the world with
A man from Minnesota has been charged with hacking four major American professional sports leagues and defrauding them of millions of dollars by illegally streaming copyrighted live games. St. Louis Park resident Joshua Streit, who is also known as Josh Brody, allegedly intruded into the computer systems of the National Basketball Association (NBA), the National Football League
What is risk appetite and how is it different from risk tolerance? Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value. Risk appetite can also be described as an organization’s risk capacity, or the maximum amount of residual risk it will accept after
What do social media companies really know about you? It’s a fair question. And the quick answer is this: the more you use social media, the more those companies likely know.  The moment you examine the question more closely, the answer takes on greater depth. Consider how much we use social media for things other than connecting with friends.
RED74, a managed security services provider based in New Jersey, has been acquired by cybersecurity consulting and managed services firm Cerberus Cyber Sentinel Corporation. The financial terms of the acquisition were not disclosed when the deal was announced on Thursday. RED74 is a privately held company whose clientele are primarily in the financial services and distribution/warehouse management sectors.
Uber, Lyft, Spin, Bird, Lime and other mobility companies have been working with cities to develop a set of guidelines over how to protect riders’ data. The Privacy Principles for Mobility Data, which were presented at the annual North American Bikeshare & Scootershare Association (NABSA) conference on Thursday, marks a new level of cooperation between cities
Microsoft has announced plans to fill 250,000 cybersecurity roles by working with community colleges across the United States. As part of the recruitment drive, the American multinational technology corporation said today that it intends to invest millions of dollars in education and teacher training over the next three years. As of January 2021, there were
Twitter detailed its process for onboarding 100% of employee accounts with physical Yubico security keys in a blog post Wednesday. The post comes a little over a year after last summer’s Twitter hack, in which attackers used a social engineering attack that granted access to administrative systems and tools within the company. Through this access,
Wavemaker Impact’s founders: (from left to right) Quentin Vaquette, Doug Parker, Marie Cheong, Paul Santos, and Steve Melhuish Wavemaker Partners doesn’t just want to invest in climate tech and sustainability startups. It also wants to help build them. Today, the Singapore-based firm announced the launch of Wavemaker Impact, a venture builder that identifies potential business
by Paul Ducklin First thing this morning, just after midnight, we received the latest slew of Apple Security Bulletins by email. As often seems to happen with Cupertino’s patches, the emails were informative and confusing in equal measure, offering an intriguing mix of security update information: The latest macOS 12 Monterey emerges as 12.0.1. We’re
The United States government has launched an appeal against a UK court’s decision to refuse to extradite Wikileaks founder Julian Assange. Australian citizen Assange, who is aged 50, was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. The