Month: November 2021

The age-old dilemma of password security continues to haunt businesses both big and small, with poor passwords still a key contributor to data breaches. According to the 2021 Data Breach Investigations Report, in 2019, 80% of hacking-related breaches were reportedly linked to passwords and stolen credentials, showing just how crucial secure password management is within
Soveren, a London-based startup that automates the detection of privacy risks to help organizations comply with GDPR and CCPA, has launched out of stealth with $6.5 million in seed funding. The company analyzes real-time data flows inside an organizations’ infrastructure to discover personal data and detect privacy risks to make it easier for CTOs and
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm
The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains Law enforcement agencies from around the globe have swooped down on hundreds of people suspected of committing various types of online crime, including romance scams, investment fraud and money laundering operations. The international effort
The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised. In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11.  An internal investigation was launched that determined that the intruder had accessed some data stored on
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.   Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool
The director of the National Labor Relation Board’s 10th region has authorized a new union election for workers at Amazon’s Bessemer, Alabama fulfillment center. An NLRB representative has confirmed the decision with TechCrunch, which would see the Retail, Wholesale and Department Store Union getting a second chance to unionize workers at the site, following its
Amanda Keton Contributor Christian Humborg Contributor As COVID-19 spread rapidly across the world in 2020, people everywhere were hungry for reliable information. A global network of volunteers rose to the challenge, consolidating information from scientists, journalists and medical professionals, and making it accessible for everyday people. Two of them live almost 3,200 kilometers away from
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even
An APAC marine services multi-national appears to have become the latest victim of the prolific Clop ransomware gang. Swire Pacific Offshore (SPO) has provided crew and ships for specialized tasks such as anchor handling, platform supply and seismic surveys for over 45 years. However, its name recently appeared on the extortion site of the Clop
Ion Yadigaroglu Contributor Ion Yadigaroglu is managing partner of Capricorn Investment Group and a GP of Capricorn’s Technology Impact Fund. He is an early investor in iconic deep tech companies including Tesla, SpaceX, Planet, Saildrone, QuantumScape, Joby Aviation, Helion Energy, Twelve, Electric Hydrogen, Redwood Materials and others. He serves on the board of nonprofit Ceres
Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM) said “Google and Apple did not
UK schools are being encouraged to sign-up to a revamped cybersecurity competition designed to improve diversity in the sector. The CyberFirst Girls Competition is the National Cyber Security Centre’s flagship event for schools. Since 2017 more than 43,000 girls aged 12-13 have taken part in a series of cybersecurity challenges. However, the 2022 edition will see some
Apple has filed a lawsuit against NSO Group, claiming the spyware vendor was directly involved in attacks on Apple users. In a complaint filed Tuesday, Apple said it took legal action in response to “deliberate” efforts by the defendants to “target and attack Apple customers, products and servers.” Additionally, the lawsuit claims that “NSO’s malicious
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called “Tardigrade.” That’s according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector
by Paul Ducklin Google’s Cybersecurity Action Team just published the first ever edition of a bulletin entitled Cloud Threat Intelligence. The primary warnings are hardly surprising (regular Naked Security visitors will have read about them here for years), and boil down to two main facts. Firstly, crooks show up fast: occasionally, it takes them days
“AI will revolutionize every aspect of connectivity,” was the bold message delivered during a recent webinar by the IDC titled ‘AI with everything – the future of Artificial Intelligence in Networking.‘  The synopsis of the webinar argued that artificial intelligence (AI) is changing how networks are built and operated in the most profound of ways. Additionally, IT
The time to repurpose vulnerabilities into working exploits will be measured in hours and there’s nothing you can do about it… except patch By Fred House 2021 is already being touted as one of the worst years on record with respect to the volume of zero-day vulnerabilities exploited in the wild. Some cite this as
When Polestar launched its first all-electric vehicle last year, it came in a single flavor: a dual-motor, all-wheel-drive configuration that cost around $50,000 before incentives. Next year, the automaker is adding some variety. Polestar is rolling out a more affordable, single-motor, two-wheel-drive version of the sedan that still offers many of the features of the dual-motor
by Paul Ducklin [00’27”] Cybersecurity tips for the holiday season and beyond. [02’20”] Fun fact: The longest-lived Windows version ever. [03’40”] Exchange at risk from public exploit. [10’34”] GoDaddy loses passwords for 1.2m users. [18’25”] Tech history: What do you mean, “It uses a mouse?” [20’25”] Don’t make your cookies public! [27’51”] Oh! No! DDoS