By failing to prepare you are preparing to fail. Make sure you’re able to bounce back if, or when, a data disaster strikes. “Backup refers to copying physical and virtual files, or databases, to a secondary location for preservation in case of equipment failure or catastrophe. Backing up data is pivotal to any successful disaster
Month: March 2023
When you play a game, how do you play it? Monopoly or Settlers of Catan around the dining table? Mario Kart on your Nintendo Switch? Assassin’s Creed on your Xbox? Among Us on your phone? Usually, they are games with a physical form, a console or an app. Artie is gearing up to shake up
A new malware toolset has been discovered and analyzed by security experts at SentinelOne. Dubbed “AlienFox” by the team, the toolkit can harvest credentials for multiple cloud service providers. An advisory published on Thursday by SentinelOne threat researcher Alex Delamotte shows that attackers used AlienFox to successfully harvest API keys and secrets from various services, including
by Paul Ducklin In the early days of personal computers, everyone knew why backups were important. Computer storage simply wasn’t as reliable as it is today, and it wasn’t a question of if you’d lose vital files through no fault of your own, but when it would happen. (Possibly today; probably tomorrow; almost certainly by
Mar 31, 2023Ravie LakshmananCyber Espionage / APT The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them
Shared micromobility company Helbiz said it will do a reverse stock split in an attempt to get back into compliance with the Nasdaq, which issued a delisting notice last July because Helbiz’s stock was trading too low. Helbiz is also rebranding to Micromobility.com Inc. in order to position itself as a micromobility brand that offers
Multiple security firms have sounded the alarm about an active supply chain attack that’s using a trojanized version of 3CX’s widely-used voice and video-calling client to target downstream customers. 3CX is the developer of a software-based phone system used by more than 600,000 organizations worldwide, including American Express, BMW, McDonald’s and the U.K.’s National Health
Researchers with Israeli startup Legit Security discovered a vulnerability in Microsoft Azure Pipelines that could let threat actors submit malicious code to development workflows and launch supply chain attacks. In a blog post on Thursday, Legit Security revealed the technical details of CVE-2023-21553, a high-severity vulnerability affecting Azure DevOps Server that Microsoft patched in February’s
Roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work. The data come from SlashNext’s latest mobile bring your own device (BYOD) security report, which also suggests 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps.
by Paul Ducklin HOW TO TURN YOURSELF IN No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of
Mar 30, 2023Ravie LakshmananNetwork Security A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers Sometimes you have to say things that go without saying: Social media and instant messaging have made staying in touch with friends easier than ever. These days, you’re never too far away from people
When Stellantis brand Jeep descended on Moab, Utah this week for its annual off-roading and concept roadshow, electrification ruled the road. The automaker showed off this week seven concepts — four of which are electrified — from the Jeep brand and Jeep Performance Parts (JPP) by Mopar ahead of the Easter Jeep Safari, an annual
With a drier than normal investment scene, founders are looking for more effective ways to reach the right VCs. Toward that end, over the past few weeks, thousands of founders have applied to land capital through a common app, but instead of hoping to land into a university, they’re hoping to land capital from top
The ransomware gang known as Clop has been observed exploiting a pre-authentication command injection vulnerability (CVE-2023-0669) in Fortra’s file transfer solution GoAnywhere MFT. The high-level vulnerability has a CVSS:3.1 score of 7.2 and was exploited against several companies in the US and elsewhere, according to a new advisory by security experts at CloudSEK. The flaw
by Naked Security writer The UK’s National Crime Agency (NCA) has recently announced work that it’s been doing as an ongoing part of a multinational project dubbed Operation PowerOFF. The idea seems to be to use fake cybercrime-as-a-service sites to attract the attention of impressionable youngsters who are hanging around on the fringes of cybercrime
Mar 29, 2023Ravie LakshmananZero-Day / Mobile Security A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release
How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats By now you’ve most probably heard of, or possibly even use, OnlyFans. Launched in 2016, this subscription service for content creators gained momentum over the course of the pandemic
Yesterday, the ride-sharing company Lyft said its two co-founders, John Zimmer and Logan Green, are stepping down from managing the company’s day-to-day operations, though they are retaining their board seats. According to a related regulatory filing, they actually need to hang around as “service providers” to receive their original equity award agreements. (If Lyft is sold
India’s ongoing efforts to boost local manufacturing of iPhone devices seem to have paid off to some extent, as the locally-manufactured iPhone shipments grew 162% year-on-year by value in 2022, according to Counterpoint. On Tuesday, the market research firm said that Apple now captures 25% of the total value of the smartphone market in India
The French government has announced plans to ban “recreational” apps, including TikTok, Netflix, Instagram, Candy Crush and Twitter, from officials’ devices. The move will be monitored by The National Cybersecurity Agency of France (ANSII) and is expected to affect roughly 2.5 million government officials. “Recreational applications do not deliver sufficient levels of cybersecurity and data protection to
by Paul Ducklin Apple’s latest update blast is out, including an extensive range of security patches for all devices that Apple officially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple’s super-cool external Studio
Mar 28, 2023Ravie LakshmananAdvanced Persistent Threat An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development
This is a new chapter of Elon Musk and his strange Twitter decisions. This time, the social network’s CEO has declared that Twitter will only show verified accounts on the algorithmic “For You” timeline starting April 15. In a tweet, Musk justified the move by saying this is the “only realistic way to address advanced
Generative AI is disrupting industries — with understandable controversy. Earlier this month, Danny Postma, the founder of Headlime, an AI-powered marketing copy startup that was recently acquired by Jasper, announced Deep Agency, a platform he describes as an “AI photo studio and modeling agency.” Using art-generating AI, Deep Agency creates and offers “virtual models” for
Enterprises users can now further authenticate Zoom meeting attendees to decrease the threat of participant impersonation as deep fakes become a growing concern. The new security feature, Okta Authentication for End-To-End Encryption (E2EE), launched Monday and is available for all paid Zoom customers. Once it is enabled under the security tab, verified Zoom meeting participants
A new information-stealing malware (infostealer) has been observed targeting Catalina and newer versions of macOS running on Intel M1 and M2 CPUs. Security researcher Shilpesh Trivedi from Uptycs discussed the findings in an advisory published on Friday. “The Uptycs threat research team has discovered a macOS stealer that […] controls its operations over Telegram,” Trivedi wrote.
by Paul Ducklin Gordon Moore, co-founder of Intel, has died at 94. Academically, Moore was both a chemist and physicist, earning a Bachelor’s degree in chemistry from the University of California at Berkeley in 1950, and a Doctorate in physical chemistry and physics from the California Institute of Technology in 1954. After a brief interlude
Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker “pompompurin,” faces a maximum penalty of up to five years in prison. He was arrested on March 15,
Pinterest announced today that it’s testing ways to integrate Shuffles collage content into Pinterest, starting with shopping. Shuffles, which is Pinterest’s collage-making app, launched to general public last November. To use Shuffles, users build collages using Pinterest’s own photo library or by snapping photos of objects they want to include with their iPhone’s camera. The
- 1
- 2
- 3
- …
- 6
- Next Page »