Philip Choo

0 Comments
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a “lone wolf” threat actor operating a Lahore-based fake
0 Comments
by Paul Ducklin According to Reuters, the REVil ransomware operation was “hacked and forced offline this week by a multi-country operation”. Reuters writes that one of its sources claims the hack-back against this notorious ransomware crew was achieved thanks to the combined efforts of the FBI, the US Cyber Command, the Secret Service “and like-minded
0 Comments
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
0 Comments
There’s a person behind every cybercrime. That’s easy to lose sight of. After all, cybercrime can feel a little anonymous, like a computer is doing the attacking instead of a person. Yet people are indeed behind these attacks, and over the years they’ve been getting organized—where cybercriminals structure and run their operations in ways that darkly mirror
0 Comments
IT teams struggle to develop adequate security strategies with the multitude of devices on ever-expanding corporate networks. Protecting IoT investments is critical for business survival and growth, yet IoT security presents unique challenges. A machine learning (ML) approach to IoT security can address some of these challenges. It solves the issue of identifying unknown devices
0 Comments
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can
0 Comments
by Paul Ducklin [00’30”] Hook up with our forthcoming Live Malware Demo presentation. [02’02”] How to build your cybersecurity career. [07’24”] Why we think you should celebrate Global Encryption Day. [10’55”] A whole new twist on bogus online “friendships”. [21’01”] How to stop your network cables giving you away. [34’50”] Oh! No! Why superglue is
0 Comments
The United States’ Department of Justice (DOJ) is seeking to recover a financial penalty of nearly $10m that was imposed on a man from Montana for operating malicious robocalling campaigns.  The Federal Communication Commission (FCC) fined Libby resident Scott Rhodes $9,918,000 in January 2021 after discovering that he had illegally used caller ID spoofing with
0 Comments
Many people are excited about Gartner’s Secure Access Service Edge (SASE) framework and the cloud-native convergence of networks and security. While originally proposed as fully unified architecture delivering network and security capabilities, the reality soon dawned that enterprise transition to a complete SASE model would be a decade long journey due to factors such as
0 Comments
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National
0 Comments
The edtech boom has focused primarily on students, but teachers are learners, too. Doyobi, a Singapore-based professional development platform, wants to give educators new, more engaging ways of teaching STEM subjects. The startup announced today it has raised $2.8 million in pre-Series A funding led by Monk’s Hill Ventures. The round included Tresmonos Capital, Novus
0 Comments
The Space Information Sharing and Analysis Center (Space ISAC) and the New York Metro InfraGard Members Alliance (NYM-IMA) have agreed to work together to advance the mission of cybersecurity in space.  A Memorandum of Understanding (MOU) enabling collaboration between the two organizations was signed earlier this month. In a statement released to announce the news, the organizations
0 Comments
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants alone, according to a report by the Financial Crimes Enforcement Network (FinCEN)
0 Comments
IoT is no longer a buzzword but is regarded as a vital step toward connected infrastructure. IoT integration can improve many daily tasks, and therefore, the technology has made its way into almost every industry across the world. A network of interconnected electronic devices falls under the umbrella of IoT. The devices not only add
0 Comments
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to
0 Comments
A 40-year-old man from California has admitted his role in a conspiracy to break into the private digital photo libraries of Apple customers to locate and steal sexually explicit images. Hao Kuo Chi, a resident of the city of La Puenta in Los Angeles County, pleaded guilty to charges of computer fraud and conspiracy on Friday, October
0 Comments
As CIOs and their organizations deploy more connected devices and build out more extensive IoT environments, many struggle to secure those ecosystems and all the data generated. Cryptography is a useful counter to those challenges. Cryptography uses codes to protect information and communications, making it inaccessible to all but those authorized to decipher the codes.