The United States Justice Department has warned that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans’ personal data. In a press release issued March 5, the department said it had received reports that bad actors are creating fake websites that mimic sites genuinely belonging to SWAs. “The fake websites are designed to trick consumers into
Philip Choo
A primer on various threats looming over financial companies and the steps that these organizations can take to counter them Companies operating in the financial services industry aren’t by any means strangers to being targeted by various forms of financial crimes and fraud. However, over time, the playing field has changed and threat actors have
Don’t Let Tax Fraud Ruin Your IRS Refund Here’s how to lock down your data this tax season Tax season is always a high time for scams that put our money and information at risk. But this year securing your data may be more important than ever, due to a spike in unemployment fraud. Millions
by Paul Ducklin How to stop security-conscious apps from allowing unencrypted data to escape, and how scammers put social network users under pressure in order to steal their passwords. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. “Instead, our web products will be powered by privacy-preserving APIs which prevent
A cyber-attack on an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. Cyber-criminals successfully hit Cochise Eye and Laser with ransomware in January, encrypting the office’s patient scheduling and billing software. Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers.
A nation-state threat actor has been exploiting Microsoft vulnerabilities for at least two months. Microsoft patched four zero-day vulnerabilities Tuesday that were found in its on-premises versions of Microsoft Exchange Server. According to Microsoft’s blog post disclosing the zero-days, the vulnerabilities are being exploited in “limited and targeted attacks” attributed to a Chinese state-sponsored threat
Let’s Commit To Protect Our Privacy This Year How our new identity & privacy app can help By this point in the year you may have already broken some of your New Year’s resolutions, but here’s one to keep: better protecting your online privacy. After all, we are likely to continue to spend more time online in 2021, whether it be for working, learning,
by Jason Nurse Most of us now use online platforms routinely – in some countries, almost exclusively – to engage with work colleagues, friends, family and loved ones. One worrying trend is the posting online of photos of home-working setups, video calls, and virtual meetings. This trend has coined its own series of hashtags including
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize
Two teenage girls who went missing from the same North Carolina county used school-issued laptops to communicate with their alleged abductors. Savannah Grace Childress vanished on February 11 from her home on Canaan Church Road in Denton. The 14-year-old was found alive ten days later in Arkansas. Law enforcement officers investigating Childress’ disappearance discovered that the teen had
Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught While a lot of media coverage centers on how threat actors are becoming better at evading capture and generally deploy ever more sophisticated techniques, I wanted to tell a story where
The human race commonly fears what it doesn’t understand. In a time of war, this fear is even greater if one side understands a weapon or technology that the other side does not. There is a constant war which plagues cybersecurity; perhaps not only in cybersecurity, but in the world all around us is a
by Paul Ducklin Ransomware gets the big headlines, because of the enormous blackmail demands that typically arrive at the end of ransomware attacks. Indeed, the word “ransom” only expresses half the drama these days, because modern ransomware attacks usually involve the crooks making copies of all your data first before scrambling it. The crooks then
SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. “While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code
A threat actor stole the identities of recipients of the US Congressional Medal of Honor and used their personal data to purchase goods from American military exchanges. According to a Secret Service search warrant application obtained by The Daily Beast, the identities of a third of the living holders of the US government’s highest and most
While the trackers in LastPass’ Android app don’t collect any personal data, the news may not sit well with some privacy-minded users LastPass, a popular password manager, has come under some fire following a report that its Android app features seven built-in advertising and analytics trackers that gather data ranging from the user’s device type
by Paul Ducklin If you’re active on social media, you probably know that copyright infringement is a big deal online, and that even accidentally including or referring to somebody else’s material can leave you facing a copyright complaint notice sent by the social media platform involved. If you don’t sort out the complaint, you could
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. “The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft,” Sophos researchers Gabor Szappanos and Andrew Brandt said in a
United Airlines Inc. has agreed to pay $49m to resolve criminal charges and civil claims that it was defrauding the United States Postal Service. The world’s third largest airline entered into International Commercial Air (ICAIR) contracts to transport mail internationally on behalf of the postal service. Under the contracts, United was entitled to full payment only if accurate
We’re in the midst of a cybersecurity staffing crisis. Many major news outlets, such as The New York Times, have reported that unfilled jobs in the industry are expected to reach up to 3.5 million this year — leaving existing security teams stretched thin and burnt out. To make matters worse, attackers have increased their
As screen time has increased, so has the risk of cyberbullying. What you can do to help protect your children from online harassment? It’s been almost a year since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic, and people everywhere have been doing their best to adhere to regional and national stay-in-place
Supporting the Women Hit Hardest by the Pandemic Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988. That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit
The Federal Bureau of Investigation and Michigan State Police are investigating a cyber-attack on a Michigan school district. District administrators at Saginaw Township Community Schools began experiencing IT issues on Sunday following what is believed to have been a ransomware attack on the district’s computer network. Investigators are in contact with the cyber-criminals behind the attack. It
Neither clinical research into the coronavirus nor any patient data were affected by the incident Oxford University has confirmed that one of its biology laboratories that is researching ways to combat the COVID-19 pandemic has fallen victim to a cyberattack. Details about the incident at the Division of Structural Biology (Strubi) were released by Forbes.
6 Steps to Help Your Family Restore Digital Balance in Stressful Times Editor’s Note: This is part II in a series on helping families protect their mental and digital health in times of chronic stress. The content is not intended to be a substitute for professional advice or treatment. Over the past year of remote
Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the
French multinational information technology services and consulting company Atos has completed the acquisition of two cybersecurity companies. On February 24, the self-styled decarbonization services and products pioneer announced the successful acquisition of Motiv ICT Security. Founded in 1998, Motiv is the largest independent Managed Security Services (MSS) provider in the Netherlands. In a statement released Wednesday, Atos said
Two new tools will warn users about the risks of searching for and sharing content that exploits children, including the potential legal consequences of doing so Facebook has announced a pair of new tools to help combat child abuse and exploitation content on its platform and apps. While one tool aims to curb the potentially malicious
- 1
- 2
- 3
- …
- 182
- Next Page »