by Paul Ducklin If you’re an OpenSSL user, you’re probably aware of the most recent high-profile bugfix release, which came out back in March 2022. That fix brought us OpenSSS 3.0.2 and 1.1.1n, updates for the two current fully-supported flavours of the product. (There’s a legacy version, 1.0.2, but updates to that version are only
Philip Choo
If you’re one of the countless Apple iPhone owners out there, there’s a good chance that one of the reasons you love your smartphone is because you’ve heard that Apple devices tend to have fewer vulnerabilities to viruses. Because of their shared operating system, iOS devices enjoy Apple’s security measures, which keeps them protected from
A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while
Frederik Mijnhardt Contributor Frederik Mijnhardt is the CEO of Secfi, an equity planning platform for startup executives and employees. Last year was a great one for startups. It was a record year for companies going public, valuations for pre-IPO companies were skyrocketing, and fundraising also shattered records. But 2022 is going to be quite different.
Any given year, the real unsung highlight of re:Mars are the dozen or so startups and researchers who show off their wares on the show floor. There are always a couple of cool projects that have somehow managed to escape our radar, thus far. Los Angeles-based Airrow jumped out with a clever product offering. The
For those of us who’ve been a little bit wobbly on the mental health front over the past couple of years, there are a bunch of options starting to crop up. The on-demand chat-based therapy options are one, and at-home ketamine-assisted treatments are another. We’ve seen Mindbloom and Fieldtrip Health taking pole position, and recently,
For nearly all fintech startups, lending has long been the end game. A notice from India’s central bank this week has thrown a wrench into the ecosystem, scrutinizing just who all can lend. The Reserve Bank of India has informed dozens of fintech startups that it is barring the practice of loading non-bank prepaid payment
Legal and professional services firms need to adapt their technology and security to fit new ways of working, according to a senior CISO in the sector. During a Talking Tactics session at Infosecurity Europe 2022, Christian Toon, CISO at legal practice Pinsent Masons, pointed out that law firms are staffed by “intelligent people who get confidentiality.” Yet,
On the third and final day of InfoSecurity Europe 2022, Sarb Sembhi, global CISO of Aireye, moderated the keynote panel discussion titled ‘Boosting SME’s Cyber Security Strategy.’ Sembhi was accompanied by fellow experts Milos Pesic, vice president of InfoSec & CyberSec at Marken, Diane Abela, chief information security officer at AccuRx and Vincent Blake, VP, digital technology security officer &
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’22”] Duck gets behind the Ducks. [01’34”] 2000 phone scammers arrested in Interpol action. [11’12”] A three-year-old hacking case ends in conviction. [17’13”] Canadian financial company picks up enormous data breach fine. With
Summary Since at least 2015, threat actors have used HUI Loader to load remote access trojans (RATs) on compromised hosts. Secureworks® Counter Threat Unit™ (CTU) researchers link two HUI Loader activity clusters exclusively to China-based threat groups. The BRONZE RIVERSIDE threat group is likely responsible for one cluster, which focuses on stealing intellectual property from
Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our
(Almost) everything you always wanted to know about virtual private networks, but were afraid to ask Enjoying life in the digital world comes at a cost: our privacy. Every website we visit, where we are, how much we spend, and what cards we’re paying with – this is just some of the information about you
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as “multiple
A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky,
Polestar is finally adding Apple CarPlay to its all-electric Polestar 2 sedan via an over-the-air software update, opening the automaker to a large swathe of iPhone-wielding car shoppers. Polestar said in a tweet June 6 it would release the update later this month. The company tweeted an update Wednesday noting the change. Its Volvo sister
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders Security by design has long been something of a holy grail for cybersecurity professionals. It’s a simple concept: ensure products are designed to be as secure as possible in order to minimize the chances of compromise further down the
Authored by Lakshya Mathur An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut
Trendy consumer gadgets are reaching the market at an expedited rate in today’s world, and the next new viral product is right around the corner. While these innovations aim to make consumers’ lives easier and more efficient, the rapid development of these products often creates security risks for users — especially as hackers and malicious
Thepeer, an African tech infrastructure startup connecting businesses’ wallets, has raised a $2.1 million seed round led by the Raba Partnership. The news comes a year after the startup raised $220,000 in pre-seed from a handful of angel investors, including Paystack CTO Ezra Olubi and Edenlife CTO Prosper Otemuyiwa. Participating investors in Thepeer’s seed round
On the opening day of Infosecurity Europe 2022, renowned author and journalist Mischa Glenny provided an insightful overview of cybersecurity and its intersection with geopolitical affairs in his keynote talk. Glenny began by drawing his audience’s attention to the precarity of the current geopolitical era, described as both “the age of uncertainty” and “the great
by Paul Ducklin Remember the Capital One breach? We did, though we felt sure it had happened a long time ago. Indeed, when we checked, it had: the story first broke almost three years ago, back in July 2019. At the time, the company reported: Capital One Financial Corporation announced […] that on July 19,
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team
A Ukrainian deeptech startup is launching a charity NFT project to sell AI-generated artworks with the twin goal of raising money to support people affected by Russia’s war of aggression and also — it hopes — keep attention locked on the conflict as it approaches its fourth month, with many in the country concerned that
Enterprise patch management requires the right balance of preparation, speed and agility. Without the proper processes and tools at the ready, patch updates can quickly fall behind. And failing to stay on top of patching can result in unnecessary exposure to security breaches or inoperable systems, applications and services. These days, there are more endpoints
Founders Fund has made its first investment in the Middle East by backing UAE-based proptech startup Huspy. The $37 million Series A round, one of the largest at this stage in MENA, was led by Sequoia Capital India. The round also welcomed participation from Fifth Wall, the largest VC firm backing real estate and proptech
Web developer ‘z0ccc’ has created a website designed to generate a fingerprint of devices based on Google Chrome extensions installed on the visiting browser. In an exclusive email interview with Bleeping Computer, z0ccc said while the website does not store the fingerprint of visiting devices, the testing shows that information could be potentially used by
by Paul Ducklin Sick of the unending stream of email and phone calls you receive from scammers claiming to represent your bank? Amazon? Microsoft? The tax office? The police? We sympathise – we’re sick of them too, especially landline calls that could be a loved one calling for help or advice, and thus need to
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that’s where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we’ll
How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money Coined during Al Capone’s times, the term ”money laundering” has since entered the general lexicon as criminals have been busy obscuring the source of their ill-gotten assets and making it appear as if the funds have come from