WhatsApp also emerges as a favorite target for brand impersonation amid a general spike in social media phishing PayPal, Facebook, Microsoft, Netflix, and WhatsApp were the most commonly impersonated brands in phishing campaigns in the fourth quarter of 2019, a report by email security company Vade Secure has found. The payment services provider retained its
Philip Choo
The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of “using fraud and deception to misappropriate
Threat actors exploiting public interest in the ongoing coronavirus outbreak have baited their phishing traps with a new lure—conspiracy theories about unreleased cures. The new tactic was noted by researchers at Proofpoint, who have been monitoring global malicious activity related to the life-threatening virus in the form of hundreds of thousands of messages. Alongside a flurry
by Alice Violet This week we welcome back Peter who discusses RobbinHood – the ransomware that brings its own bug. Greg explains how a student’s Twitter account was handed over to their college and Duck talks SMS 2FA. Host Anna Brading is joined by Sophos experts Peter Mackenzie, Paul Ducklin and Greg Iddon. Listen now!
As we say, the information security field is small – scary small. Every time you go to a trade show, conference, or a similar event, you’re likely to run into someone in your network that you know. It’s one of the things that we information security professionals love – reuniting with friends, colleagues, mentors, notable
On the upside, the Bureau recovered more than US$300 million in funds lost to online scams last year In 2019, the United States’ Federal Bureau of Investigation (FBI) received more than 467,000 cybercrime complaints that caused an estimated US$3.5 billion in losses, according to the Bureau’s annual 2019 Internet Crime Report (IC3). Last year saw
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks,
American bank Fifth Third has come under fire for sending customers a cryptic breach disclosure letter judged to be “vague and deceptive” by a consumer group. Fifth Third wrote to customers after discovering that at least two of its employees had stolen customer information and provided it to a third party. Data exposed included names, Social Security
by John E Dunn Sometime this March, the Firefox, Chrome, Safari and Edge browsers will start throwing up warnings when users visit websites that only support Transport Layer Security (TLS) versions 1.0 or 1.1. Announced in October 2018 as part of a joint plan to phase out support, the implications for any holdout sites are
February may be the shortest month of the year, but it brings a bumper crop of patches This month’s Patch Tuesday is here and with it come fixes for no fewer than 99 security vulnerabilities in Windows and other Microsoft software. Twelve flaws have received the highest severity ranking of “critical”, while 5 security holes
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the
A subsidiary of American insurance giant Aflac is to open a global IT and cybersecurity center in the Northern Irish capital city of Belfast. Aflac Northern Ireland signed a 10-year lease with Belfast Harbor on 11,000 sq ft of office space within the ongoing multi-million-dollar waterfront development City Quays. With the opening of the new center on regenerated dockland, Aflac Northern Ireland will
SCVX is on a mission to consolidate the vast cybersecurity vendor ecosystem overwhelming today’s CISOs. Last month, Strategic Cyber Ventures, a Washington, D.C.-based investment firm, launched the initial public offering (IPO) of SCVX, raising $230 million. SCVX is a special purpose acquisition company (SPAC) that was formed with the goal of acquiring cybersecurity vendors to
by Paul Ducklin No matter how safe and secure you feel when you use your computer, there’s always room for improvement. Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you’ve been putting off… …such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates,
If you’re looking to become a pro gamer, there are risks you shouldn’t play down Gaming has been a popular pastime for decades. Over the past few years, it has also become a career path, with esports becoming a steadily growing phenomenon. Tournaments are taking place around the globe with huge prize pools and name
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the
The US has indicted Chinese military personnel today on charges of hacking into Equifax’s computer systems and stealing valuable trade secrets and the personal data of nearly 150 million Americans. A federal grand jury in Atlanta, Georgia, returned the indictment last week against four members of the Chinese People’s Liberation Army (PLA). Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu
by John E Dunn Google has announced a timetable for phasing out insecure file downloads in the Chrome browser, starting with desktop version 81 due out next month. Known in jargon as ‘mixed content downloads’, these are files such as software executables, documents and media files offered from secure HTTPS websites over insecure HTTP connections.
The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ
New research has revealed that the threat group behind the cryptocurrency-stealing MasterMana botnet has grown increasingly sophisticated and is now trapping victims through spoofed login portals. Gorgon Group has been observed targeting the European Union as well as Dubai’s main electrical/water utility DEWA with fake login pages that are highly convincing. The illicit activity was
by Lisa Vaas Clearview AI, the facial recognition company that’s scraped the web for three billion faceprints and sold them all (or given them away) to 600 police departments so they could identify people within seconds, has received yet more cease-and-desist letters from social media giants. The first came from Twitter. A few weeks ago,
Exams are pretty important in professional IT. You can have all the practical knowledge in the world, but technical recruiters want to see certificates. If you want to improve your resume, the Complete 2020 IT Certification Exam Prep Mega Bundle will help you ace nine of the most important exams. You can pick up the
Lawyers who secured a $117.5m deal to resolve litigation tied to multiple data breaches at Yahoo could get paid $30m for their efforts. Class counsel who secured the breach settlement are currently waiting for US District Judge Lucy Koh to give her final stamp of approval and to award them the fees, according to new documents filed in California federal court.
By Published: 07 Feb 2020 Controlling a network with software-defined networking, or SDN, gives IT a way to define a logical network subnet to limit network data traffic to desired hosts. While this benefits network organization and performance, the data that moves across a software-defined network is still vulnerable to snooping, forgery and theft. To
by Danny Bradbury The normal way to steal data from a compromised computer is to retrieve it over a network. If that computer isn’t connected to one, it gets a little trickier. Researchers at Ben-Gurion University of the Negev have made a name for themselves figuring out how to get data out of air-gapped computers.
As Facebook turns 16, we look at how to keep your personal information safe from prying eyes Sixteen years, that’s how long Facebook has been around. This means that it has accompanied some of us throughout our teenage years to adulthood. Quite an achievement since websites and services tend to lose popularity over the years
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices. Whether it’s about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted
Cyber-criminals have stolen “almost all funds” entrusted to crypto exchange platform Altsbit. The Italian exchange announced it had become the target of a devastating hack yesterday on Twitter. According to their posts, criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) “coins” with a combined value of $27,000. Funds kept in cold storage—crypto coins whose
by Paul Ducklin Ransomware is one of the most feared cybercrime problems of the modern era. The idea of malware that scrambles your files and demands money to get them back is not new – the first widespread attack happened back in 1989 – but the scale of the threat has changed dramatically in the
Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction Google has rolled out a security update to address a critical flaw in Android’s Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running