The data of around 100,000 Razer customers has been exposed online following a misconfiguration faux pas. The lapse by the global hardware manufacturing company and eSports and financial services provider was discovered by cybersecurity expert Volodymyr “Bob” Diachenko. Customer data impacted by the cyber-slipup included full name, email, phone number, customer internal ID, order number, order details, and billing
Philip Choo
Oregon’s largest city aims to be a trailblazer when it comes to facial recognition legislation . On Wednesday, The Portland City Council passed what could be considered one of the strictest facial recognition bans in the United States. The legislation bans both city government agencies and private businesses from using the technology on the city’s grounds. While bans on the public
The cyber incident has taken most of Newcastle University’s systems offline and officials estimates it will take weeks to recover. While students are slowly preparing to return to their universities and colleges after a prolonged absence due to the Covid-19 pandemic, Newcastle University in England has been left reeling from a cybersecurity incident that has affected almost all its systems. The university first became
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both —
The People’s Republic of China says the Twitter account of an ambassador who ‘liked’ a tweet containing pornographic content was hacked. The account in question belongs to Liu Xiaoming, the PRC’s ambassador to the United Kingdom. While Twitter is banned in the PRC, Chinese diplomats and their staff who live overseas are permitted to use the social media
by Sean Gallagher Internet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise. At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and
We have all heard of the “cybersecurity skills gap” — firms’ inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary
Small-business owners are worried that their employees’ use of social media is a potential security risk, according to new research by the Cyber Readiness Institute. A survey of 400 SMB owners and 1,059 US workers found that 56% of owners believe that their employees’ social media use poses a cybersecurity threat to their business. Despite their
…but there are no conferences or exhibitions??? Being a regular presenter and visitor at conferences and exhibitions, it is not unusual for me to get unsolicited emails with offers to acquire the “verified” list of visitors or attendees, with function and contact details. Even for conferences and exhibitions I do not attend and often do
As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server,
Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime. The DOJ issued a fraud alert on Friday in which it strongly encouraged the public to remain vigilant and urged them not to provide personal information over the phone to anyone claiming to be from the department. An alert
With TikTok being all the rage especially with teens, we look at a feature that gives parents greater control over how their children interact with the app In our previous article, we looked at how TikTok users can protect themselves using the available security and privacy options. However, besides adults, the platform is very popular
Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered a new flaw in the company’s EMV enabled cards that enable cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The research, published by a group of academics from the ETH Zurich, is
Ransomware could pose a significant threat to the US election infrastructure, as aging software and potentially vulnerable voting machines could be targeted by criminal elements or by foreign-based cyber-attacks. According to NTT Ltd.’s global threat report for September, ransomware could be deployed and lay in wait to be activated on election day, or once voting machines
Warner Music Group has issued a data breach notification following a prolonged skimming attack on an undisclosed number of its e-commerce websites. The cyber-attack was discovered by the multinational entertainment and record label conglomerate on August 5, 2020. E-commerce websites that are hosted and supported by an external service provider in the US but operated
ESET researchers analyze a previously undocumented trojan that is spread via malicious torrents and uses multiple tricks to squeeze cryptocoins from its victims while staying under the radar ESET researchers have uncovered a hitherto undocumented malware family that we named KryptoCibule. This malware is a triple threat in regard to cryptocurrencies. It uses the victim’s
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently supported versions
Marginalized Americans interested in pursuing a career in technology received a boost yesterday with the launch of a free online training program. The Agile Testing Bootcamp is a six-week program geared specifically toward upskilling individuals with non-technical backgrounds to obtain high-paying, high-demand technical jobs in software testing. The program was created by Los Angeles software firm QualityWorks and is
What’s the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app? When the coronavirus pandemic began, people took to Houseparty by the millions. Many of us weren’t allowed to meet anyone in person, so videocalling became an even bigger success and Houseparty was the front runner.
by Paul Ducklin Sophos Phish Threat, in its own words, is a phishing attack simulator – it lets your IT department send realistic-looking fake phishes to your own staff so that if they do slip up, and click through… …it’s not the crooks on the other end. The crooks are testing you all the time,
An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its
Distributed denial of service (DDoS) attacks against online educational resources are over three times more prevalent in 2020 than they were last year, according to new research by Kaspersky. In a report published today, researchers found that between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 350%, compared to the
As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic Microsoft has announced a new tool that’s designed to identify deepfakes and help combat the proliferation of doctored media on the internet. Dubbed Microsoft Video Authenticator, the new technology can analyze both photos
by Paul Ducklin Well-known US cybercrime journalist Brian Krebs recently published a warning about vishing attacks against business users. The FBI promptly followed up on Krebs’s article with a warning of its own, dramatically entitled Cyber criminals take advantage of increased telework through vishing campaign. So, what is vishing? And how does it differ from
Anyone paying attention to the cybersecurity technology market has heard the term XDR – Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into this space. Why
America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) requiring the development and publication of vulnerability disclosure policies (VDPs). A BOD is a compulsory direction to federal executive branch departments and agencies for purposes of safeguarding federal information and information systems. BOD 20-01, officially finalized yesterday, requires most executive branch agencies to create a
Unknown threat actors were able to exfiltrate information from the email accounts of several parliamentarians Norway’s parliament, also known as the Storting, disclosed on Tuesday that it fell victim to an extensive cyberattack that targeted its internal email system. In an official statement addressing the incident, the legislature said that cybercriminals were able to access
by Paul Ducklin Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage, via an innocent-sounding One Note document, and right into harm’s way. Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what’s a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back
An American who was employed to moderate disputes on an illegal darknet marketplace has been sentenced to 11 years in prison. Bryan Connor Herrell, of Aurora, Colorado, was hired by AlphaBay to settle arguments between vendors and purchasers. The site operated by his employers facilitated hundreds of thousands of illicit transactions in which guns, drugs, credit cards
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 162
- Next Page »