Philip Choo

A new study focused on distributed denial of service (DDoS) attacks has found that pornographic websites received by far the most attacks per site last year.  To produce their “Global DDoS Threat Landscape” report, researchers at Imperva studied attack data gathered between May and December 2019. Their findings, published yesterday, reveal that websites in the adult entertainment industry received

by Alice Duckett Over the past couple of years, Sophos’ Director of Security Craig Jones has discovered a worrying amount of personal data on public Trello boards. Mark says companies shouldn’t microchip their employees and Duck discusses a bug that could have blown a hole in OpenSMTPD. Host Anna Brading is joined by Sophos experts

With Valentine’s Day just around the corner, the Federal Bureau of Investigation has warned Americans to be on the lookout for cyber-based romance scams. The Richmond, Virginia, branch of the FBI said criminals used the most romantic day of the year as an opportunity to con victims out of their hard-earned cash or personal data.

by Paul Ducklin Thanks to the Sophos Security Team for their help with this article. Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Here’s a tasteless and exploitative example, reported to us by the Sophos Security Team, of a current scam that uses the

A Kentucky resident charged with human trafficking and the online promotion of underage sex workers has been accused of creating fake social media profiles to contact victims and dissuade them from testifying against him. Nigel Nicholas was first arrested in February 2018 and charged with two counts of human trafficking and one count of promoting

by John E Dunn Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones. And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means

A California man could face up to 25 years in prison after pleading guilty to downloading child pornography and habitually hacking into the computer system of Japanese gaming giant Nintendo.  Ryan Hernandez was still a minor when, together with an associate, he used a phishing technique to steal the credentials of a Nintendo employee in 2016. The data

by John E Dunn Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company’s Safari WebKit team is

A data breach at Indian airline SpiceJet has exposed the personal information of over a million passengers. Access to the airline’s computer system was gained last month by a security researcher, who went on to report the breach to TechCrunch. Using a brute-force attack, the researcher busted into an unencrypted database backup file containing the private information of

by John E Dunn Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected

A county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago. Cyber-criminals hit Tillamook County in a targeted attack last Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.

by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which

A notorious Russian threat group famed for its devastating ransomware attacks has funded a hacking competition being run on a dark web forum.  Sodinokibi—the creators of the REvil ransomware—stumped up $15,000 in prize money for the illegal hacking contest, which requires competitors to write original articles containing proof-of-concept videos or original code.  Articles can be

by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH –