Philip Choo

A notorious Russian threat group famed for its devastating ransomware attacks has funded a hacking competition being run on a dark web forum.  Sodinokibi—the creators of the REvil ransomware—stumped up $15,000 in prize money for the illegal hacking contest, which requires competitors to write original articles containing proof-of-concept videos or original code.  Articles can be

by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH –

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives.  The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from

by Alice Duckett This week we discuss 70,000 images being stolen from Tinder, the weleakinfo.com FBI bust and how Sonos annoyed its longstanding customers. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon and producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in

A hacker has taken to Twitter to share design secrets they allegedly obtained by compromising American automotive and energy company Tesla.  Posting on the account @greentheonly on Friday night, a hacker who calls themself “Green” said that Tesla was planning to introduce new hardware to their S and X model cars.  Modifications that Green claims are in the

by Paul Ducklin Apple has just announced its latest round of security updates. As usual, Apple’s fixes arrived unheralded, given the company’s insistence that security fixes are best handled simply by publishing them when they’re ready, rather than following any sort of formal schedule. Not everyone agrees – Microsoft has followed its Patch Tuesday process

The US Securities and Exchange Commission (SEC) has published a 10-page document detailing cybersecurity practices observed to be in use in the financial industry. The observations were gathered by the SEC’s Office of Compliance Inspections (OCIE) and are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants. OCIE

by Paul Ducklin Today is Data Privacy Day. As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It’s a day to think about changes you can make in your digital life that will keep you safer today, and tomorrow, and the day

US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill was introduced on Thursday by Senators Ron Wyden, Zoe Lofgren, Pramila Jayapal, Warren Davidson, and Steve Daines.  According to a statement on Wyden’s website, the changes

by Danny Bradbury Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served

London’s Metropolitan Police Service has announced that it will start using live facial recognition (LFR) technology to scan public areas for suspected criminals.  After trialing the technology for two years, the Met has said that it will have cameras up and running within a month. The cameras will be linked to a database containing images

by Lisa Vaas New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. Methbot got its name from White Ops,

Warnings have been issued in the United States after cybersecurity flaws were detected in medical monitoring devices manufactured by GE Healthcare Systems (GEHC).  Safety notices were published yesterday by both the US Food and Drug Administration (FDA) and the US Department of Homeland Security’s Industrial Control Systems—Cyber Emergency Response Team (ICS-CERT) regarding vulnerabilities in certain

by Danny Bradbury The street outside ICANN’s offices in Playa Vista, California, may be a little more crowded than normal. People worried about the .org top-level domain will be there protesting its sale to a private equity firm. They’ll be handing over a petition signed by over 21,000 people to the Internet Corporation for Assigned

A Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei Burkov admitted operating the Cardplanet website, which sold card data acquired through illegal computer intrusions. Many of the cards offered for sale