by Naked Security writer Read the latest articles: Business Email Compromise – fighting back with machine learning Porn blast disrupts bail hearing of alleged Twitter hacker GandCrab ransomware hacker arrested in Belarus Servers at risk from “BootHole” bug – what you need to know Watch the latest Naked Security Live video: (Watch directly on YouTube
If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password
A Hawaii man has admitted sending over 500 unwanted visitors to the home of a Utah family in a case police have described as “stalking on steroids.” Loren M. Okamura was arrested in December 2019 on charges of cyber-stalking, making interstate threats, and transporting a person over state lines for the purpose of prostitution. The 44-year-old entered
Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider Is yet another data breach newsworthy enough to write a blogpost? Probably not, unless there is a personal connection or something interesting. In the case of Blackbaud, for me, there are both. The majority of
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and
Illegal TV subscription services in the United States have grown into a billion-dollar industry, according to new research jointly released yesterday by Digital Citizens Alliance and NAGRA. The investigative report Money for Nothing reveals the existence of a sophisticated piracy ecosystem made up of thousands of retailers and wholesalers. This nefarious network steals from creators and circumvents legitimate TV operators
Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? According to the World Bank, small and medium-sized businesses (SMBs) play a huge role in most economies, accounting for 90% of businesses worldwide and representing over 50% of employment. These are businesses that range from family-owned restaurants, through
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. “The idea is simple and consists of using characters that look the same in order
The world’s largest online cybersecurity career development platform has released a second installment of free educational courses. Cybrary made a clutch of courses free in July in a bid to support people who are considering a career in cybersecurity and those impacted professionally by the ongoing COVID-19 pandemic. A Cybrary spokesperson said: “These free courses aim to
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware Stadeo is a set of tools primarily developed to facilitate analysis of Stantinko, which is a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and
by Paul Ducklin If you’re interested in artificial intelligence (AI) and how it can be used in cybersecurity… …here’s a DEF CON presentation you’ll like, coming up this weekend! DEF CON is perhaps the ultimate “come one/come all” hackers’ convention, now in its 28th year, and it famously takes place in Las Vegas each year
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought From KrØØk to finding related vulnerabilities KrØØk (formally CVE-2019-15126) is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.
Britain’s National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May. The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach. National Trust data exposed as a result of the ransomware attack
The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared The United States’ National Security Agency (NSA) has published guidance on how to reduce the variety of risks that stem from having your location tracked when using smartphones, IoT devices, social media and mobile apps.
by Paul Ducklin One of the alleged Twitter hackers faced a bail hearing in a Florida court yesterday. ICYMI, the Twitter hack we’re referring to involved the takeover of 45 prominent Twitter accounts, including those of Joe Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a laundry list of others with huge numbers
Many companies today have developed a Cybersecurity Incident Response (IR) plan. It’s a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while frantically responding to the incident, a recipe ripe for mistakes.
A judicial candidate in Louisiana has been charged with hacking into state computers and sharing confidential court documents with a friend. Attorney Trina Chu allegedly committed the offenses while working as a law clerk to now retired Chief Judge Henry Brown in 2018. According to a statement released by Caddo Parish sheriff Steve Prator, Chu copied sensitive
The databases contain personal information that could be used for phishing attacks and identity theft schemes Researchers have found close to 10.5 billion pieces of consumer data that has been left sitting in almost 10,000 unsecured internet-facing databases hosted across 20 countries. The data is said to include email addresses, passwords, and phone numbers. The study was
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy
North Dakota has suffered fewer data breaches than any other American state over the past 15 years. Analysis of data breaches that have occurred in the United States since 2005 revealed California to be the state hit by the highest number of breaches. The Sunshine State was also found to have exposed the largest number of
In one scheme, shoppers ordering gadgets or gym equipment are in for a rude surprise – they receive disposable face masks instead The FBI’s Internet Crime Complaint Center (IC3) has recorded a surge in complaints from victims who have been duped by fraudulent online marketplaces that never deliver the purchased items. According to the FBI,
by Paul Ducklin Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018. He apparently demanded payments ranging from $400 to $1500 in Bitcoin. Unlike more targeted attacks where crooks break into networks first
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China’s state-sponsored hackers targeting governments, corporations, and think tanks. Named “Taidoor,” the malware has done an ‘excellent’ job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access.
Michigan’s largest healthcare provider has warned around 6,000 patients that their data may have been exposed following a cyber-attack. The cybersecurity incident is the second phishing-related data breach to befall Beaumont Health in recent months. In April, the organization started notifying 112,211 individuals that some of their personal health information (PHI) had been exposed. The warning came after a data
The going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks It’s no news that the dark web is rife with offers of stolen data that ranges from pilfered credit card information and hijacked payment services accounts to hacked social media accounts. Anyone interested
Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions. Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change
A malware author has pleaded guilty to conspiracy for his role in a transnational cybercrime organization responsible for stealing over $568m. Valerian Chiochiu, a.k.a. “Onassis,” “Flagler,” “Socrate,” and “Eclessiastes,” admitted being involved with one of the largest cyber-fraud enterprises ever created that victimized Americans in all 50 states and millions globally. The 30-year-old Moldovan national was living
The attackers exploited the human factor to gain access to Twitter’s internal systems and the accounts of some of the world’s most prominent figures Twitter – still recovering from the recent brazen breach where miscreants hijacked 130 accounts belonging to prominent figures and used the handles to peddle a bitcoin scam – has now shed
by Naked Security writer Read articles: Watch the latest Naked Security Live video: [embedded content] (Watch directly on YouTube if the video won’t play here.) Subscribe to our newsletter: For a regular reminder of the articles we write on the day we write them, why not sign up for our newsletter to make sure you