Cyber Security

The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.  New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro

by Paul Ducklin This week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”. Presenters: Kimberly Truong, Doug Aamoth and Paul

A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET.  The tweets were

by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.

Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,

by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday

Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer.  The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today.  While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process

by Naked Security writer You’ve probably seen the news that six Russians, allegedly employed by the Russian Main Intelligence Directorate, better known as the GRU, have been charged with cybercrimes by the US Department of Justice (DOJ). The DOJ alleges that the defendants, all men, “caused damage and disruption to computer networks worldwide, including in

Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.  The data’s appearance online follows

by Paul Ducklin Here’s the latest episode of our weekly Naked Security Live video series. By the way, if you want to ask questions in real time while we’re online, we’d love you to join in live – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to

A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization.  Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12.

A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices.  Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September

by Paul Ducklin The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and

Iran has reported falling victim to two large-scale cyber-attacks, one of which was leveled at the country’s government institutions. The Iranian government’s Information Technology Organization on Thursday reported that two institutions had been compromised by attackers. No party has claimed responsibility for the attack, and Iranian government officials have not stated whether the attack was domestic or

by Paul Ducklin In this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find the source of mysterious beeping from every computer in the office. Presenters: Kimberly Truong, Doug Aamoth and