US officials have confirmed their intention to formally extradite Huawei CFO Meng Wanzhou from Canada to face criminal charges, according to reports. Meng, who is also the daughter of founder Ren Zhengfei, was arrested in Vancouver on December 1 last year at the request of Washington. A statement from the Department of Justice confirmed that

Three dark web drug dealers have been sentenced to a total of over 43 years for supplying hundreds of customers worldwide with notorious opioid fentanyl. Jake Levene, 22, Lee Childs, 45, and Mandy Christopher Lowther, 21, were sentenced last week at Leeds Crown Court after pleading guilty to exporting and supplying class A drugs. The

by Lisa Vaas A homicidal cycling and running fanatic known for his meticulous nature in tracking his victims has been undone by location data from his Garmin GPS watch. Police in Merseyside, in northwest England, announced that a jury last week found Mark Fellows, 38, guilty of two gangland murders: that of “career criminal” John

Global firms could lose over $5tr to cybercrime over the next five years, a new Accenture study has warned. The consulting giant interviewed over 1700 CEOs and other C-suite executives to compile its report, Securing the Digital Economy: Reinventing the Internet for Trust. It claimed that as businesses become more dependent on complex web-based models, their

by Danny Bradbury Google is manually reviewing Android apps that request access to a smartphone’s phone or texting features. The move fulfils a promise to restrict how apps can access these functions on Android phones. In the announcement last October, the company explained that it would restrict which apps could ask for access to SMS

Malicious code was lurking about in two different apps within the Google Play store, according to researchers at Trend Micro who have disclosed that they discovered a banking Trojan in what seemed like legitimate apps. Both the currency converter and the battery-saving app have been removed from Google Play, but not before they were downloaded thousands

by Paul Ducklin These days, a lot of your data gets encrypted when you save it to disk or send it over the internet. The data gets decrypted again when you read it back in or after it’s received at the other end. For that, you need some sort of cryptographic algorithm – what’s known

The new year is a time for resolutions and promises of change, so much so that even malware has returned from a bit of time off with some new features, including a new Flash exploit, according to Malwarebytes head of investigations, Jérôme Segura. The Fallout exploit kit (EK) took a little respite over the first few

by John E Dunn The Have I Been Pwned? (HIBP) website has revealed another huge cache of breached email addresses and passwords discovered last week circulating among criminals. Named “Collection #1”, its statistics are as impressive as they are worrying: 87GB of data, 12,000 files, and 1.16 billion unique combinations of email addresses and passwords.

The third annual CyberFirst Girls competition will kick off on Monday as GCHQ looks to help address a chronic gender imbalance and skills shortage in the industry. Over the past two years, the intelligence service’s National Cyber Security Centre (NCSC) has managed to attract 12,500 female pupils from schools across the UK to take part.

by Lisa Vaas Driving while blindfolded is stupid. Ingesting laundry detergent pods is stupid. Asking your girlfriend to shoot you through an encyclopedia is stupid. And, in the case of Pedro Ruiz III, it’s lethal. These are all so-called “pranks” that have been filmed and posted on YouTube. After reports of people getting hurt or

The vast majority of senior decision makers across the globe expect data theft and cyber-disruption to increase in 2019, according to the latest report from the World Economic Forum (WEF). The annual Global Risks Report for 2019 uses interviews with risk experts, business leaders, academics and others to better understand the challenges facing the world

by Danny Bradbury Senior Amazon technical expert Abby Fuller had a bit of a shock when she logged into WhatsApp using a new telephone number earlier this month. She found someone else’s messages waiting for her. logged into whatsapp with a new phone number today and the message history from the previous number’s owner was

Researchers have uncovered a twelvth Magecart group using tried-and-tested methods to disseminate the digital skimming code by infecting the supply chain. RiskIQ, which has for several years been tracking the activity of groups using Magecart to steal customer card details, claimed the new group has managed to infect hundreds of websites so far via a

by Lisa Vaas A Northern California federal judge ruled last week that police can’t force suspects to unlock their phones with their fingers, eyes or face, even with a warrant, because it amounts to the same type of self-incrimination as being forced to hand over your passcode. If other courts apply her decision, it could

Two major UK high street banks have started to send out replacement cards for some of their customers, nine months after one lender reported fraudulent activity to Ticketmaster. Customers of NatWest and RBS have taken to social media to vent their frustration over the way the incident has been handled. Some complained that this is

by Naked Security writer We asked a number of people working in different roles at Sophos how they made their way into cybersecurity. 1. Music making to malware fighting Sales Engineer, Benedict Jones I graduated from university with a first class BSc honours degree in Sound Technology and Digital Music. I have always pertained a

The British Security Industry Association (BSIA) has published a summary of current guidelines to minimize the exposure to digital sabotage of network connected equipment, software and systems used in electronic security. The 335 Cyber Secure It – Best Practice Guidelines for Connected Security Systems document, designed by the Cyber Security Product Assurance Group (CySPAG) and leading

by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 7 January 2019 No Android passcode? No problem! Skype unlocked it for you Hacker doxes hundreds of German politicians Update now! Adobe Acrobat and Reader have critical flaws Tuesday 8 January

For the second time in less than two months, the New York Times has reported that a progressive group of Democrats allegedly leveraged social media sites in a secret project intended to spread false information and sway the 2017 Senate race in Alabama. According to the New York Times, “The ‘Dry Alabama’ campaign, not previously

by Danny Bradbury Old Twitter posts could reveal more about you than you think, according to a research paper released this month. Tweets could reveal places you visited and things you did, even if you didn’t explicitly mention them. Researchers from the Foundation for Research and Technology in Greece and the University of Illinois found

The healthcare sector continues to be the target of cyberattacks, with Managed Health Services (MHS) of Indiana Health Plan announcing recently that a third-party data breach potentially exposed up to 31,000 patients’ personal data in one of two security incidents the company has disclosed in the past month. The organization reportedly manages Indiana’s Hoosier Healthwise

by Paul Ducklin In this episode, the Naked Security Podcast investigates the ethics of remote rickrolling, whether Acrobat is the new Flash, and how to fool biometrics with a zombie hand. With Anna Brading. Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s links: Don’t fall victim to the Chromecast hackers Update now! Adobe Acrobat

The US government shutdown is having a chilling effect on national cybersecurity, with 80 government web certificates having already expired without being renewed and FBI agents issuing a stark warning. Vendor Netcraft claimed on Thursday that the lapsed certificates include those affecting “sensitive government payment portals and remote access services” at agencies like NASA, as

by Lisa Vaas It’s time to crown a new sysadmin From hell. Or from heaven, if you’re law enforcement. His name is Cristian Rodríguez: a Colombian IT geek who wound up working for drug kingpin “El Chapo” Joaquin Guzmán, got flipped by the FBI, and is likely going to go down in history as being

Security researchers have spotted a new series of DNS hijacking attacks successfully targeting organizations globally on a large scale and traced back to Iran. The attacks have managed to compromise “dozens” of domains run by government, telecommunications and internet infrastructure in the Middle East and North Africa, Europe and North America. In so doing, they

by John E Dunn For decades hot tubs were simple water-bearing garden luxuries that owners looked forward to relaxing in of an evening. More recently, manufacturers started adding exciting Internet of Things (IoT) features that product marketing departments worked themselves into a lather promoting as the next must-have. These IoT-enabled hot tubs look identical to

NHS Digital’s first chief information security officer (CISO) has resigned just three months into the job, dealing a blow to efforts to improve cybersecurity across the UK’s health service. In a memo to staff seen by HSJ, NHS Digital deputy CEO, Rob Shaw, said that Robert Coles’ departure was due to personal reasons and that

by Paul Ducklin SMS, also known as text messaging, may be a bit of a “yesterday” technology… …but SMS phishing is alive and well, and a good reminder that KISS really works. If you aren’t familiar with the acronym KISS, it’s short for “keep it simple, stupid.” Despite the rather insulting tone when you say

Security researchers have warned users of P2P sites of a new malvertising campaign featuring a twin threat: info-stealing malware and ransomware. By registering rogue advertising domains, the attackers are able to direct torrent site visitors to two different exploit kits: Fallout EK and GrandSoft EK, according to Malwarebytes. Those unlucky enough to be pushed according