Security

Next month marks the 30th anniversary of the first ever ransomware attack, and according to new research this particular form of malware is still going strong.  According to the “Mid-Year Threat Landscape Report“ published yesterday by Bitdefender, ransomware increased 74.23% year on year in the first six months of 2019.  Researchers noted a change in the ransomware landscape following the fall

by Danny Bradbury Last month a serious Linux Wi-Fi flaw (CVE-2019-17666) was uncovered that could have enabled an attacker to take over a Linux device using its Wi-Fi interface. At the time it was disclosed Naked Security decided to wait until a patch was available before writing about it. Well, it’s been patched, but the

New research published today by Zix-AppRiver has revealed that 61% of US executives feel powerless to stop employees holiday shopping on company devices, despite knowing that the practice poses a cybersecurity threat to the business. Researchers asked 1,049 cybersecurity decision-makers within American SMBs across a diverse range of industry sectors about the holiday shopping habits of their employees.  According

by John E Dunn More than a decade after it first emerged, is the world any closer to stopping ransomware? Judging from the growing toll of large organisations caught out by what has become the weapon of choice for so many criminals, it’s tempting to conclude not. The problem for defenders, as documented in SophosLabs’

Cyber professionals will compete to find leads in real missing persons cases in a competition in Washington, DC, next month.  SANS Institute has teamed up with non-profit organization Trace Labs to host the Open-Source Intelligence (OSINT) Missing Persons Capture the Flag (CTF) in partnership with local, state, and federal law enforcement agencies. Participants, working in teams of

by Alice Duckett A huge Airbnb scam ends with promises to verify every host and listing, Mozilla says ISPs are lying to Congress about encrypted DNS and we discuss the SophosLabs 2020 Threat Report. Host Anna Brading is joined by Sophos experts Peter Mackenzie and Greg Iddon on this week’s episode of the podcast. Listen

America’s Internal Revenue Service is to launch a large-scale cyber-safety campaign to coincide with the busiest shopping period of the year. According to the website Accountingtoday.com, the campaign by the IRS will begin on the Monday after Thanksgiving, commonly known to bargain hunters as Cyber Monday.  “The campaign will emphasize to practitioners and taxpayers the

by Danny Bradbury Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friends’ activities on the social network. Apple removed Like Patrol from its store last weekend citing a violation of its data collection policies. Apple didn’t return requests for comment, but the app showed up as

PortSwigger has launched a free interactive training platform in an attempt to address the global shortage of cybersecurity talent.  The makers of Burp Suite cut the ribbon on the new Web Security Academy last month following a soft launch of the platform in April 2019, which a PortSwigger spokesperson said had garnered “overwhelmingly positive user feedback.” The Web

by Danny Bradbury Apple may care about your privacy but that doesn’t mean it gets it right all the time, especially when it comes to training its Siri AI assistant. Last week, a researcher went public with a glaring security hole in the way that Siri gets to know you. Apple IT specialist Bob Gendler

A new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration.  The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to

by Danny Bradbury Microsoft has urged people to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability. BlueKeep is the code name for a security hole dubbed CVE-2019-0708, first revealed in May 2019. The flaw, in Windows 7 and Windows Server 2008, allows attackers break into a computer through

Florida’s largest police department is seeking to gain permanent access to a facial recognition network maintained by the Pinellas County Sheriff’s Office. The Face Analysis Comparison and Examination System (FACES), set up in 2001 with federal grant money, is the largest collaborative open-model facial recognition system in the United States. The system uses a MorphoTrust

by Lisa Vaas Researchers who study the physics of hurling eggs at windshields – the ovoflingatologists – have access to such finely calibrated splatometers that they can apparently predict that if you turn on your wipers and windshield squirter, you will make a scrambled, milky mess that obscures visibility by (up to) an astonishing 92.5%.

Accenture has opened a trio of practice ranges in which companies can have a crack at responding to cyber-attacks.  The new “cyber ranges” are specifically aimed at assisting industrial companies in the oil and gas, chemicals, utilities, and manufacturing industries to improve their cybersecurity.  Each site is a controlled, interactive, and hyper-realistic environment for cybersecurity training

by John E Dunn This week’s bold rebrand of Facebook to FACEBOOK can’t hide the growing sense that nobody is happy with the company right now. October was particularly bad, climaxing with CEO Mark Zuckerberg being publicly beaten up by Democrat Alexandria Ocasio-Cortez during House Financial Services Committee hearings over the company’s allegedly lax attitude

A Long Island company has been accused of selling Chinese-made security and surveillance equipment with known cybersecurity vulnerabilities as “made in USA” to the United States military.  It is alleged that since 2006, Aventura Technologies Inc., has been falsely claiming products made in the People’s Republic of China (PRC) were manufactured at its headquarters in Commack,

by Danny Bradbury An IT project manager has pleaded guilty to accessing the email account of a former client’s CEO, said reports this week. According to the Register, 27-year-old Leeds resident, Scott Burns, was charged under the Computer Misuse Act for tinkering with systems owned by Dart Group, which owns the Jet2 airline. The hapless

An employee of trusted cybersecurity firm Trend Micro has been fired after illegally accessing and selling customer data to a malicious third party.  An estimated 68,000 English-speaking customers were affected by the insider threat incident, which was disclosed by Trend Micro on Tuesday.  Trend Micro’s suspicions were first aroused in early August 2019, when customers running the company’s home

by Alice Duckett Mass ransomware hit Spain earlier this week, BlueKeep’s back and there’s yet another twist in the sextortion saga – we discuss all this and more in the latest episode of our podcast. I hosted the show this week with Sophos experts Mark Stockley, Peter Mackenzie and Paul Ducklin. Listen below, or wherever

Facebook has revealed yet another incident where third-party developers may have been allowed too much access to user data. In this case, names, profile pictures and other information relating to members of Facebook groups may have been accessed improperly by as many as 100 developer ‘partners’ of the social network. “We know at least 11

by John E Dunn As keen tech adopters know, Google Assistant, Amazon Alexa, Apple Siri, and Facebook Portal are AI-powered internet platforms that users control by issuing voice commands through smartphones or home ‘smart’ speakers. Or at least that’s what we thought until this week when a US-Japanese team published a research paper which confirms

Half of global organizations still don’t have cyber insurance, despite the majority believing cyber-attacks will increase next year, according to FireEye. The security vendor polled 800 CISOs and senior executives across the globe to compile its new Cyber Trendscape Report. More than half (56%) said they believe the risk of attacks will grow next year

by Danny Bradbury Google has patched a bug in the Android operating system that could have allowed attackers to install a rogue application on a victim’s phone – but only if they were able to invade their personal space. Nightwatch Security found the flaw, numbered CVE-2019-2114, and described it in an advisory. The problem lies

A Pentagon advisory board has published a set of guidelines on the ethical use of artificial intelligence (AI) during warfare.  In “AI Principles: Recommendations on the Ethical Use of Artificial Intelligence by the Department of Defense,” the Defense Innovation Board (DIB) shied away from actionable proposals in favor of high-level ethical goals.  In its recommendations, the board wrote

by John E Dunn The Russian government calls it the “sovereign internet” law and from 1 November it compels the country’s ISPs to forward all data arriving and departing from their networks through special gateway servers. Promoted since 2018, from the government’s point of view the sovereign internet is a way of protecting the country

The recruiting methods being used in the cybersecurity industry are so dire that they pose a national security threat.  In an exclusive interview with Infosecurity Magazine at the (ISC)² Security Congress in Orlando, Florida, the founder and CEO of cybersecurity research and staffing firm CyberSN and of BrainBabe, Deidre Diamond, described recruitment in cybersecurity as “a crisis in a

by Danny Bradbury It was October 1999. Macs had just got embedded Wi-Fi, Napster had launched, and Yahoo had purchased Geocities for $3.6bn. Something else happened that escaped most computer users at the time: CVE posted its first bug. The Common Vulnerabilities and Exposures (CVE) system is 20 years old this week. Created by the

Working environments designed to empower only men are putting women off pursuing cybersecurity careers. Cybersecurity professionals speaking at the (ISC)² Security Congress held in Florida this week revealed that talented women are taking their skills elsewhere because cybersecurity made them feel unwelcome. Deidre Diamond, founder and CEO of recruitment company CyberSN, said: “We’ve heard for years now that women feel

by Mark Stockley This week host Anna Brading is joined by Sophos experts Mark Stockley, Greg “Fido” Iddon and Peter Mackenzie. This week we discuss an attack on the city of Johannesburg that came with a ransom demand and ask “was it ransomware?”; we talk about what the breach at NordVPN means for VPN users;