Security

The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.  New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro

by Paul Ducklin This week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”. Presenters: Kimberly Truong, Doug Aamoth and Paul

A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET.  The tweets were

by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.

Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,

by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the version that was released yesterday

Deep Instinct has appointed former managing director and partner at Goldman Sachs Heather Bellini as its new chief financial officer.  The deep learning cybersecurity company, which was founded in 2015 and is headquartered in New York, announced the appointment today.  While at Goldman Sachs, Bellini led the research diligence and investor education initial public offering (IPO) process

by Naked Security writer You’ve probably seen the news that six Russians, allegedly employed by the Russian Main Intelligence Directorate, better known as the GRU, have been charged with cybercrimes by the US Department of Justice (DOJ). The DOJ alleges that the defendants, all men, “caused damage and disruption to computer networks worldwide, including in

Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online. According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.  The data’s appearance online follows

by Paul Ducklin Here’s the latest episode of our weekly Naked Security Live video series. By the way, if you want to ask questions in real time while we’re online, we’d love you to join in live – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to

A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack. A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization.  Superintendent Dr. Ken Barron told WLBT news that the school became aware of the cyber-attack on Monday, October 12.

A major healthcare provider whose systems were knocked offline for three weeks by a ransomware attack has been asked by a US senator to answer questions about its cybersecurity practices.  Universal Health Services announced on Monday that all 400 of its health system sites were back online after being hit by a cyber-attack in the early hours of September

by Paul Ducklin The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and

Iran has reported falling victim to two large-scale cyber-attacks, one of which was leveled at the country’s government institutions. The Iranian government’s Information Technology Organization on Thursday reported that two institutions had been compromised by attackers. No party has claimed responsibility for the attack, and Iranian government officials have not stated whether the attack was domestic or

by Paul Ducklin In this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find the source of mysterious beeping from every computer in the office. Presenters: Kimberly Truong, Doug Aamoth and

Students learning remotely in Massachusetts have had their lessons disrupted by distributed-denial-of-service, or DDoS, attacks. Sandwich Public Schools suffered a week of connection issues after what was first identified as a firewall failure occurred on October 8. A new firewall put in place to resolve the issue subsequently crashed, prompting the technology department to source a firewall

by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on

Twitter temporarily suspended the account of the president of the United States’ election campaign for “posting private information.” The account @TeamTrump was locked for attempting to tweet a video referencing a recent article by the New York Post along with text describing presidential candidate Joe Biden as “a liar who has been ripping off our country for years.” The New

by Paul Ducklin If you nearly didn’t read this article because you thought the headline sounded like a story you could take for granted, as you would if you saw an article called “Dinosaurs Still Extinct” or “Sun to Rise in East”… …then be aware that we nearly didn’t write it for the same reason.

Carnival Corporation has disclosed that passenger and employee data from three different cruise lines was accessed in a ransomware attack that took place in August. On August 15, the British-American cruise operator discovered that an unauthorized third party had compromised its computer system and downloaded data files. An update issued by the corporation yesterday states that personal data

by Paul Ducklin Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. After all, why risk letting the crooks sneak in front of you when you could take a

North Carolina has opened a cybercrime hotline after state residents lost millions of dollars to COVID-19-related cyber-scams.  The free NC 2-1-1 phone line, one of the first to be launched in the United States, has been funded by state and federal grants.  Fraudulent schemes claiming victims in the Tarheel State include cell phone cloning, fake

by Paul Ducklin Good news, for a while at least. Microsoft went to US District Court for the greater good of all of us and came away with a court order permitting it to take over a whole raft of internet servers. The company was authorised to take over a wide range of IP numbers,

Ransomware was the most observed threat in 2020, according to a global corporate investigations and risk consulting firm based in New York City. Kroll‘s proprietary data on cyber incident response cases shows that ransomware attacks accounted for over one-third of all cases as of September 1, 2020.  While this particular form of malware has struck

The Pentagon is to significantly increase the size of the United States Space Force’s cybersecurity team. Plans to add over a thousand new personnel were revealed by the force’s chief technology and innovation officer, US Space Force Major General Kimberly Crider. Speaking at the CyberSatGov virtual event held yesterday, Crider said that 130 cybersecurity officers would be

by Paul Ducklin “If you connect it, protect it” is a short and simple slogan that we’ve taken straight from this year’s Cybersecurity Awareness Month (CSAM). We wrote about CSAM last week, on the first of the month, to explain why we think CSAM is still worth supporting, for two main reasons. The first reason

A Tennessee firm that provides health data management services has agreed to pay the United States Office for Civil Rights (OCR) $2.3m to settle charges related to a data breach.  Charges were brought against Tennessee-based Community Health Systems (CHSPSC LLC) by 28 states after the personal health information (PHI) of millions of people ended up in the hands

by Paul Ducklin Join us for the first episode in the brand new Series 3 of our Naked Security Podcast. This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of “linkless phishing“, ask if it’s ever OK to pay a ransomware demand, and advise what to do when

Cyber-attacks have been levied against journalists in Angola after they reported that the Angolan president’s chief of staff had embezzled public funds. Independent online news provider Correio Angolense published an article online covering the claims against Edeltrudes Costa that were first made by the Portuguese TV channel Televisão Independente (TVI). The broadcaster launched an investigation after companies

by Paul Ducklin Earlier this week, we published an article headlined “If you connect it, protect it.” The TL;DR version of that article is, of course, exactly the same as the headline: if you connect it, protect it. Every time you hook up a poorly-protected device to your network, you run the risk that crooks