Security

Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published today. A survey commissioned by Tripwire and carried out last month by Dimensional Research found that 93% of security professionals were concerned that human error could result in the accidental exposure of their cloud data.  Despite their concern over

by Paul Ducklin So far this year, the use of facial recognition by law enforcement has been successfully challenged by courts and legislatures on both sides of the Atlantic. In the US, for example, Washington State Senate Bill 6280 appeared in January 2020, and proposed curbing the use of facial recognition in the state, though

An Australian woman has been jailed for her part in the theft of XRP cryptocurrency worth nearly $400,000.  Kathryn Nguyen was arrested in October 2018 for pulling off a crypto-heist with an associate. The 25-year-old was one of the first people in Australia to be charged with the theft of cryptocurrency. The theft of 100,000

by Naked Security writer Read the latest articles: Business Email Compromise – fighting back with machine learning Porn blast disrupts bail hearing of alleged Twitter hacker GandCrab ransomware hacker arrested in Belarus Servers at risk from “BootHole” bug – what you need to know Watch the latest Naked Security Live video: (Watch directly on YouTube

A Hawaii man has admitted sending over 500 unwanted visitors to the home of a Utah family in a case police have described as “stalking on steroids.” Loren M. Okamura was arrested in December 2019 on charges of cyber-stalking, making interstate threats, and transporting a person over state lines for the purpose of prostitution. The 44-year-old entered

Illegal TV subscription services in the United States have grown into a billion-dollar industry, according to new research jointly released yesterday by Digital Citizens Alliance and NAGRA. The investigative report Money for Nothing reveals the existence of a sophisticated piracy ecosystem made up of thousands of retailers and wholesalers. This nefarious network steals from creators and circumvents legitimate TV operators

The world’s largest online cybersecurity career development platform has released a second installment of free educational courses.  Cybrary made a clutch of courses free in July in a bid to support people who are considering a career in cybersecurity and those impacted professionally by the ongoing COVID-19 pandemic.  A Cybrary spokesperson said: “These free courses aim to

by Paul Ducklin If you’re interested in artificial intelligence (AI) and how it can be used in cybersecurity… …here’s a DEF CON presentation you’ll like, coming up this weekend! DEF CON is perhaps the ultimate “come one/come all” hackers’ convention, now in its 28th year, and it famously takes place in Las Vegas each year

Britain’s National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May. The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach. National Trust data exposed as a result of the ransomware attack

by Paul Ducklin One of the alleged Twitter hackers faced a bail hearing in a Florida court yesterday. ICYMI, the Twitter hack we’re referring to involved the takeover of 45 prominent Twitter accounts, including those of Joe Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a laundry list of others with huge numbers

A judicial candidate in Louisiana has been charged with hacking into state computers and sharing confidential court documents with a friend. Attorney Trina Chu allegedly committed the offenses while working as a law clerk to now retired Chief Judge Henry Brown in 2018.  According to a statement released by Caddo Parish sheriff Steve Prator, Chu copied sensitive

North Dakota has suffered fewer data breaches than any other American state over the past 15 years.  Analysis of data breaches that have occurred in the United States since 2005 revealed California to be the state hit by the highest number of breaches. The Sunshine State was also found to have exposed the largest number of

by Paul Ducklin Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018. He apparently demanded payments ranging from $400 to $1500 in Bitcoin. Unlike more targeted attacks where crooks break into networks first

Michigan’s largest healthcare provider has warned around 6,000 patients that their data may have been exposed following a cyber-attack. The cybersecurity incident is the second phishing-related data breach to befall Beaumont Health in recent months.  In April, the organization started notifying 112,211 individuals that some of their personal health information (PHI) had been exposed. The warning came after a data

A malware author has pleaded guilty to conspiracy for his role in a transnational cybercrime organization responsible for stealing over $568m.  Valerian Chiochiu, a.k.a. “Onassis,” “Flagler,” “Socrate,” and “Eclessiastes,” admitted being involved with one of the largest cyber-fraud enterprises ever created that victimized Americans in all 50 states and millions globally. The 30-year-old Moldovan national was living

by Naked Security writer Read articles: Watch the latest Naked Security Live video: [embedded content] (Watch directly on YouTube if the video won’t play here.) Subscribe to our newsletter: For a regular reminder of the articles we write on the day we write them, why not sign up for our newsletter to make sure you

Researchers have discovered a digital propaganda campaign focused on spreading false information and inciting hatred against the US and the North Atlantic Treaty Organization (NATO).  Dubbed Ghostwriter, the apparently well-resourced campaign has sought to portray the presence of American and NATO troops in Europe as aggressive and dangerous to local populations.  Tactics used to turn public opinion

by Paul Ducklin The US Department of Justice just issued a press release entitled simply, “Three Individuals Charged for Alleged Roles in Twitter Hack.” In some ways, the Twitter hack referred to, which happened just two weeks ago on 2020-07-15, was tiny. In a world in which data breaches involving millions, hundreds of millions and

The University of Chicago has launched a new initiative that aims to increase the cybersecurity of America’s forthcoming presidential election. Election Cyber Surge will function as a matchmaker service, connecting US election officials concerned about cybersecurity with volunteers who are experts in the field. Officials will choose an area of particular weakness, and then choose from a

by Paul Ducklin According to reports, Minnesota-based business travel company CWT is the latest victim of the latest trend in ransomware. In fact, we’re probably at the point where we need to stop calling them just “ransomware” attacks, because it’s increasingly common that there’s a lot more to these attacks than just keeping you out

An American researcher has admitted stealing scientific trade secrets from a children’s hospital and selling them to China. Former Ohio resident Li Chen pleaded guilty yesterday to conspiring to steal scientific trade secrets and conspiring to commit wire fraud concerning the research, identification, and treatment of a range of pediatric medical conditions.  Chen and her husband, alleged

by Paul Ducklin Another month, another BWAIN! That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune). This month’s bug with an impressive name (see what we did there?)

Britain’s Department for Digital, Culture, Media and Sport is funding a new wave of projects aimed at putting the UK at the forefront of 5G technology.  Among the research and development projects to secure funding are a remote music festival that will take place in the Brighton Dome, trials of autonomous lorries, and a traffic system

by Paul Ducklin The Beatles famously sang about The Taxman back in 1966, when Britain had much higher taxes on the rich than it does now: Let me tell you how it will be There's one for you, nineteen for me 'Cause I'm the taxman, yeah, I'm the taxman Should five per cent appear too

Rite Aid‘s quiet use of facial recognition technology in its stores has ended after nearly a decade.   Since 2012, the American drugstore had gradually implemented the technology in 200 stores around the country, according to an investigation by Reuters. Analysis of where the technology had been deployed indicated that Rite Aid had primarily installed it in

by Paul Ducklin You’ve probably heard of a Blue Moon, which is the second full moon in any calendar month. The last one was back in 2018; the next one is coming up in October 2020. Well, 28 July 2020 is a Blue Firefox Update event – the second major security fix of the month,

A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected. The controller was designed for secure local and remote server management to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers. Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy

by Paul Ducklin SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Let’s start at the very top of the ransomware dilemma. Should you ever pay blackmail money to ransomware crooks? As you can imagine, law enforcement

The CEO of a technology startup based in Virginia is facing federal charges for allegedly masterminding an investment scam whose victims lost millions of dollars.  Danny Boice was the founder and CEO of the now bankrupt privately held company Trustify Inc that was established in 2015. From its headquarters in Crystal City, the firm provided

American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m.  According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal