Security

The University of Texas at San Antonio (UTSA) is to create and lead a new federal digital research institute that will devise ways to shield America’s manufacturers from cyber-threats.  In addition to assisting US industry in blocking cyber-attacks, the Cybersecurity Manufacturing Innovation Institute (CyManII) will explore how to help manufacturers achieve energy efficiency.  Other areas

by John Shier Criminals have been quick to adapt to the global coronavirus pandemic. Sophos threat researchers have shown how cybercriminals have taken advantage of COVID-19 in myriad ways, and the FBI has warned us about criminals profiteering with advance fee and business email compromise scams. But what’s happening on the dark web, the scene

The 40-year-old one-time CEO of a Utah tech company is serving a custodial sentence after downloading over 13,000 images of child sexual abuse, bestiality, and rape.  Douglas Eugene Saltsman was sentenced yesterday to 210 days in prison and 48 months of probation by Utah 3rd District Judge Douglas Hogan after being convicted on three felony charges of

by Paul Ducklin The facial recognition company that everyone – or at least a large chunk of everyone – loves to hate, Clearview AI, is to get yet another day, and perhaps very much longer than that, in a Chicago courtroom. The American Civil Liberties Union (ACLU), together with four community organisations based in the

Microsoft has warned of a new type of data stealing Java-based ransomware, dubbed PonyFinal. PonyFinal is what Microsoft describes as “human-operated ransomware” — to distinguish it from commoditized variants that are distributed in an automated way by hackers. The tech giant’s Security Intelligence group revealed in a series of tweets this week that the first

by Paul Ducklin If you’re a Naked Security Podcast listener, you’ll have heard Sophos’s own Peter Mackenzie telling some fairly wild ransomware stories. Peter works in the Managed Threat Response (MTR) part of our business – in his own words, if your network’s on fire, he’s one of the people who will rush in to

Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data from Group-IB. The Singapore-based security vendor claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%. As large enterprises became an increasing focus for attacks, ransom

by Paul Ducklin Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes. Confusingly, some of these updates have been available for several days already – the most recent version of iOS is 13.5, and it was officially announced on Apple’s main Security update page on 20 May 2020.

Donald Trump has decided to pick a fight with Twitter after one of his posts on the upcoming election was labelled misleading by the social media platform. The original tweet claimed that Mail-In (postal) ballots during the November Presidential election would be “substantially fraudulent.” The issue has become a partisan one of late, as Democrats

by Paul Ducklin Apple’s latest iOS versions have only been out for a week. The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”. But there’s a jailbreak available already for iOS 13.5, released by

The personal details of over 29 million Indian jobseekers have been posted to a dark web site, free for anyone to access. Cybersecurity firm Cyble, which discovered the trove on an unnamed hacking forum, has in turn added the compromised information to its breach notification site AmIBreached. It claimed to have found the posting during

by Paul Ducklin You can’t read much about cybercrime these days without hearing mention of “the dark web”. Often, the term is used with the metaphorical meaning of dark, to describe those parts of the internet that are evil, being dedicated to odious and often very serious criminal offences. We’re not just talking about stories

Cyber-criminals could be poised to trigger a wave of attacks on businesses when workers return to offices and reconnect to corporate networks, Redscan has warned. As many countries such as the UK prepare to ease COVID-19 lockdown restrictions and allow more people to return to physical workplaces, the cybersecurity firm said organizations need to take action

by Danny Bradbury Apple and Google have rolled out the first phase of their COVID-19 contact tracing framework. It makes it possible for public health authorities across the world to connect their apps with data that could help them identify people at risk from the virus. This is the first phase in a two-part rollout

A cybersecurity company has claimed that a contact tracing app introduced by North Dakota is sending data to third parties and exposing users’ identities. Like South Dakota and Utah, North Dakota has built its own contact-tracing app, Care19, in an effort to monitor the spread of the novel coronavirus. Jumbo Privacy alleges that the Care19 app,

by Paul Ducklin Signal is a popular instant messaging (IM) app with a difference. That difference – or at least its major difference – is simple: it’s not owned and operated by an industry behemoth. WhatsApp belongs to Facebook, Skype is part of Microsoft, and iMessage is owned by Apple, but the open-source app Signal

Police in Mumbai have recruited Baby Yoda to help raise awareness of the importance of cyber-safety.  The law enforcement agency has earned a reputation online for delivering serious messages with humorous memes via social media app Instagram. It only seems appropriate that the force should use the power of ‘The Force’ to drive home a

by Mark Stockley Yesterday, SophosLabs published details of a sophisticated new ransomware attack that takes the popular tactic of “living off the land” to a new level. To ensure their 49 kB Ragnar Locker ransomware ran undisturbed, the crooks behind the attack bought along a 280 MB Windows XP virtual machine to run it in

A prolific dark web trader has leaked what they claim to be 40 million user records from popular mobile app Wishbone. The individual known as “ShinyHunters” posted the data to RaidForums, claiming that, “since people are starting to resell wishbone we’ve decided to leak it for free.” The post was shared by security vendor Cyble and

by Alice Violet This week we discuss a customer who went to Subway for a sandwich and left with a stalker, whether there’s a demon in your printer and the things you should patch now. I host the show this week with Sophos experts Mark Stockley, Paul Ducklin and Greg Iddon. Listen now!

Microsoft is warning of a major new COVID-19 phishing campaign using malicious Excel macros to achieve remote access of victims’ machines via a legitimate support tool. Microsoft Security Intelligence revealed the news in a series of tweets, claiming the campaign began on May 12. “The emails purport to come from Johns Hopkins Center bearing ‘WHO

by Paul Ducklin Microsoft is warning of a coronavirus themed malware distribution campaign with a bit of a twist. We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used

A threat group that claims to have stolen nearly a terabyte of data from a prominent entertainment law firm has said it will put sensitive information relating to Madonna up for auction. REvil allegedly made off with 756GB of data from New York lawyers Grubman Shire Meiselas & Sack in a ransomware attack earlier this month. The

by Paul Ducklin Some technologies attract a “love it or hate it” response. Bluetooth doesn’t seem to be one of those, because many of us have a love and hate relationship with it. It’s incredibly useful when it works well, but at other times it makes you wonder why you didn’t just use a simple,

Lurie Children’s Hospital of Chicago is being sued by the parent of a pediatric patient over two recent data breaches.  An anonymous plaintiff and her 4-year-old daughter filed a complaint against the hospital and two former employees in the Circuit Court of Cook County, Illinois, on May 8.  Mother and daughter, referred to as Jane

by Paul Ducklin The latest research report from SophosLabs deals with the fascinating case of the RATicate gang. This reports make for intriguing reading because it unravels the recent operation and evolution of a bunch of cybercriminals, whom we’ve dubbed RATicate, who seem to have their money-grabbing fingers in a number of malware-related pies. Indeed,

Cyber-attacks against API endpoints have increased since lockdown measures were introduced to slow the spread of COVID-19. Threat research published today by California cybersecurity software company Cequence noted a huge spike in malicious traffic since April, with API endpoints being targeted far more than usual.  Describing the number of threats leveled at just one of their customers, Cequence researchers saw

by Lisa Vaas When work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff. Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misconfigurations that

Norway’s state-owned investment fund Norfund has halted all payments after losing $10m in an “advanced data breach.” Norfund is a private equity company established by the Norwegian Storting in 1997 and owned by the Norwegian Ministry of Foreign Affairs. The fund receives its investment capital from the state budget and is the largest sovereign wealth fund in the

by Mark Stockley Yesterday morning I got a Skype message from an ex-colleague, somebody I’d not heard from in some time but was happy to reconnect with. I say “message”, it wasn’t much of one, it was just a link. Out of the blue. It was clearly a phish, but it caught my eye because