Another ransomware attack has struck, but this time the massive attack on AriZona Beverages was targeted. After more than 200 company-networked computers displayed the message “Your network was hacked and encrypted,” the company’s IT department had to rebuild the network, according to a post from Cloud Management Suite. Infosecurity was unable to reach AriZona Beverages

by Lisa Vaas Researchers have discovered the latest way to drive a Tesla off track (and into oncoming traffic), and it needs only the simplest of hacking tools: a can of paint and a brush will do it, or small, inconspicuous stickers that can trick the Enhanced Autopilot of a Model S 75 into detecting

Employees at Google are less than thrilled with a newly announced member of its Advanced Technology External Advisory Council (ATEAC), according to MIT Technology Review.   At the EmTech Digital event in San Francisco, Google reportedly announced the names of its eight-member advisory council tasked with providing feedback and support for artificial intelligence (AI) projects. One

by Lisa Vaas We’ve seen malicious government cyberweapons leaked out of the National Security Agency (NSA) and injected via ransomware, but security researchers recently found government spyware squatting in plain sight, pretending to be harmless vanilla apps on Google’s Play store. This time around, the malware doesn’t come from the NSA. Rather, it alegedly comes

With the aid of American hackers, the United Arab Emirates (UAE) was able to spy on prominent figures in the Arab media and a BBC host, according to an exclusive Reuters report. The revelations come only months after US contractors in the UAE were reportedly helping to spy on US citizens, according to a January

by John E Dunn Russia has been conducting a major campaign to experimentally hijack signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers have claimed in a detailed report. Technically, GNSS spoofing (as opposed to simpler jamming) is an attempt to send false positional signals to a receiver using global satellite

At this week’s Black Hat Asia 2019 conference, researchers from Positive Technologies revealed findings about an undocumented technology in Intel microchips that allow reading data from the memory of and intercepting the signals from peripherals. On March 28, 2019, Positive Technologies experts Maxim Goryachy and Mark Ermolov spoke in Singapore, discussing the microchips in their session

by Lisa Vaas Some of us may think that an appropriate penalty for robocallers is to stuff them with burner phones and roast them up for Sunday dinner, in which case some of us are going to be underwhelmed with the news that the FCC has basically slapped some hands and tsk-tsk-ed them into promising

After researchers discovered an SQL injection vulnerability in Magento’s code, the company issued a security fix for more than 30 different vulnerabilities in its software, which reportedly has put more than 300,000 e-commerce sites at risk of card-skimming attacks. Online businesses have been strongly urged to download the latest fix, warning that versions prior to 2.3.1

by Lisa Vaas A Chinese gaming company is reportedly looking to offload the gay dating site Grindr due to US government concerns over its ownership, according to Reuters. Sources familiar with the matter told the news service that Beijing Kunlun Tech Co Ltd., which picked up Grindr in 2016, is looking to sell it after

After a security incident in February at its Australian subsidiary, Toyota Motor Corp. has suffered its second security breach in the last five weeks, with today’s breach announced by the company’s main offices in Japan. “On March 29, 2019, it was announced in Japan that Toyota Motor Corporation (TMC) learned it had possibly been the

by John E Dunn For the longest time, drones looked like a good-news tech story that would transform aerial photography, disaster relief and parcel delivery. The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts.

Though backup is a known best-practice approach to IT risk management, many companies are overwhelmed by the number of sites that need to be backed up, according to a new survey released today by Barracuda Networks. The study, Closing Backup and Recovery Gaps, asked more than 1,000 IT professionals, business executives and backup administrators about

by Paul Ducklin We’ve written about internet hoaxes many times before on Naked Security. Sometimes, hoaxes – made-up nonsense about software, bugs or hackers – get spread widely because they sound exciting and scary. Even when a hoax sounds bizarre and unlikely, it may get picked up and repeated as an earnest truth by millions

An LGBTQ dating app, Grindr, has come under fire after Reuters reported that the Committee on Foreign Investment in the United States (CFIUS) told the app’s China-based parent company that its ownership posed a national security risk. Now, the Chinese gaming company, Beijing Kunlun Tech Co Ltd, is reportedly looking to sell Grindr LLC, which it

by Paul Ducklin We explain how to avoid losing money to the cybercrime known as BEC, short for Business Email Compromise, and our experts give you some great tips on what to look out for when you plug new devices into your network. With Paul Ducklin, Matthew Boddy and Benedict Jones. This week’s links: FBI

Cyber-criminals have long relied on the Dark Web’s largest marketplace, Dream Market, to buy and sell illicit goods, but today threat researchers at IntSights and Flashpoint found that the notorious online store is scheduled to shutdown on April 30, 2019. On March 26, multiple threat actors posted on the DNM Avengers forum after purportedly receiving

by John E Dunn Apple yesterday released updates across a range of its products, including macOS, which goes to 10.14.4 and iOS, which is now at version 12.2. WebKit and beyond In terms of numbers, the system component with the most entries in the update list is Apple’s browser core, known as WebKit, which gets

Despite bipartisan concerns over privacy, most airlines reportedly support the use of facial recognition, and the US Customs and Border Patrol (CBP) has implemented facial recognition in 17 international airports, including Atlanta, New York City, Boston, San Jose, Chicago, and two airports in Houston, according to American Military News.  Largely controversial because of privacy concerns,

by John E Dunn The US Food and Drug Administration (FDA) has issued a warning about two dangerous security flaws affecting a number of implantable heart defibrillators and home monitoring systems manufactured by medical device giant Medtronic. According to an alert put out last week, the flaws affect all models from 20 product families of

A WordPress zero-day in the Easy WP SMTP plugin is actively being exploited in the wild, according to NinTechNet. The plug-in allows site owners using WordPress to both configure and send outgoing emails through an SMTP server, preventing messages from landing in the recipient’s junk folder. By exploiting what is categorized as a critical vulnerability, hackers reportedly

by Lisa Vaas An employee-from-hell has been jailed after he got fired (after a measly four weeks), ripped off a former colleague’s login, steamrolled through his former employer’s Amazon Web Services (AWS) accounts, and torched 23 servers. The UK’s Thames Valley Police announced on Monday that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed

After analyzing several previously unknown malicious files that were detected earlier this month, Kaspersky Lab determined the files were a new version of a data stealer known as the AZORult Trojan. Because the files are written in C++, and not Delphi, researchers have dubbed the variant AZORult++. According to researchers, this latest version is potentially

by Paul Ducklin Facebook has just admitted to years of problems with password hygiene by leaking plaintext passwords into logfiles by mistake. Watch this special edition of Naked Security Live… …we answer the questions lots of people have been asking us since we first wrote about this issue: What happened? Was this a blunder or

According to the 2019 State of the Call Center Authentication report from TRUSTID, a Neustar company, one of the most exploited areas in a company’s security chain is the call center. Companies may be investing more in their cybersecurity defenses, but fraudsters are evolving in their tactics. As such, they’ve discovered that by targeting call

by Paul Ducklin A security researcher in New Zealand just showed that it’s possible to wire up a low-cost data sniffer to the security chip in a Microsoft Surface laptop… …and read out the decryption key used by BitLocker, the software that is there to keep the data on your hard disk safe. That has

The UK’s Police Federation of England and Whales (PFEW) was the victim of a malware attack, according to two different tweets posted by the National Cyber Security Center (NCSC) UK and the PFEW. According to the Police Federation, the attack on the PFEW, which represents 119,000 police officers across the 43 forces in England and

by John E Dunn A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot. BitLocker is the full volume encryption system that has been shipped with higher-end versions of Windows since Vista, which

Security professionals who attended RSA 2019 believe that the world is in the midst of cyber-war, according to a survey conducted by Venafi. While 87% of the 517 IT security professionals surveyed believe that cyber-war is a current reality rather than a future threat, 72% of respondents said that nation-states should be able to “hack back”

by Paul Ducklin In this Naked Security podcast, we explain how to handle sextortion, look at techniques for getting rid of malvertising, and discuss the things that make randomness hard. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s stories: “FINAL WARNING” email – have they really hacked your webcam? New scam