Ransomware accounted for one tenth of 1% of all malicious email content in Q4, according to a new threat report from Proofpoint. It’s Q4 threat report found that banking trojans accounted for 56% of all malicious payloads in email in Q4, while remote access trojans (RATs) accounted for 8.4%. Proofpoint claimed that this marked a

by Lisa Vaas An 18-year-old German researcher has discovered and published a proof of concept he’s calling KeySteal: what he claims is a zero-day bug that could be exploited by attackers using a malicious app to drain passwords out of Apple’s Keychain password manager. No fix is expected anytime soon. The researcher, Linus Henze, says

There is a growing disconnect between how companies capitalize on customer data and how consumers expect their data to be used, a new report from RSA Security has discovered. The firm polled more than 6000 individuals across France, Germany, the United Kingdom and United States to explore the nuances of ethical data use and consumer

by John E Dunn Quieter web browsing is finally within reach for users of Mozilla’s Firefox. It’s been on the to-do list for a while, but a new blog by the company has confirmed that from Firefox 66 for desktop and Firefox for Android, due on 19 March, media autoplay of video or audio will

The UK government is claiming to have a £6m pot of cash set aside for the winners of a new IoT security competition. The Technology Strategy Board, also known as Innovate UK, will only choose projects including an element of artificial intelligence or machine learning and those that have “a clear plan for commercialization.” They must

by Lisa Vaas FamilyTreeDNA – one of the larger makers of at-home genealogy test kits – has disclosed that it’s quietly been giving the FBI access to its database of 1 million DNA profiles to help solve violent crime. Investigators’ use of public genealogy databases is nothing new: law enforcement agencies have been using them

The UK’s Student Loans Company (SLC) has been forced to repel nearly one million cyber-attacks over the course of the last financial year, highlighting the growing risk to organizations from hackers. Think tank Parliament Street sent a Freedom of Information (FOI) request to the non-profit government body, which provides loans and grants to students in

by Danny Bradbury Most of us have suffered from fat-fingered browsing before, mistyping website URLs and getting taken to the wrong place. Some of us have fallen victim to hyperlinks that look like legitimate websites at first glance but which are deliberately misspelled. Now, Chrome will try to save us from lookalike sites by detecting

Two years after President Trump taking office, the Foundation for Defense of Democracies has issued its midterm assessment, The Trump Administration’s Foreign and National Security Policies, which looks in part at the administration’s cyber policies and the advances therein. Authored by Annie Fixler, deputy director for the Center on Cyber and Technology Innovation (CCTI), and David Maxwell,

by Paul Ducklin A recent bug in a very widely used Linux system tool called systemd has just been turned into a published exploit by a US cybersecurity company called Capsule8. The systemd project is a large, complex and popular – but also controversial – toolkit used by many mainstream Linux distros to handle system

Despite their high-ranking positions, senior executives are reportedly the weak link in the corporate cybersecurity chain with a new report from The Bunker, which finds that cyber-criminals often target this known vulnerability. A recently published white paper, Are You the Weakest Link? How Senior Executives Can Avoid Breaking the Cybersecurity Chain, found that those at

by Paul Ducklin In this week’s Naked Security Live video, we look at a recently reported “snooping” bug in Apple’s FaceTime app. While your phone was ringing, but before you picked up, a caller could trick the app into making your microphone live. In other words, a malicious caller might have been able to hear

Security researchers have uncovered a new cyber-espionage campaign against foreign diplomats in Iran, using malware linked to a well-known APT group. Kaspersky Lab researcher Denis Legezo claimed the campaign was indicative of hackers in emerging regions using “homebrew” malware combined with publicly available tools. In this case, they use an improved version of the Remexi

by Danny Bradbury Users of Microsoft’s Azure system lost database records as part of a mass outage on Tuesday. A combination of DNS problems and automated scripts were to blame, said reports. Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. TDE databases dynamically encrypt the information they store, decrypting

Most small businesses in the UK have not updated or reviewed their data security and privacy policies since the GDPR came into force, according to new research from tech firm Appstractor. The Under Attack: Assessing the struggle of UK SMBs against cyber criminals report assessed the views of 500 IT bosses at small UK companies

by Paul Ducklin In this episode, we dig into a US Emergency Directive to stop government sites getting hijacked, examine a data breach with a difference, and hear a cybersecurity expert’s confession of how his Instagram got hacked. With Anna Brading. Paul Ducklin, Mark Stockley and Matthew Boddy. This week’s stories: US gov issues emergency

Digital transformation is exposing organizations to greater IT complexity and cyber-risk, according to new global research from Thales eSecurity. The security vendor polled 1200 execs with responsibility for IT and data security in nine countries around the world to compile its 2019 Thales Data Threat Report. It found that over a third (39%) class themselves as

by Danny Bradbury Firefox has introduced a new set of controls to make it easier for users to protect themselves from online ad trackers. The browser’s redesigned Content Blocking section makes it easier for users to switch off cross-site trackers. These are mechanisms that advertisers and data brokers use to track your activity across different

The UK government has pledged more money to address the IT security skills crisis and improve hardware and IoT security, although details on the latter are vague. An announcement made on Data Protection Day yesterday claimed the UK plans to be a world leader in “designing out” cyber-threats, by funding R&D into more secure-by-design hardware

by Lisa Vaas Facebook plans to take all of its chat apps – Messenger, WhatsApp and Instagram – and smoosh them into one interconnected chat blob, in spite of having promised to retain the independence of WhatsApp and Instagram when it bought them. The New York Times reported on Friday that the plans come directly

Nearly two-thirds (63%) of IT professionals are more concerned about data privacy and security than they were two years ago, but their poor online practices continue to drive cyber-risk, according to a new study published on the EU’s Data Protection Day. Also known as Data Privacy Day in North America, the awareness-raising event was originally slated

by Lisa Vaas Fans of high-profile YouTubers are getting bombarded with scams made to look like the messages were sent by the video stars themselves, the BBC reports. US YouTube personality Philip DeFranco addressed the issue in a video posted to his channel on Wednesday. If you’ve gotten a message from me, or any other

Executives at financial services companies are increasingly concerned about risks, but as technology becomes more integrated in managing financials, more executives say that cybersecurity is increasingly becoming the most important type of risk, according to a new Deloitte survey, Global Risk Management Survey, 11th Edition. When asked which risk types would grow in importance over

by Lisa Vaas #DeleteFacebook? #GoodLuck! A study published on Monday found that when it comes to protecting our privacy, it isn’t quite that simple. In fact, we don’t have to actually have a social media profile in order to be known, thanks to the fact that all our predictable friends and colleagues can fill in

Multiple consumers have reported being terrified after hackers infiltrated the Nest cameras in their homes, with one malicious actor making claims of a North Korean missile threat, according to CBS News. California resident Laura Lyons reported that malicious actors gained control of her Nest security camera, which belted out a terrifying emergency alert warning them to

by Mark Stockley Thanks to Sophos expert Peter Mackenzie for the research in this article. Emotet is malware that’s designed to evade detection, dig in hard and multiply. Thanks to a restless update schedule, a modular, polymorphic design, and its ability to deploy a host of different techniques for worming through networks, the software is

Security researchers have warned of a new malvertising campaign using steganography techniques to target Apple users. The VeryMal group has run multiple campaigns since August 2018, attempting to redirect users to the veryield-malyst domain, according to Confiant security engineer, Eliya Stein. As many as five million users may have been subject to the most recent

by John E Dunn The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites. Under the directive, which appeared a week after a US-CERT warning on the same topic, admins looking after US .gov domains have until 5 February

The British public is dead-set against the use of drones, with the vast majority believing that as they continue to represent a national security risk and that cyber experts must do more to mitigate the threat from above. Think tank Parliament Street polled 2000 members of the public to compile its latest report, Drones 4

by Lisa Vaas As legislators and the public have bludgeoned them with complaints about how they’ve let fake news melt democracy, tech big boys such as Microsoft and Facebook have said hey, that ain’t our thing – we’ll get fact-checkers to take this slapping for us. Bring it on, said one of those fact-checking services.