Security

US lawmakers have introduced a bill that proposes banning federal law enforcement agencies from using facial recognition and biometric surveillance technology. The Facial Recognition and Biometric Technology Moratorium Act of 2020 was introduced yesterday by Senators Ed Markey and Jeff Merkley.  If passed into law, the wide-sweeping bill would make federal funding for state and local law

by Paul Ducklin The latest security patches from NVIDIA, the maker of high-end graphics cards, are out. Both Windows and Linux are affected. NVIDIA hasn’t yet given out any real details about the bugs, but 12 different CVE-tagged flaws have been fixed, numbered sequentially from CVE-2020-5962 to CVE-2020-5973. As far as we can tell, none

The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports. According to a statement, the service, which was launched in April as part of the Government’s Cyber Aware campaign, receives a daily average of 16,500 emails. NCSC chief executive officer

by Paul Ducklin Here’s a SophosLabs technical paper that should tick all your jargon boxes! Our experts have deconstructed a strain of malware called Glupteba that uses just about every cybercrime trick you’ve heard of, and probably several more besides. Like a lot of malware these days. Glupteba is what’s known a zombie or bot

Rebekah Vardy is suing Colleen Rooney after the latter accused the former of leaking private information to a British tabloid. The women, who are both married to British soccer players and used to socialize together, fell out last year. Their public spat took place over Twitter. In a lengthy post published on October 9, Rooney stated that

by Paul Ducklin The US government just announced its plans for HTTPS on all dot-gov sites. HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar. Actually, the government is going one step further than that. As well as saying all dot-gov sites

Digital transformation in the cybersecurity industry will be a major driver of mergers and acquisitions (M&A) over the remainder of 2020, according to ICON Corporate Finance. This follows a survey by the technology-focused investment bank of some of the most active M&A buyers in the UK, which showed that there remains substantial interest in tech

by Paul Ducklin We’ve been receiving loads of survey scam emails lately – and you probably get heaps of these, too. So we thought we’d take you through a recent scam from go to woe, with screenshots to document the path that the crooks lured us along. Sometimes, a picture is worth 1000 words (or

Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums. Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews. The firm explained that the passwords were stored only in MD5,

by Danny Bradbury Security researchers have discovered a handful of game-changing vulnerabilities that spell trouble for dozens of connected device vendors and their customers. On Tuesday this week security company JSOF unveiled 19 CVEs – four of them critical remote code execution flaws – in a low-level networking software library that render millions of devices

A PC gaming service is taking action to eradicate a growing number of racist bots from one of its leading shoot-em-up titles. Valve said it has introduced new anti-spam measures to the game Team Fortress 2 in an attempt to “mitigate the use of new and free accounts for abusive purposes.” Earlier this month, Kotaku reported that

by Lisa Vaas On the afternoon of 30 May, as in other US cities, all hell broke loose in Philadelphia as peaceful Black Lives Matter (BLM) protests turned into the smashing of store windows, looting, and arson, including the torching of two Philadelphia Police Department (PPD) cars. On Wednesday, a 33-year-old Philadelphia woman was charged

A man from Michigan has been charged with hacking into a medical center’s database and stealing the personal information of 65,000 employees. Federal prosecutors unsealed a 43-count indictment yesterday accusing Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson of illegally accessing data held by the University of Pittsburgh Medical Center (UPMC).  Johnson allegedly

by Paul Ducklin Details are hazy but the overall story is clear: if you use IBM’s Maximo Asset Management, make sure you’re patched. As you can imagine, an asset management tools called Maximo isn’t aimed at small businesses such as local bike shops or at parochial bodies such as parish councils. Those organisations definitely have

Facebook has removed advertising for Donald Trump’s re-election campaign because it featured a symbol heavily associated with Nazi Germany, in a move likely to dial-up tensions in the US. The inverted red triangle featured in the ad was reportedly used by the Nazis to mark out political prisoners in concentration camps. It ran alongside a

by Paul Ducklin A decade or so ago, many Mac users used to claim very confidently that anti-virus software would be wasted on them, “because Macs don’t get malware.” They’d admit that Mac malware was theoretically possible, but point out that because they’d never run into any problems themselves – problems that they knew of,

The UK Information Commissioner’s Office (ICO) has issued a report on police practices regarding extraction of data from people’s phones, including phones belonging to the victims of crime. The report, which is the result of a 2018 complaint made by Privacy International (PI), highlights numerous risks and failures by the police in terms of data protection and

by Paul Ducklin Global direct-sales cosmetics company Avon has filed two reports with the US Securities and Exchange Commission in the past few days. The reports are known as Form 8-K filings, used to advise investors about unplanned issues affecting a listed company – all the way from the resignation of a director to failing

Half of mobile banks are vulnerable to fraud and theft of funds due to inadequate security on apps, according to a study by Positive Technologies. The analysis found that mobile banking applications have a raft of security flaws which can be exploited by cyber-criminals to access sensitive data and commit fraud. Positive Technologies said that

by Paul Ducklin Intel is adding two new exploit detection systems into its forthcoming processors. The new technology has been at least four years in the making, according the chip giant’s recently updated specification document, which contains a “version 1.0” release date of June 2016. Intel’s PR machine has been making waves about the system,

Nearly half (46%) of small and medium-sized enterprises (SMEs) regularly share confidential files via email, including financial and employee data in spreadsheets, according to a new study from the Lanop Accountancy Group. This is despite the fact that 60% have not upgraded their organizations’ cybersecurity capabilities since shifting to remote working during COVID-19. In a survey

by Paul Ducklin Sextortion, also known as “porn scamming“, is where the crooks send you an email claiming to have a video of you watching porn that they’ve acquired by implanting malware on your computer. We suspect that you’ve not only heard of it but also received these odious and scary emails yourself – scary

A high-performance submarine cable is being built to enhance communications in the Asia Pacific region.  Stretching 9,400 kilometers, the Asia Direct Cable (ADC) will connect China (Hong Kong SAR and Guangdong Province), Japan, the Philippines, Singapore, Thailand, and Vietnam. The ADC has been designed to enable vast amounts of data to be transmitted across the

by Danny Bradbury Just about to share an article with a sensational headline? Stop! Did you at least read it first? Sharing clickbait containing spurious content without bothering to check it over is a perennial problem for attention-challenged social media users (hey! squirrel!) and now Twitter wants to help stop it. The company has launched

The life of a Houston business owner has been threatened after cyber-criminals hacked into her company’s social media account and posted racist messages. Founder and CEO of Infinity Diagnostics Center Jessica Hatch said her company’s Instagram account was compromised on Thursday afternoon by an unknown malicious hacker. After gaining access to the account, the threat actor uploaded

by Lisa Vaas Facebook paid a cybersecurity firm six figures to develop a zero-day in a Tor-reliant operating system in order to unmask a man who spent years sextorting hundreds of young girls, threatening to shoot or blow up their schools if they didn’t comply, Motherboard’s Vice has learned. We already knew from court documents

The Tennessee city of Knoxville has been forced to shut down its computer network after falling victim to a ransomware attack. Cyber-criminals mounted their attack on the county seat of Knox County in the early hours of Thursday, June 11. No information has been shared so far on how threat actors were able to compromise

by Paul Ducklin This week, Intel patched a CPU security bug that hasn’t attracted a funky name, even though the bug itself is admittedly pretty funky. Known as CVE-2020-0543 for short, or Special Register Buffer Data Sampling in its full title, it serves as one more reminder that as we expect processor makers to produce

Cybersecurity firm OPORA has announced seed funding of $7m led by Jerusalem Venture Partners (JVP) and private investors. OPORA was founded by Yuval Diskin, the former head of Israel’s Internal Security Agency, and uses pre-attack adversary behavior analytics to deliver pre-emptive adversary threat protection against the most persistent, organized and largely uncontested cyber-criminals operating today.

by Danny Bradbury Whoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river of CVE fixes. That’s right – Patch Tuesday was this week and the software giant released patches to fix 129 CVEs. The lion’s share of the bugs are rated important, but there are 11 CVEs rated