How confident are you that you have the best security practices in place across your organization? Like most, you probably have your concerns. Ever wonder what keeps your peers up at night and how your security practices compare to others? We recently sponsored a SANS survey on endpoint protection and response which surveyed IT professionals who
The UK’s flag carrier vows to compensate all customers who will lose out financially due to the incident British Airways has revealed the theft of customer data that compromised around 380,000 payment cards. “We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app,” the air
A highly popular top-tier app in Apple’s Mac App Store that’s designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China. What’s more concerning? Even after Apple was warned a month ago, the company did
The US government has turned up the heat on Pyongyang after indicting a North Korean citizen and member of the infamous Lazarus Group for the attacks on Sony Pictures Entertainment (SPE), Bangladesh Bank and the infamous WannaCry ransomware. Filed on June 8, 2018 in Los Angeles federal court and posted today, the indictment alleges that programmer
by Lisa Vaas It’s one thing to slip spyware onto somebody’s phone so you can surreptitiously intercept text messages, call logs, emails, location tracking, calendar information and record conversations – that kind of privacy-spurning stuff. It’s another thing entirely to be the company that makes and markets the software… and – the coup de GAH!
Since January 1st of 2018, a barrage of cyber attacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices –from wearables and
Far-fetched though it may sound, the answer is yes, according to researchers, who show that electrical grids and smart home appliances could make for a dangerous mix Cybercriminals could rope internet-connected household appliances into a botnet in order to manipulate the demand side of the power grid and, ultimately, cause anything from local outages to
Facebook is opening its first data center in Asia. The company announced today that it is planning an 11-story building in Singapore that will help its services run faster and more efficiently. The development will cost SG$1.4 billion, or around US$1 billion, the company confirmed. The social networking firm said that it anticipates that the
Five Eyes — the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. — issued a threat to tech companies that don’t find ways to comply with law enforcement in the face of encrypted data and devices. Following a meeting in Australia on Aug. 30, representatives of the Five Eyes nations
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. Source: Twitter It seems obvious that this was not part of a coordinated vulnerability disclosure
Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users’ credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private
Dutch security researcher Willem de Groot, who’s particularly interested in security problems on online payment sites, recently wrote about a long-running Magento malware campaign. Magento is to ecommerce what WordPress is to blogging – you can run the open source version on your own servers; you can use an ecommerce partner who’ll run a Magento
WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take
All things labeled Artificial Intelligence (AI) or Machine Learning (ML) are making waves, but talk of them in cybersecurity contexts often muddies the waters. A new ESET white paper sets out to bring some clarity to a subject where confusion often reigns supreme It is no mean feat to find an area in business and
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable
Google has started restricting ads for tech support services ahead of rolling out a verification program to deal with rising levels of fraud enabled by advertising on its search platform. The search giant claimed to have taken down more than 3.2 billion ads that violated its advertising policies: amounting to over 100 per second. However,
by Paul Ducklin We went on camera to discuss some fascinating research that set out to meaure what your video screen lets slip about you behind your back. Enjoy… (Watch directly on YouTube if the video won’t play here.) DEEP LEARNING FOR DEEPER CYBERSECURITY Watch Video Follow @NakedSecurity Follow @duckblog
Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw
The adoption of the protocol’s secure variant has continued its growth spurt in recent months, crossing the 50-percent milestone for the first time ever More than one-half (51.8 percent) of the one million most visited websites worldwide now actively redirect to HTTPS, the secure version of the HTTP protocol over which data between a device
Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in exchange to access this information.
At least one malicious actor began exploiting a critical vulnerability in Apache Struts in the wild, despite a patch being issued last week. According to researchers at Volexity, a cybersecurity company based in Washington, D.C., the exploits of the Apache Struts vulnerability surfaced in the wild not long after a proof-of-concept (PoC) exploit was published
A recent survey of nearly 200 IT professionals about insider threats found that nearly half of the participants believed they could successfully attack their organizations from the inside. In a blog post earlier this week Imperva researchers reported on insider threats and revealed the findings of the recent survey. Of the 179 IT professionals who participated in the
Few would equate human life with battery life, but for many migrants escaping war or famine, a single percentage point of battery can mean getting the right information at the right time – or not surviving at all. Smartphones today have become an integral part of a forced migrant’s journey. From navigating mountains in Central
Right about now, most kids are thinking about their chemistry homework, the next pep rally or chiming in on their group text. The last thing on their minds as they head back to school is cybersecurity. But, it’s the one thing — if ignored — that can wreck the excitement of a brand new school year.
Even though the majority of companies across the globe have implemented cybersecurity standards, a new report from IT Governance USA found that companies still believe they are the likely target of an attack. Since 2017, there has been a 25% increase in data breaches, according to the ISO 27001 Global Report, which also revealed that
Stop us if you’ve heard this before: avoid installing apps from outside Google Play. But what if you’re itching to battle it out in Fortnite? First, a quick recap: Epic Games has decided to eschew distributing the Android version of its blockbuster game, Fortnite, via Google Play, instead making it available exclusively from its own website.
Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users’ accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might
A campaign recently reported by Farsight Security involved an internationalized domain name (IDN) “homograph-based” phishing website that tricked mobile users into inputting their personal information. The suspected phishing websites presented as commercial airline carriers – specifically Delta Airlines, easyJet and Ryanair – and offered free tickets, fooling users with the age-old bait-and-switch technique. Users were asked
by Danny Bradbury US senators from both sides of the housee have announced a bill that would force the President to act against overseas hackers found targeting the US, or explain why he hadn’t. Senators Cory Gardner (R-CO) and Chris Coons (D-DE) announced the Cyber Deterrence and Response Act (S.3378) this week. The text of
Laptops, mobile phones, tablets, smart watches, and more are all often found in a modern user’s arsenal of personal devices. We rely on these devices for so many things – to wake us up, count calories, connect us to friends and loved ones, provide access to the web, the list goes on. We love our