The videoconferencing platform is making the feature available to users of both free and paid tiers The Zoom videoconferencing platform has announced that starting next week it will begin rolling out long-awaited end-to-end encryption (E2EE) to users. The feature will be released as a technical preview, with the company proactively seeking the feedback of its
Students learning remotely in Massachusetts have had their lessons disrupted by distributed-denial-of-service, or DDoS, attacks. Sandwich Public Schools suffered a week of connection issues after what was first identified as a firewall failure occurred on October 8. A new firewall put in place to resolve the issue subsequently crashed, prompting the technology department to source a firewall
by Paul Ducklin We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. We’d love you to join in if you can – just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on
German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor’s Office, searched a total of 15 properties
Twitter temporarily suspended the account of the president of the United States’ election campaign for “posting private information.” The account @TeamTrump was locked for attempting to tweet a video referencing a recent article by the New York Post along with text describing presidential candidate Joe Biden as “a liar who has been ripping off our country for years.” The New
Some footage has already appeared on adult sites, with cybercriminals offering lifetime access to the entire loot for US$150 A hacker collective claims to have breached over 50,000 home security cameras before going on to steal people’s private footage and post some of it online. While a considerable portion of the videos seems to have
by Paul Ducklin If you nearly didn’t read this article because you thought the headline sounded like a story you could take for granted, as you would if you saw an article called “Dinosaurs Still Extinct” or “Sun to Rise in East”… …then be aware that we nearly didn’t write it for the same reason.
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people
Carnival Corporation has disclosed that passenger and employee data from three different cruise lines was accessed in a ransomware attack that took place in August. On August 15, the British-American cruise operator discovered that an unauthorized third party had compromised its computer system and downloaded data files. An update issued by the corporation yesterday states that personal data
Bad actors have accessed US elections support systems, although there’s no evidence to suggest that election data has been compromised, say FBI and CISA Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United
by Paul Ducklin Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. After all, why risk letting the crooks sneak in front of you when you could take a
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware’s back-end infrastructure. The joint collaboration, which involved Microsoft’s Digital Crimes Unit, Lumen’s Black Lotus Labs, ESET, Financial Services Information Sharing and Analysis Center (FS-ISAC),
North Carolina has opened a cybercrime hotline after state residents lost millions of dollars to COVID-19-related cyber-scams. The free NC 2-1-1 phone line, one of the first to be launched in the United States, has been funded by state and federal grants. Fraudulent schemes claiming victims in the Tarheel State include cell phone cloning, fake
Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort ESET has collaborated with partners Microsoft, Lumen’s Black Lotus Labs, NTT Ltd. and others in an attempt to disrupt Trickbot botnets. ESET contributed to the project by providing technical analysis, statistical information, and known command and control server domain names
by Paul Ducklin Good news, for a while at least. Microsoft went to US District Court for the greater good of all of us and came away with a court order permitting it to take over a whole raft of internet servers. The company was authorised to take over a wide range of IP numbers,
Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and shift to a mainly remote workforce. Supporting end-users that are now working from home has introduced new challenges in troubleshooting since it isn’t as simple as visiting an end user’s
Ransomware was the most observed threat in 2020, according to a global corporate investigations and risk consulting firm based in New York City. Kroll‘s proprietary data on cyber incident response cases shows that ransomware attacks accounted for over one-third of all cases as of September 1, 2020. While this particular form of malware has struck
Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk Labs today and shared with The Hacker News, the high privileges often associated with anti-malware products render
It’s easy to reset your password or PIN after a data breach. But reset your face? Not so much. You can reset your PIN after a data breach, you can reset your password after a data breach, you can reset your security questions after a data breach – but can you reset your face? Sure,
The Pentagon is to significantly increase the size of the United States Space Force’s cybersecurity team. Plans to add over a thousand new personnel were revealed by the force’s chief technology and innovation officer, US Space Force Major General Kimberly Crider. Speaking at the CyberSatGov virtual event held yesterday, Crider said that 130 cybersecurity officers would be
It may be impossible to delete your personal information from Houseparty and other social media services – despite privacy legislation! My colleague Jake Moore recently published a blogpost Houseparty – should I stay or should I go now? The post intrigued me, not just for the title taken from the great 1982 song by the
by Paul Ducklin “If you connect it, protect it” is a short and simple slogan that we’ve taken straight from this year’s Cybersecurity Awareness Month (CSAM). We wrote about CSAM last week, on the first of the month, to explain why we think CSAM is still worth supporting, for two main reasons. The first reason
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360’s Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a
A Tennessee firm that provides health data management services has agreed to pay the United States Office for Civil Rights (OCR) $2.3m to settle charges related to a data breach. Charges were brought against Tennessee-based Community Health Systems (CHSPSC LLC) by 28 states after the personal health information (PHI) of millions of people ended up in the hands
Five ethical hackers have earned almost US$300,000 in bug bounty rewards – so far A team of five ethical hackers have discovered a grand total of 55 vulnerabilities in a range of Apple’s services, with almost a dozen flaws rated as critical. The disclosed security loopholes – which were found over a span of three months
by Paul Ducklin Join us for the first episode in the brand new Series 3 of our Naked Security Podcast. This week we wonder whether Cybersecurity Awareness Month is a waste of time, explain the concept of “linkless phishing“, ask if it’s ever OK to pay a ransomware demand, and advise what to do when
A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to “fully compromise both customer and
Cyber-attacks have been levied against journalists in Angola after they reported that the Angolan president’s chief of staff had embezzled public funds. Independent online news provider Correio Angolense published an article online covering the claims against Edeltrudes Costa that were first made by the Portuguese TV channel Televisão Independente (TVI). The broadcaster launched an investigation after companies
The feature is part of the browser’s security improvements that were first built into its desktop version Google is bringing new security features on the Android and iOS versions of its Chrome web browser. Chrome 86, which was released earlier this week, adds features that are aimed at bolstering password protection and as well as adding a
by Paul Ducklin Earlier this week, we published an article headlined “If you connect it, protect it.” The TL;DR version of that article is, of course, exactly the same as the headline: if you connect it, protect it. Every time you hook up a poorly-protected device to your network, you run the risk that crooks