by Paul Ducklin [00’27”] Cybersecurity tips for the holiday season and beyond. [02’20”] Fun fact: The longest-lived Windows version ever. [03’40”] Exchange at risk from public exploit. [10’34”] GoDaddy loses passwords for 1.2m users. [18’25”] Tech history: What do you mean, “It uses a mouse?” [20’25”] Don’t make your cookies public! [27’51”] Oh! No! DDoS
Service providers have suspended over 20 websites in Germany and the UK for disseminating online terrorist propaganda, Europol has revealed. In the last week of October, a referral action targeted 50 sites that police flagged for promoting violent jihadist ideology in support of terrorist groups such as the Islamic State (IS) and al-Qaeda. Police requested
Threat Summary On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities” which you need to pay attention to if you use Microsoft Exchange or Fortinet appliances. It highlights one Microsoft Exchange CVE
With the holiday shopping bonanza right around the corner, here’s how to make sure your online spending spree is hacker-free Black Friday is almost upon us and Cyber Monday is just around the corner, which means that most of us will be on the hunt for the perfect bargain. Which, to be honest, we will
It’s been well over two years since the UK’s data protection watchdog warned the behavioural advertising industry it’s wildly out of control. The ICO hasn’t done anything to stop the systematic unlawfulness of the tracking and targeting industry abusing Internet users’ personal data to try to manipulate their attention — not in terms of actually
Camlist, a video marketplace for pets, has raised $1.3 million in a pre-seed round, funding that the startup plans to use to develop its platform and grow its workforce — as it looks to expand its reach in the UK, its second market (after the U.A.E.), which it entered earlier this year. Unlike other marketplaces,
VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5
by Paul Ducklin The US Securities and Exchange Commission (SEC) has issued numerous warnings over the years about fraudsters attempting to adopt the identity of SEC officials, including by phone call spoofing. Call spoofing is where a scammer calls you up on your landline or mobile phone, claims to be from organisation X, and then
A website, initially set up by graduates to offer IT support, has caught a criminal after a woman used it to try to arrange the murder of her ex-husband. RentaHitman.com is a darkly titled domain set up by a group of friends after they graduated from a California business school with degrees in IT. The site’s operator,
Threat actors have previously timed ransomware and other attacks to coincide with holidays and weekends In the run-up to Thanksgiving and the holiday season, the United States’ Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are urging organizations, especially those operating in critical infrastructure, to remain vigilant against ransomware and other
You’ve heard it before. Network infrastructure and operations teams and information security teams are collaborating more than ever. For my research practice, I’ve started calling this NetSecOps collaboration. One reason this collaboration is becoming more common is data. The security team needs network traffic data for one reason or another, and it needs the network
If you find that your email has been hacked, one of your immediate reactions is wondering what you should next. The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account. So why do hackers go after email accounts? Fact is, that email account of yours is
Head of Instagram Adam Mosseri will testify before the Senate for the first time as part of a series of hearings about online safety for children and teens. Per The New York Times, Mosseri’s hearing will take place on December 6. Mosseri’s upcoming testimony comes after Sen. Richard Blumenthal (D-CT) wrote a letter to Facebook
Overlooking a lush wetland in Hong Kong, the International Digital Economy Academy (IDEA) quietly opened last year. The research institute sits on the northern bank of the Shenzhen River, which separates Hong Kong from mainland China. But technically, it’s located inside a special area straddling the two cities: the Shenzhen-Hong Kong Innovation and Technology Cooperation
Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as “notorious hackers — amoral 21st century mercenaries who have
by Paul Ducklin At the start of this month, CVE-2021-42321 was technically an Exchange zero-day flaw. This bug could be exploited for unauthorised remote code execution (RCE) on Microsoft Exchange 2016 and 2019, and was patched in the November 2021 Patch Tuesday updates. Microsoft officially listed the bug with the words “Exploitation Detected”, meaning that
More than four-fifths (81%) of UK retailers are putting their customers at risk of email fraud by not implementing the recommended level of domain-based message authentication, reporting and conformance (DMARC) protection. This is according to a new study by Proofpoint, which warned of a likely surge in fraudulent emails targeting online shoppers ahead of this year’s Black
Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of cloud services for business transformation and the acceptance of hybrid workforce policies. CSGs, also commonly known as Cloud Access Security Brokers (CASBs), are responsible for enforcing security policies to protect cloud-hosted corporate assets from advanced
What is a startup? It’s a question so picked over at this point that it feels like the only answer is it depends. That’s fair. In the past, we might have said that once a private-market company earns a $1 billion valuation, it is no longer a startup. But with venture capitalists and crossover investors
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed Data breaches occur when an unauthorized third-party accesses an organization’s private information. Often, they involve theft of customers’ and/or employees’ personal data. There are strict rules
French startup Leocare has raised a big Series B funding round led by Eight Roads. Overall, the company has raised $116 million. It’s an equity and debt round, which means that part of this amount is a cash-for-equity transaction, while the rest is a credit line. The company is raising today’s Series B less than
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites. “The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms,” researchers from Sansec Threat Research said in an analysis.
by Paul Ducklin The US Securities and Equities Commission (SEC) has just published a “Security Incident” submitted last week by Web services behemoth GoDaddy. GoDaddy says that on 17 November 2021 it realised that there were cybercriminals in its network, kicked them out, and then set about trying to figure out when the crooks got
The largest theft of Bitcoin from a single individual was allegedly perpetrated by a Canadian teenager. An unnamed youth was arrested last week on suspicion of stealing crypto-currency worth approximately $36.5m from an unnamed victim who is located in the United States. It is alleged that the defendant used a SIM swapping attack to gain access to
With the acceleration of cloud migration initiatives—partly arising the need to support a remote workforce during the pandemic and beyond—enterprises are finding that this transformation has introduced new operational complexities and security vulnerabilities. Among these are potential misconfigurations, poorly secured interfaces, Shadow IT (access to unauthorized applications), and an increasing number of connected devices and
A year ago I accidentally turned my house into a smart home. What started out as an easy (and lazy, let’s be honest) way to switch off the radio in the kitchen without getting up from the couch quickly became an obsession to remotely control and automate as much of my house as possible. What
French startup Lydia is entering a whole new category by adding trading to its financial super app later this year. The company is partnering with Bitpanda for this feature. Lydia users will be able to buy, hold and sell American and European shares, precious metals, cryptocurrencies and ETFs. Lydia started as a peer-to-peer payment app
A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it
The United States has charged two Iranian computer hackers in connection with a cyber-campaign intended to influence the outcome of America’s 2020 presidential election. An indictment unsealed in New York on Thursday alleges that 24-year-old Seyyed Mohammad Hosein Musa Kazemi and 27-year-old Sajjad Kashian conspired with others to intimidate and influence American voters, undermine voter confidence, and
A new business model for threat actors may level the playing field among cybercriminals and pose more trouble for enterprise security teams. While gathering vulnerability intelligence through dark web forums, Digital Shadows researchers observed discussions on the emergence of exploit as a service, which would “inevitably lower the barrier for accessing sophisticated exploits.” In this
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 234
- Next Page »