As Facebook turns 16, we look at how to keep your personal information safe from prying eyes Sixteen years, that’s how long Facebook has been around. This means that it has accompanied some of us throughout our teenage years to adulthood. Quite an achievement since websites and services tend to lose popularity over the years
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices. Whether it’s about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted
Cyber-criminals have stolen “almost all funds” entrusted to crypto exchange platform Altsbit. The Italian exchange announced it had become the target of a devastating hack yesterday on Twitter. According to their posts, criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) “coins” with a combined value of $27,000. Funds kept in cold storage—crypto coins whose
by Paul Ducklin Ransomware is one of the most feared cybercrime problems of the modern era. The idea of malware that scrambles your files and demands money to get them back is not new – the first widespread attack happened back in 1989 – but the scale of the threat has changed dramatically in the
Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction Google has rolled out a security update to address a critical flaw in Android’s Bluetooth implementation that allows remote code execution without user interaction. The vulnerability, tracked as CVE-2020-0022, affects devices running
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a
A new study focused on distributed denial of service (DDoS) attacks has found that pornographic websites received by far the most attacks per site last year. To produce their “Global DDoS Threat Landscape” report, researchers at Imperva studied attack data gathered between May and December 2019. Their findings, published yesterday, reveal that websites in the adult entertainment industry received
by Alice Duckett Over the past couple of years, Sophos’ Director of Security Craig Jones has discovered a worrying amount of personal data on public Trello boards. Mark says companies shouldn’t microchip their employees and Duck discusses a bug that could have blown a hole in OpenSMTPD. Host Anna Brading is joined by Sophos experts
The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13 Facebook is rolling out a slew of changes to Messenger Kids that give parents more control over how their children use the messaging app. You can review who your kids are interacting with and review their chat
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing
With Valentine’s Day just around the corner, the Federal Bureau of Investigation has warned Americans to be on the lookout for cyber-based romance scams. The Richmond, Virginia, branch of the FBI said criminals used the most romantic day of the year as an opportunity to con victims out of their hard-earned cash or personal data.
The Mirai botnet has been a constant IoT security threat since it emerged in fall 2016. The subsequent release of its source code only extended Mirai’s reach and is one of the many reasons NetScout labeled it the “king of IoT malware.” While Mirai’s distributed denial-of-service capabilities aren’t anything researchers haven’t seen before, “when wielded
by Paul Ducklin Thanks to the Sophos Security Team for their help with this article. Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Here’s a tasteless and exploitative example, reported to us by the Sophos Security Team, of a current scam that uses the
What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice. Many people ask me about what it was like working for law enforcement. More often than not, however, they are actually enquiring about how computer crime is truly investigated. Whether it’s questions about how accurately it
It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can’t connect
A Kentucky resident charged with human trafficking and the online promotion of underage sex workers has been accused of creating fake social media profiles to contact victims and dissuade them from testifying against him. Nigel Nicholas was first arrested in February 2018 and charged with two counts of human trafficking and one count of promoting
by John E Dunn Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones. And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means
A helmet may not be enough to keep you safe(r) while riding an e-scooter Electric scooters are steadily becoming a popular alternative for short commutes. Besides convenience, however, they also introduce a range of cybersecurity and privacy risks, according to a study by the University of Texas at San Antonio (UTSA). The review – which UTSA
Google might have mistakenly shared your private videos saved on the company’s servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the result of a “technical issue” in Google’s Takeout, a service that backs up all your
A California man could face up to 25 years in prison after pleading guilty to downloading child pornography and habitually hacking into the computer system of Japanese gaming giant Nintendo. Ryan Hernandez was still a minor when, together with an associate, he used a phishing technique to steal the credentials of a Nintendo employee in 2016. The data
by John E Dunn Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company’s Safari WebKit team is
As the tide of phishing attacks rises, improving your scam-spotting skills is never a bad idea Many people are confident in their ability to recognize phishing scams a mile away. In a recent survey, however, only 5% of the respondents had a 100-percent success rate in spotting simulated attacks aimed at stealing their sensitive information.
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a
A data breach at Indian airline SpiceJet has exposed the personal information of over a million passengers. Access to the airline’s computer system was gained last month by a security researcher, who went on to report the breach to TechCrunch. Using a brute-force attack, the researcher busted into an unencrypted database backup file containing the private information of
Strong identity and access management procedures are critical as regulatory compliance rules and data fraud incidents persist. Yet, implementing and maintaining world-class IAM practices can be challenging as an organization’s data management needs increase in complexity. Security leaders said it becomes more challenging to maintain a strong IAM program as the complexity of the organization
by John E Dunn Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t participated in the growing and profitable MSSP market as it entailed massive investments in building
A county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago. Cyber-criminals hit Tillamook County in a targeted attack last Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.
by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which
ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 132
- Next Page »