by Paul Ducklin Here’s some goodish news: the Snake ransomware seems to have made the news last week on account of its name rather than its prevalence. Because, well, SNAKE! Like most ransomware, Snake doesn’t touch your operating system files and programs, so your computer will still boot up, log in, and let you open
When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by
A threat group has once again taken to the internet to publish data stolen from alleged victims who refuse to cooperate with its ransom demands. In December 2019, the MAZE ransomware group published online a portion of the 120 GB of data they claimed to have stolen from Southwire, North America’s most prominent wire and cable manufacturer,
The ability of Iranian cyberattackers to do some serious damage to U.S. systems is not in doubt. They have crippled U.S. cities and businesses with ransomware attacks, malware that encrypts data until a ransom is paid. One question is whether HR security efforts are being deployed to respond to potential threats like this one. The
by Lisa Vaas We’ve got some bad ransomware news, and we’ve got some good, cyberattack-THWARTED! news. First, the bad: over the holiday break, crooks who are so morally bankrupt that they target the organizations that serve children pounced on schools in the US city of Pittsburg, California. On Monday, the superintendent of Pittsburg Unified School
Patients of a hacked facial surgery company in Florida are being individually threatened by cyber-criminals, who are demanding money in return for not releasing stolen personal information to the public. The Center for Facial Restoration, Inc. (TCFFR), located in Miramar, became the victim of a cyber-attack in November last year. In a statement published on the TCFFR
by Danny Bradbury Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts. The flaw, CVE-2019-19781, affects the company’s NetScaler ADC Application Delivery Controller and its Citrix Gateway. The first product is a piece of network equipment that ensures online applications perform well, using load balancing and
No one has a road map for securing a connected city – but there should be a whole atlas of such maps Here at CES, Toyota just announced plans to build a 175 acre (70 hectare) playground in Japan to test connected cities, complete with cars, buildings and real residents willing to be something of
It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix’s NetScaler ADC and
Students in the Pittsburg Unified School District of Pennsylvania were left without internet access on Monday as the result of a ransomware attack. With schools’ internet servers and email compromised, youngsters returning to classes after the winter break were forced to enrich their brains the old-fashioned way, through books and direct teaching. “We will be
by Paul Ducklin Right at the end of 2019, we wrote about the “decade-ending Y2K bug that wasn’t” in a serious article with a humorous side. In that article, we described a perennial “gotcha” facing Java programmers faced with the simple task of printing out the year. If you tell Java to treat the date
With software becoming more important than ever, how can engaging the security industry make the road ahead less winding? Here at CES, the car manufacturers race to launch the latest gadgets in their new models before the competition. And that’s hard to do without breaking down the software silos. That would mean using widely developed,
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7
Four employees of Amazon’s home security company Ring have been fired after being caught snooping at users’ videos. The online retail giant admitted terminating individuals over unauthorized access in a letter dated January 6 that was addressed to US senators Ron Wyden, Edward Markey, Gary Peters, Chris Van Hollen, and Christopher Coons. In the letter, Amazon states:
The California Consumer Privacy Act went into effect Jan. 1 but will not be enforced until July 1. Those in the customer experience realms of sales, marketing, e-commerce and customer service who’ve already created GDPR compliance plans are a good chunk of the way to CCPA compliance, experts say. CX teams who work for companies
by John E Dunn Just two days after releasing Firefox 72, Mozilla has issued an update to patch a critical zero-day flaw. According to an advisory on Mozilla’s website, the issue identified as CVE-2019-17026 is a type confusion bug affecting Firefox’s IonMonkey JavaScript Just-in-Time (JIT) compiler. Simply put, a JIT compiler takes JavaScript source code, as
The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks. Details about the flaw and its exploitation are rather sparse, however. What
Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla’s website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a
Apple‘s senior director of global privacy has confirmed that the company scans photos uploaded to the iCloud for evidence of illegal activities such as child sexual abuse. Jane Horvath made the admission while speaking at the Consumer Electronics Show (CES) 2020 conference in Las Vegas yesterday, according to The Telegraph. While speaking at the tech conference,
by John E Dunn Researchers report flaws, vendors issue patches, organisations apply them – and everyone lives happily ever after. Right? Not always. Sometimes, the middle element of that chain – the bit where organisations apply patches – can takes months to happen. Sometimes it doesn’t happen at all. It’s a relaxed patching cycle that
TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users’ privacy, censoring politically controversial content and on national-security grounds—but it’s not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers
The US Federal Trade Commission has reached a settlement with a Utah company and its former CEO over allegations that shoddy security practices led to the personal information of over a million customers’ being illegally accessed in multiple hacks. InfoTrax Systems, L.C. and its founder and former CEO Mark Rawlins allegedly failed to use reasonable, low-cost, and
by Danny Bradbury Google has temporarily disconnected Xiaomi’s IP cameras from its Home Hub service after a user reported that he was seeing images from other people’s devices. Google’s Home Hub is the company’s answer to Amazon’s Echo – a connected home automation display controlled via the GUI and a voice assistant. You can use
Footage defined as parody or satire will be permitted, as the social network isn’t slamming the door on all types of manipulated media Facebook is rolling out a new set of rules aimed at curbing the spread of manipulated media as the specter of highly convincing deepfake videos looms large over not only the US
Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store—you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated
A cyber-espionage group dubbed Bronze President has been targeting countries in South and East Asia. Researchers at Secureworks’ Counter Threat Unit (CTU) have observed the group spying on the activities of political and law enforcement organizations and NGOs. The threat group seems to have developed its own remote access tools, which it uses alongside publicly
IT security teams today struggle to make sense of the enormous amounts of data modern IT infrastructures generate and consume, while simultaneously prioritizing and responding to alerts. This enormous responsibility is one of the reasons why detection and remediation times are so poor. In fact, a malicious attack has an average lifecycle of 314 days
by Paul Ducklin Have you ever received items by courier from people overseas? If so, you’ll know that sometimes – notably in the case of gifts, where the other person hasn’t told you what they’re sending – the courier company doesn’t deliver the item directly. Sometimes you get an email saying that the item is
After six and half years in the job, Ciaran Martin is to relinquish his role as head of UK cybersecurity. The 45-year-old has announced plans to surrender his title of chief executive of the National Cyber Security Centre (NCSC) in the summer of 2020. Oxford University graduate Martin, who has dedicated his entire working life
A user who accessed their Xiaomi home security camera via their Google account was shown still images of strangers in unknown locations. The Netherlands-based user, known as “Dio-V,” was confronted with random snapshots from other people’s lives after trying to stream content from a Xiaomi Mijia to a Google Nest Hub. Dio-V reported the incident
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 129
- Next Page »