by Paul Ducklin You’ve probably heard of a Blue Moon, which is the second full moon in any calendar month. The last one was back in 2018; the next one is coming up in October 2020. Well, 28 July 2020 is a Blue Firefox Update event – the second major security fix of the month,
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to create,
A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected. The controller was designed for secure local and remote server management to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers. Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy
The attackers and their motivations remain unknown; however, the incidents yet again highlight the risks of careless data security Thousands of unsecured internet-facing databases have been on the receiving end of automated ‘Meow’ attacks that involve destroying the data without leaving as much as an explanatory note. A search on Shodan shows that as the
by Paul Ducklin SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Let’s start at the very top of the ransomware dilemma. Should you ever pay blackmail money to ransomware crooks? As you can imagine, law enforcement
Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skills are highly valued in tech, finance, sales, marketing, and many other
The CEO of a technology startup based in Virginia is facing federal charges for allegedly masterminding an investment scam whose victims lost millions of dollars. Danny Boice was the founder and CEO of the now bankrupt privately held company Trustify Inc that was established in 2015. From its headquarters in Crystal City, the firm provided
American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m. According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal
The Identity Theft Resource Center doesn’t expect the trend to last, however While cybercriminals have been busy targeting people with various flavors of COVID-19-related scams, the number of publicly reported data breaches in the United States in the first half of 2020 dropped by 33% year-on-year. This is according to a report published by the Identity Theft
Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The Hacker News on condition of anonymity. The company’s website and the Twitter account say, “We are currently experiencing an outage
The United States government is teaming up with the University of Chicago to develop a nationwide quantum internet. The network, which would run in parallel with the current internet, could be used to securely send sensitive financial information and data pertaining to matters of national security. If all goes to plan, a functional network could
In another incident, ransomware attackers almost forced the cancellation of a match, a report reveals Sports organizations from around the United Kingdom have been urged to tighten their cybersecurity after a report revealed a string of attacks against various sports clubs, including an attempt to disrupt a lucrative Premier League transfer deal. In its first
by Paul Ducklin If you’re interested in cybersecurity you’ve probably read any number of reports in recent years about the often tenuous state of security in consumer devices. From insecure doorbells to webcams, and from light bulbs to home routers, we’ve written our own share of horror stories in recent years. That’s disappointing, but hardly
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI’s servers. The twin reports, courtesy of cybersecurity firms Synacktiv and
A former Florida tax collector has been indicted on charges of stalking a political opponent and stealing their identity. Federal stalking charges were brought against Lake Mary resident Joel Greenberg in June. The 35-year-old is accused of spreading false information about a political opponent who worked at a Seminole County school. According to the indictment, Greenberg created
The tech giant introduces its own version of verified accounts in Gmail, rolls out increased moderation controls in Meet, and enhances phishing protection in Chat Google has announced a host of new features for its G Suite family of applications that are aimed at bolstering the security of Gmail, Meet and Chat users. The company is
by Paul Ducklin If you were about to spend more than a million dollars, how careful would you be about where you sent the money? More importantly, how would you check with the recipient of the money – and how would they check with you – that both ends of the transaction were lined up
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors’
The open letter highlights five security and privacy principles that require heightened attention from videoconferencing services Six data protection and privacy authorities from countries in four continents have addressed an open letter to video teleconferencing (VTC) companies, asking them to re-evaluate how they safeguard the privacy rights and data of citizens around the globe. With people
A Florida Tax Collector’s Office has blamed malware found on an employee’s computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June at the Tax Collector’s Office for Polk County (TCPC). Information exposed in the attack included Social Security numbers and driver’s license numbers. In a statement
Telecom Argentina says it has contained the attack and regained access to its systems without paying up Telecom Argentina, one of the country’s largest Internet Service Providers (ISPs), has suffered a major ransomware attack, according to a local report. The cybercriminals behind the attack demanded US$7.5 million in Monero cryptocurrency to unlock the encrypted files,
The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries. The 11-count indictment, which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of
A recent Delaware Department of Health and Social Services data breach resulted in the private data of hundreds of disabled Delawareans’ being included in a student project. Data included in the breach included full names, birth dates, primary diagnosis, and county of residence. The breach occurred when four students from the University of Delaware contacted
A report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services Seven Virtual Private Network (VPN) providers who claim not to keep any logs of their users’ online activities recently left 1.2 terabytes of private user data exposed to anyone who comes looking. The data, found on a server
An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News. The attacks were observed during the first week of July, coinciding
American multinational corporation Fortinet today announced the acquisition of OPAQ Networks. Financial terms of the deal were not disclosed. OPAQ is a Secure Access Service Edge (SASE) cloud provider based in Herndon, Virginia. The company is known for its Zero Trust Network Access (ZTNA) cloud solution, designed to protect all kinds of distributed networks, including data centers, branch offices, remote
by Paul Ducklin VPNs are all the rage these days, because they’re supposed to boost your privacy and stop you being tracked. In fact, “VPN” has become a word in its own right, pronounced vee-pee-en, and it’s a crowded market with companies advertising online, on TV and even in print media to compete for your
The United States Department of Justice has extradited two criminals from the Republic of Cyprus—one is a computer hacker suspected of cyber intrusions and extortion, and the other is a money launderer with known connections to the terrorist organization Hezbollah. Both suspects—Joshua Polloso Epifaniou, 21, a resident of Nicosia, and Ghassan Diab, 37, a citizen
An alleged cyber-criminal has become the first Cypriot national to be extradited from the Republic of Cyprus to the United States. Joshua Polloso Epifaniou, a resident of Nicosia, Cyprus, arrived at John F. Kennedy Airport in New York on July 17. The 21-year-old, who is wanted in two US states, was arrested in Cyprus in February 2018.
ESET malware researcher Lukas Stefanko gives us a peek behind the scenes of his analysis of CryCryptor ransomware and puts the threat into a broader context The COVID-19 pandemic has reshaped the way we work and, in many cases, also the way we interact with our loved ones. While a number of governments contemplate using
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 157
- Next Page »