by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 10 September 2018 Apple’s new tool will make it easier for law enforcement to request data Supermicro servers fixed after insecure firmware updating discovered North Korean programmer charged for Sony, WannaCry
Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies A total of 30% of organizations in the United Kingdom fell victim to a cryptojacking attack in the previous month, a recent survey among 750 IT executives across the UK has found. The
Greece just took another U-turn. Mr. Bitcoin a.k.a. Alexander Vinnik is not going to France nor to the United States; instead, he is now possibly going to his homeland Russia. The Supreme Civil and Criminal Court of Greece on Friday has overruled previous decisions and approved to extradite the alleged owner of the now-defunct Bitcoin
Thanks to John Biggs for inspiring this piece; I cosign most of what he says here. I have long been mystified by LinkedIn, because of its spectacular uselessness (for me) as a professional social network. But I also assumed it was useful for someone. Now, though, I’m beginning to wonder if the emperor is naked
Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 07 October 2015 Summary While tracking a suspected Iran-based threat group known as Threat Group-2889[1] (TG-2889), Dell SecureWorks Counter Threat Unit™ (CTU) researchers uncovered a network of fake LinkedIn profiles. These convincing profiles form a self-referenced network of seemingly established LinkedIn users. CTU researchers assess with
Facebook is advertising for a human rights policy director to join its business, located either at its Menlo Park HQ or in Washington DC — with “conflict prevention” and “peace-building” among the listed responsibilities. In the job ad, Facebook writes that as the reach and impact of its various products continues to grow “so does
In response to reports that the US State Department is lagging in its implementation of basic cybersecurity standards, a group of bipartisan senators have written a letter to Secretary of State Mike Pompeo urging him to augment security mechanisms and improve compliance. The senators point out that the password-only approach is not reliable protection, particularly
by John E Dunn If password-only security is reaching its end of days, what will replace it? For years, many have assumed that some form of new authentication must be the answer without being able to agree on which. Now an alliance of big US mobile carriers – Verizon, AT&T, Sprint, and T-Mobile – has
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend more
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware If you use Kodi, you may have noticed that a popular, Dutch repository for third-party add-ons, XvBMC, was recently shut down upon copyright-infringement warnings. Following the shutdown, we discovered that the repository
Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory
Twitter will now put live streams and broadcasts started by accounts you follow at the top of your timeline, making it easier to see what they’re doing in realtime. In a tweet, Twitter said that that the new feature will include breaking news, personalities and sports. The social networking giant included the new feature in its
Author: Brett Stone-Gross, Ph.D.Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 13 October 2015 Summary In the fall of 2015, the Dell SecureWorks Counter Threat Unit™ (CTU™) research team collaborated with the UK National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), and the Shadowserver Foundation to take over the Dridex banking trojan.
Fake social media profiles are useful for more than just sowing political discord among foreign adversaries, as it turns out. A group linked to the North Korean government has been able to duck existing sanctions on the country by concealing its true identity and developing software for clients abroad. This week, the US Treasury issued
It’s 2008 all over again as researchers have found a way to leverage cold boot attacks against modern computers to steal sensitive data from lost or stolen devices. Olle Segerdahl and Pasi Saarinen, security consultants for F-Secure, developed the new cold boot attack method and claim it “will work against nearly all modern computers,” including
Microsoft Office documents accounted for the delivery of nearly half of all malicious macros in August 2018, according to Cofense. A recent blog post found that the macro remains the email attachment of choice for delivering malicious payloads. Of all the mechanisms analyzed, 45% of attackers used these documents to delivery malicious macros, including Geodo,
by Danny Bradbury A wily hacker has scored a thousand dollar cryptocurrency jackpot – 24 times – by using their own code to tamper with a smart contract run by a betting company on the EOS blockchain. EOS is a blockchain-based cryptocurrency launched by Block.one, and it is a competitor to the more established Ethereum.
Navigating security management is an ongoing process and sometimes erratic given the chaotic threat environment. Maneuvering these often-uncharted cyber seas proves complicated and difficult. Is your cybersecurity vessel capable of sailing through tumultuous tides? Earlier this year we set out to obtain a snapshot of where organizations (McAfee & non-McAfee customers) were in their security
Taking advantage of the celebration of the Day of the Programmer, we share some audit tools to evaluate the security of your code September 13 is the 256th day of the year. These three digits may not mean anything to many people, but for those of us who work in different areas of computing it
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter has recently rolled out a new
Venture capital is known for being an opaque industry, so it’s no surprise most of us have no idea what the average VC earns in a year. I got a closer look at the survey results of J. Thelander Consulting‘s annual venture firm compensation survey and, unsurprisingly, VCs make a lot of money. Just how much? Well,
Remember 3D Touch? Unless you’re a power iOS user you probably don’t. Or, well, you’d rather not. It’s been clear for some time now that the technology Apple lauded at its 2015 unveiling as the “next generation of multi-touch” most certainly wasn’t. For the mainstream iPhone user it’s just that annoying thing that gets in
The ICO has received 500 calls each week to its breach reporting helpline since the GDPR came into force in May, but around a third of these don’t meet the minimum threshold, according to the deputy commissioner of operations. James Dipple-Johnstone told the CBI Cyber Conference in London this week that the UK privacy watchdog
by Lisa Vaas Do you feel lucky? Well, do ya, punk? Then go right ahead and hit the “buy” button to pick up a movie on iTunes. Then, be ready to kiss that movie goodbye if Apple loses the rights to distribute it. Yes, it turns out Apple’s iTunes shop is more of a “store
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users.
In its heyday, Kelihos comprised up to 100,000 compromised devices that were capable of blasting out billions of malware-laden emails every day A Russian national has pleaded guilty in a US court to operating Kelihos, one of the longest-running and most pernicious botnets that was used, for almost seven years, to send untold numbers of spam
The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online
Last week, onstage at TechCrunch Disrupt, regulator Jina Choi, who heads the SEC’s wide-reaching San Francisco unit, declined to confirm or deny that the SEC is investigating Tesla CEO Elon Musk for possible fraud. Said Choi, “I can’t tell you about any particular investigation in our office. And I can’t confirm or deny the existence
The complaints in this case were lodged prior to the UK legislating for a new surveillance regime, the 2016 Investigatory Powers Act, so in coming to a judgement the Chamber was considering the oversight regime at the time (and in the case of points 1 and 3 above that’s the Regulation of Investigatory Powers Act
Thank you for joining! Access your Pro+ Content below. March 2016 How to buy the best antimalware tools to protect endpoints Share this item with your network: Malware writers are becoming more sophisticated, increasing the threats to data privacy and security. To counter the growing risks of unauthorized access to proprietary or confidential information, the