0 Comments
Human negligence, cyber skills gaps and disinterested C-level execs are putting manufacturing firms at an escalated risk of serious breaches, according to Capgemini. The global consultancy collected responses from cybersecurity leaders in 950 organizations to compile its report, Smart & Secure: Why smart factories need to prioritize cybersecurity. It revealed that while over half (51%) of respondents
0 Comments
Security researchers have uncovered a likely state-sponsored information-stealing operation targeting SOHO workers over the past two years. Coinciding with the shift to mass remote working during the pandemic, the operation was focused on accessing corporate resources via less well-protected home routers, according to Lumen Technologies. It targeted at least scores of SOHO devices from manufacturers including
0 Comments
War in Europe, a reminder for shared service centers and shoring operations to re-examine IT security posture European business leadership, especially CISOs, CTOs, and chief data officers (CDOs), are adjusting to the fact that the war in Ukraine is a war in Europe and has global implications. Sanctions, military aid, and even incoming refugees are
0 Comments
Security researchers have uncovered a new Chinese influence operation targeting Western rare earth producers, which could set the tone for future campaigns in other sectors. The Dragonbridge campaign has been operating since 2019, using a network of thousands of inauthentic accounts on multiple social media platforms, websites and forums to promote Chinese interests abroad. However, Mandiant
0 Comments
by Paul Ducklin Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and sextortionists. Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime: Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a
0 Comments
UK critical national infrastructure (CNI) organizations could face an exodus of cybersecurity leaders over the next 12 months due to stress and burnout, according to new research from Bridewell Consulting. The survey of 521 UK cybersecurity decision-makers in communications, utilities, finance, government, transport and aviation found that 95% of respondents are experiencing factors that would make them likely
0 Comments
by Paul Ducklin Another day, another De-Fi (decentralised finance) attack. This time, online smart contract company Harmony, which pitches itself as an “open and fast blockchain”, has been robbed of more than $80,000,000’s worth of Ether cryptocoins. Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony’s website, you’ll probably end up totally
0 Comments
Police from Europe and South America have teamed up to take action against an organized crime group involved in human trafficking for sexual exploitation. Between 20-23 June, they swooped on 14 locations, arrested 10 and interviewed eight victims. Among items seized in the searches were vehicles, electronic equipment, hard drives, over 40 mobile phones, SIM
0 Comments
A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected systems without detection. Available on Russian-speaking cybercrime forums
0 Comments
The second day of InfoSecurity Europe 2022 saw Geoff White, investigative journalist and author of Penguin Books’ The Lazarus Heist, discuss how government-sponsored cyber-attackers increasingly interact with organized crime gangs, operating seamlessly on a global scale. White also touched upon the emerging world of cryptocurrency theft. In illuminating the increasing connection between cybersecurity and geopolitical
0 Comments
The internet makes it easy to get a lot done, but not all of it needs to be public. That’s where incognito mode comes in, letting you hide your search history from others who are using your internet-connected device. For example, imagine searching online for “ideas for a surprise birthday party.” You wouldn’t want the
0 Comments
In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework — a U.S. government guideline for taking care of data. The NIST Cybersecurity &
0 Comments
If you’re one of the countless Apple iPhone owners out there, there’s a good chance that one of the reasons you love your smartphone is because you’ve heard that Apple devices tend to have fewer vulnerabilities to viruses.   Because of their shared operating system, iOS devices enjoy Apple’s security measures, which keeps them protected from
0 Comments
The closing keynote discussion of the InfoSecurity Europe 2022 conference was titled ‘Next Generation, Next Challenges, New Opportunities’ and was moderated by Eleanor Dallaway, editorial director of Infosecurity Magazine. Dallaway was joined onstage by specialists Marc Avery, CISO & director, Cyber Chain Alliance, Jonathan Kidd, global CISO, Computershare and Chris Green, head of PR and
0 Comments
by Paul Ducklin If you’re an OpenSSL user, you’re probably aware of the most recent high-profile bugfix release, which came out back in March 2022. That fix brought us OpenSSS 3.0.2 and 1.1.1n, updates for the two current fully-supported flavours of the product. (There’s a legacy version, 1.0.2, but updates to that version are only