In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk.
A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21.5m today for participating in the NetWalker ransomware attacks, said the Department of Justice (DOJ) Office of Public Affairs on Tuesday. Sebastien Vachon–Desjardins, 35, of Gatineau, Quebec, was extradited to the United States in January this year according to the extradition treaty between
by Naked Security writer Naked Security has written and talked about Sebastien Vachon-Desjardins before, in both article and podcast form. Vachon-Desjardins had been a federal government worker in the Canadian Capital Region (he comes from Gatineau in Quebec, directly across the river from the federal capital Ottawa in Ontario)… …but he seems to have decided
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint,
Social media has become a part of our everyday lives. Each day millions of people log on to Facebook, Twitter, and other social sites and engage with friends and family. We share our lives more freely and publicly than ever before, and connect with people around the world more easily than our ancestors could have
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) to improve asset visibility and vulnerability detection on federal networks. Named BOD 23–01 and becoming effective on April 03, 2023, the new directive requires federal civilian executive branch (FCEB) agencies to perform automated asset discovery every seven days. “While many
by Paul Ducklin Elvis, you might say, has left the building, but only to be transported from court to federal prison. In this case, we’re referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in uunder two years from individuals and business
As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home? Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of
India’s Central Bureau of Investigation (CBI) on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. “The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from
With “See Yourself in Cyber” as the theme for this year’s Cybersecurity Awareness Month, the focus is on you with a look at several quick ways you can quickly get safer online. Now in its 21st year, Cybersecurity Awareness Month marks a long-standing collaboration between the U.S. government and private industry. It’s aim, empower people
A former US National Security Agency (NSA) employee has been arrested after trying to sell classified information to an undercover Federal Bureau of Investigation (FBI) agent posing as a foreign spy working for a foreign government. Federal prosecutors do not directly identify the government in question. Still, according to the FBI agent’s affidavit, Jareh Sebastian
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian’s Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery. Ransomware coverage from McAfee can reimburse you up to $25,000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this
Threat actors associated with North Korea have been spotted weaponizing legitimate open–source software targeting employees in organizations across multiple industries. The findings come from Microsoft Threat Intelligence Center (MSTIC), which published an advisory about the threat on Thursday. According to the technical write–up, the attacks were executed by an actor Microsoft tracks as Zinc –
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the autumn of 2021. The campaign started with spearphishing emails containing
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. “These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know
Xtreme RAT and Cryptominer have been delivered through pirated copies of the Windows operating system (OS) software. The discovery comes from eSentire’s Threat Response Unit (TRU), with the security researchers publishing an advisory about the new threat on Thursday. “Several malicious Windows services on the system were responsible for modifying system permissions, disabling Windows Defender, and
by Paul Ducklin DON’T PANIC… BUT BE READY TO ACT With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere
The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 This week, the ESET Research team has published the results of their analysis of recent attacks carried out by the Lazarus APT group. Using spear-phishing emails that contained malicious Amazon-themed documents, the group targeted
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker
McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security. WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN and our comprehensive online protection software. And just as before, it offers smart protection that can
A hacking group dubbed ‘Witchetty’ has been observed using a steganographic technique to hide a backdoor in a Windows logo and target Middle Eastern governments. According to a new advisory by Broadcom, Witchetty (aka LookingFrog) is believed to have connections to the state–backed Chinese threat actor APT10 as well as with TA410 operatives, a group
by Paul Ducklin Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend… …and along comes a brand new zero-day hole in Microsoft Exchange! More precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a hole to
Threat actors have been found deploying never-before-seen post-compromise implants in VMware’s virtualization software to seize control of infected systems and evade detection. Google’s Mandiant threat intelligence division referred to it as a “novel malware ecosystem” that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access to the hypervisor
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you. The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which
A new multifunctional malware written in the Go programming language has been spotted in the wild, targeting both Windows and Linux systems. The discovery has been made by Black Lotus Labs, the threat intelligence team at Lumen Technologies, who published an advisory about the new threat on Wednesday. The team reportedly discovered and analyzed roughly
by Paul Ducklin CUTTING THROUGH CYBERSECURITY NEWS HYPE With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online The digital world has provided countless opportunities for youngsters that their parents never experienced. It helped kids stay in touch with each other during the dark days of pandemic-era lockdowns. And now that
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. “The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works,” Kaspersky researchers said.
- 1
- 2
- 3
- …
- 60
- Next Page »