by Paul Ducklin Researchers at Qualys have revealed a now-patched security hole in a very widely used Linux security toolkit that’s included in almost every Linux distro out there. The bug is officially known as CVE-2021-4034, but Qualys has given it a funky name, a logo and a web page of its own, dubbing it
There’s been a 29% increase in the number of vulnerabilities exploited by ransomware groups to compromise their targets over the past year, according to a new industry report. The Ransomware Spotlight Year End Report was written by security vendors Ivanti and Cyware alongside CVE numbering authority Cyber Security Works. It’s compiled from multiple data sources, including Ivanti and
Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs On November 11th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering
Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users’ browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users’ browsing history for a
by Paul Ducklin Many countries have taxation forms with names that have entered the general vocabulary, notably the abbreviations of documents that employers are obliged to provide to their staff to show how much money they were paid – and, most importantly, how much tax was already witheld and paid in on the employee’s behalf.
It’s a long-standing question. Can Apple Macs get viruses? While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may
Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud. The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75%
Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here’s how to stay safe from a simple but effective attack I have been fascinated with the thought of being able to break into a bank ever since my love for bank robbery films began in
The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being
by Naked Security writer Russian news agency Tass reported over the weekend that the “purported founder” of a notorious cybercrime group known as Infraud Organisation has been arrested. Naked Security first wrote about law enforcement action against this crime crew almost three years ago, back in February 2018, when the US Department of Justice (DOJ)
The volume of publicly reported data compromises in the US soared 68% year-on-year to a record high of 1862, according to new data from the Identity Theft Resource Center (ITRC). The non-profit said the figure was 23% higher than the previous record, set in 2017. The number of victims was down 5%, continuing a recent trend
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using “unconventional” IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically
Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals. Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration. The amendment defines ransomware
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed “strategic similarities” to NotPetya malware that was unleashed against the country’s infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and
A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors. Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing. Hancock is also suspected of recording more victims while inside his home on Overlook Drive.
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53
by Paul Ducklin Maltese cryptocoin broker Foris DAX MT Ltd, better known by its domain name Crypto.com, experienced a multi-million dollar “bank robbery” earlier this month. According to a brief security report published yesterday, 483 customers experienced ghost withdrawals totalling just over 4800 Ether tokens, just over 440 Bitcoin tokens, and just over $66,000 in
Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations. Fast forward a few dozen decades, and the
Merck has won a long-running legal battle to force its insurer to cover the costs of damages caused by the NotPetya ‘ransomware’ attacks. The pharma giant was one of many big-name multinationals hit by the destructive malware, disguised as ransomware by Russian attackers targeting Ukrainian organizations back in 2017, as they are again today. However, the
Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again Email has been with us for decades. And while social media and mobile messaging apps are increasingly popular, it remains the mainstay of our
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year. McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best. Over the course of 2021, AV-Comparatives subjected 17 different online
Cybersecurity researchers in Canada have found a “devastating flaw” in the MY2022 app, designed for use by attendees of this year’s Winter Olympic Games in Beijing. The vulnerability was discovered by the Citizen Lab – an academic research laboratory based at the Munk School of Global Affairs at the University of Toronto. In findings published Tuesday, researchers said that the flaw
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted
Social media is part of our social fabric. So much so that nearly 50% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you
The UK government has announced plans to crack down on the advertising of cryptocurrency products to prevent consumers from being misled into purchases. The Treasury claimed that around 2.3 million people in the country now own some form of “cryptoasset,” but that understanding of these financial products is declining. That could lead to them being
ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries Donot Team (also known as APT-C-35 and SectorE02) is a threat actor operating since at least 2016 and known for targeting organizations and individuals in South Asia
An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. “The malware is being distributed under the guise of adult games,” researchers from AhnLab’s Security Emergency-response Center (ASEC) said in a new report published on Wednesday. “Additionally, the DDoS malware was installed
by Paul Ducklin Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple’s web browser software. Technically, the bug exists in Apple’s open source WebKit browser engine, which means it affects any browser that relies on WebKit. As you might expect, this includes all versions of Apple’s own
- 1
- 2
- 3
- …
- 27
- Next Page »