Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers. “It’s a match” is now a common expression in the dating scene, and
admin
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. “The attack can be performed without user interaction if the management interface of
European missile maker MBDA has publicly denied some of the hacking allegations against the company made on a dark web forum in July and posted on Twitter by Today Cyber News on Tuesday. The self-proclaimed hacking group who first made the allegation went under the name “Andrastea,” and claimed to have obtained roughly 60 GB of
by Paul Ducklin Cryptocurrency protocol Nomad (not to be confused with Monad, which is what PowerShell was called when it first came out) describes itself as “an optimistic interoperability protocol that enables secure cross-chain communication,” and promises that it’s a “security-first cross-chain messaging protocol.” In plain English, it’s supposed to let you swap cryptocurrency tokens
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too. Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. “One
Google published its monthly security bulletin for August on Monday, detailing the latest available patches for Android. A total of 37 vulnerabilities have been patched, including a critical security flaw in the System component that could lead to remote code execution via Bluetooth with no additional execution privileges needed. The Bluetooth vulnerability is tracked as
by Paul Ducklin The best-known cryptographic library in the open-source world is almost certainly OpenSSL. Firstly, it’s one of the most widely-used, to the point that most developers on most platforms have heard of it even if they haven’t used it directly. Secondly, it’s probably the most widely-publicised, sadly because of a rather nasty bug
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamer’s pc, learn the steps to protect your new PC from cyberthreats. With Windows 11 making headlines for all the right reasons, it could be a great time to invest in a new PC for the family or the
Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. “The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language,” Israeli cybersecurity firm
Security researchers are warning of a new phishing campaign which tries to hurry users into making poor decisions by presenting them with a countdown clock. Cofense recently spotted the credential harvesting campaign, which arrives in the form of an alert email about a non-existent ‘suspicious login’ to their account. Purporting to come from a fake
A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan (RAT) when he was 15, in addition to
A cyber-attack on the US justice system has compromised a public document management system, revealed lawmakers on the Hill yesterday. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the attack at a hearing on oversight of the Justice Department on Thursday. Nadler said three hostile actors had breached the Public Access to Court Electronic Records
Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web. Web browsers are our gateway to the digital world. We spend hours on them each day, which makes them not only a vital tool for legitimate users, but a valuable target
Image via Keeper Right Now, Get 50% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it’s no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities to exploit. One of the easiest
A bill designed to increase visibility of foreign ransomware attackers has passed in the US House of Representatives. The Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (also known as the RANSOMWARE Act) will make it easier for the US to respond to ransomware attacks from foreign
by Paul Ducklin If you’ve ever watched a professional plumber at work, or a plasterer, or a bricklayer, or the people who deftly use those improbably long sticks to craft paper-thin pancakes the size of a bicycle wheel… …you’ve probably had the same thoughts that we have. I could do that. I really could. But
Cybercriminals exploited a vulnerability to steal the equivalent of 18M$ from the NFT music streaming platform Audius, while other cyberthreats related to crypto makes the news. This week, the NFT music streaming platform Audius was the victim of a cyberattack. Criminals exploited a vulnerability to steal the equivalent of 18M$ from the platform. This type of attack
Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread
Spanish and Romanian police have joined forces to take down a gang suspected of earning at least €3m ($3.1) from internet scams. Spanish National Police arrested three suspects in the southern city of Malaga while their Romanian counterparts cuffed six, following a multi-year investigation, according to Europa Press. They are accused of publishing false adverts
by Paul Ducklin Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize their batteries for device management. However, this malware hides and continuously show advertisements to victims. In addition, they run malicious services automatically
Details have been shared about a security vulnerability in Dahua’s Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the “vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying
Applications have opened for the next cohort of the NCSC For Startups program, which is looking for early-stage companies focused on protecting the UK’s critical national infrastructure from cyber threats. The program, launched in 2021, is run by the UK’s National Cyber Security Centre (NCSC) in partnership with Plexal. A successor to the NCSC Cyber Accelerator, the
by Paul Ducklin Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. The name, in case you’ve ever wondered, is a happy-sounding and easy-to-say derivation from
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash For today’s consumers, convenience is king. And at the heart of the digital experiences that make our lives easier sits the
With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). “The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022,” Proofpoint said in
Criminals are using malicious bots to steal information from victims via the popular Telegram and Discord messaging services, said a report this week. Some bots can be rented for as little as $25 a day. The bot-based malware steals credentials, including virtual private network (VPN) client logins, payment card information, cryptocurrency wallets, operating system data,
by Paul Ducklin It’s time for this month’s scheduled Firefox update (technically, with 28 days between updates, you sometimes get two updates in one calendar month, but July 2022 isn’t one of those months)… …and the good news is that the worst bugs listed, which get a risk category of High, are those found by
Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. “The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware,” Finnish cybersecurity company WithSecure (formerly F-Secure Business)
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 53
- Next Page »