Security

0 Comments
by Paul Ducklin Two weeks ago was Cybersecurity Awareness Month’s “Fight the Phish” week, a theme that the #Cybermonth organisers chose because this age-old cybercrime is still a huge problem. Even though lots of us receive many phishing scams that are obvious when we look at them ourselves… …it’s easy to forget that the “obviousness”
0 Comments
A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
0 Comments
A non-profit educational foundation has teamed up with a cybersecurity company to develop a game that reveals what happens in a cyber-attack. The online simulation is the joint effort of Kaspersky and the DiploFoundation, and is based on the Kaspersky Interactive Protection Simulation (KIPS). The game was created with the intention of helping diplomats and professionals who lack
0 Comments
A new Guinness World Record in cybersecurity training has been set by a cloud-based identity and access management (IAM) provider, a security awareness training platform, and a PR firm.  The first-of-its-kind record was for the most views of a virtual cybersecurity lesson in 24 hours, and it was achieved on October 14 through the joint
0 Comments
The first ever person to be convicted of cyber-stalking in the District of Nebraska has been sentenced to federal prison. Dennis Sryniawski, a 48-year-old resident of Bellevue, was charged with intent to extort and cyber-stalking his former girlfriend, Diane Parris, in an attempt to prevent her husband, Jeff Parris, from being elected to the Nebraska
0 Comments
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
0 Comments
by Paul Ducklin [00’30”] Hook up with our forthcoming Live Malware Demo presentation. [02’02”] How to build your cybersecurity career. [07’24”] Why we think you should celebrate Global Encryption Day. [10’55”] A whole new twist on bogus online “friendships”. [21’01”] How to stop your network cables giving you away. [34’50”] Oh! No! Why superglue is
0 Comments
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs.  Award recipients NPower and CyberWarrior will use the cash injection to bring cybersecurity training to the unemployed and to underemployed communities. CISA announced the awards yesterday to coincide with the third week of its Cybersecurity Summit, organized
0 Comments
A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m.  The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education. 
0 Comments
A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees has been sent to prison.  Former Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson pleaded guilty on May 20 to counts 1 and 39 of a 43-count indictment. The court heard that
0 Comments
by Paul Ducklin The overall motto of #Cybermonth consists of three simple words. Repeat these words (try sitting on your hands while you’re saying them, for extra safety) whenever you’re faced with a cybersecurity risk, instead of rushing straight in and making a possibly expensive mistake: Stop. Think. Connect. Well, in Week 3 of #Cybermonth
0 Comments
American media company Sinclair Broadcast Group is in the grips of a ransomware attack. The Baltimore-based company, which operates and/or provides services to 185 television stations in 86 markets, became aware of a potential security incident on Saturday and launched an investigation.  In a statement released Monday, the group said: “On October 17, 2021, the Company [Sinclair Broadcast Group]
0 Comments
The personal data of thousands of individuals have been stolen from a non-profit professional membership organization located in Illinois. Cyber-thieves struck the American Osteopathic Association (AOA) in the summer of 2020, making off with information that included names, Social Security numbers, and financial account details. The AOA, which is headquartered in Chicago, represents around 151,000
0 Comments
Organizations around the world take on average more than two business days to respond to a cyber-attack, according to new research by American cybersecurity company Deep Instinct.  The finding was published in the company’s second bi-annual Voice of SecOps Report, which was based on a survey of 1,500 senior cybersecurity professionals in 11 countries who work for
0 Comments
Apple’s plans to implement new phone-scanning features have been heavily criticized by more than a dozen cybersecurity experts. The tech company announced in August its intention to start scanning iPhone users’ iCloud Photos libraries. Apple presented the move under the pretext that it would locate users’ caches of illicit content, including child sexual abuse material (CSAM). In
0 Comments
Dutch police have written to customers of an on-demand booter service to dissuade them from committing cybercrimes. Booter services, also known as booters, are on-demand DDoS (Distributed-Denial-of-Service) attack services that can be used to bring down websites and networks by overloading or “stressing” IP addresses with data traffic.  During an ongoing investigation into www.minesearch.rip, Dutch
0 Comments
by Paul Ducklin It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight the Phish! Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it’s what computer scientists or mathematical analysts call
0 Comments
Antivirus and anti-malware brand STOPzilla has been acquired by California holding company RealDefense.  The deal was announced earlier today and marks RealDefense’s fourth acquisition in the security sector. Other brands in the RealDefense portfolio include IOLO, MyCleanID, MyCleanPC, USTechSupport, CyberDefender, VirusFix, and WarrantyStar. To complete the acquisition of STOPzilla, RealDefense partnered with Corbel Capital Partners, a $500m structured
0 Comments
by Paul Ducklin It’s been a wild few weeks for Apple, or perhaps an “in-the-wild” few weeks, with several zero-day bugs necessitating emergency updates. We were going to say “unexpected updates”, but all (or almost all) Apple security patches are, of course, unexpected by design. Apple deliberately announces security fixes only after they’ve been published,
0 Comments
Data belonging to patients of a hospital in New Mexico has been deleted by an unknown cyber-attacker.  The IT network of San Juan Regional Medical Center in Farmington was breached by an unauthorized individual in September last year. The attack was reported to the United States Department of Health and Human Services’ Office for Civil Rights on June 4
0 Comments
An authentication error left the personal data of hundreds of thousands of BrewDog customers and Equity for Punks shareholders exposed for a year and a half.  The gaffe involving an API bearer token was discovered by researchers at security consulting and testing company Pen Test Partners.  “Every mobile app user was given the same hard-coded API Bearer Token,
0 Comments
A student at East Carolina University has been charged with cyber-stalking after allegedly posing as a member of a rival fraternity to upload a racist post to social media. A police investigation was launched after an offensive message, purporting to be from the university’s Theta Chi chapter, was uploaded anonymously to Yik Yak in August.