Security

0 Comments
APT groups are increasingly targeting journalists and impersonating media outlets, according to new research from Proofpoint. The groups – who are state-based or state-aligned actors, are looking to gain access to sensitive information and sources, manipulate news and deceive public relations and other industry professionals into thinking that they are dealing with legitimate news outlets. According to
0 Comments
For online shoppers, Amazon Prime Day has become an annual retail event, an opportunity to pick up bargains and save money. However for hackers, it’s also an opportunity to target consumers eager to secure a deal. Cybersecurity company Avanan has warned of an increase in phishing and credential harvesting email attempts in June in advance
0 Comments
French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems on July 4.  The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage.
0 Comments
Cybersecurity solutions provider Emsisoft has released a free decryption tool to enable AstraLocker and Yashma ransomware victims to recover their files without paying a ransom. The company made the announcement in a series of Twitter posts earlier today, providing a download link and related instructions for the tool. “The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they
0 Comments
A fake LinkedIn job offer was the reason behind Axie Infinity’s $600m hack, according to a new investigation by The Block. The digital assets-focused outlet said on Wednesday that while the US government attributed the attack to the North Korean hacker group Lazarus, full details of how the exploit was executed had not been disclosed.  The Block said that according
0 Comments
Aon recently disclosed that 145,889 of its North American customers had their sensitive information exposed in a large data breach. The British multinational financial services firm that sells a range of risk-mitigation products announced that hackers breached its systems “at various times” from December 29 2020 to February 26 2022. Aon disclosed the breach in
0 Comments
Multiple Russian influence networks have been running disinformation and influence campaigns since May designed to sow division in the West over its support for Ukraine, according to Recorded Future. These efforts are being conducted by “state-controlled media, known covert intelligence outlets, and known propaganda and disinformation amplifiers” including ‘legitimate’ broadcasters like RT, disinformation outlets like Southfront,
0 Comments
Google has released an update to its popular Chrome browser to fix four vulnerabilities, including one zero-day current being exploited by attackers. The new Chrome version 103.0.5060.114 will be rolled out to Windows users over the coming days and weeks, according to a Google advisory. It includes the high severity CVE-2022-2294, a heap buffer overflow bug in
0 Comments
The British army’s Twitter and YouTube accounts were compromised by a malicious third party on Sunday and used to direct visitors to cryptocurrency scams. The Ministry of Defence (MoD) press office account took to Twitter at around 7pm local time to report the incident. “We are aware of a breach of the army’s Twitter and
0 Comments
Kaspersky security experts have discovered new malware targeting Microsoft Exchange servers belonging to several organizations worldwide. Dubbed “SessionManager” and first spotted by the company in early 2022, the backdoor enables threat actors to keep “persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.” According to Kaspersky, once propagated, SessionManager would enable
0 Comments
Human negligence, cyber skills gaps and disinterested C-level execs are putting manufacturing firms at an escalated risk of serious breaches, according to Capgemini. The global consultancy collected responses from cybersecurity leaders in 950 organizations to compile its report, Smart & Secure: Why smart factories need to prioritize cybersecurity. It revealed that while over half (51%) of respondents
0 Comments
Security researchers have uncovered a likely state-sponsored information-stealing operation targeting SOHO workers over the past two years. Coinciding with the shift to mass remote working during the pandemic, the operation was focused on accessing corporate resources via less well-protected home routers, according to Lumen Technologies. It targeted at least scores of SOHO devices from manufacturers including
0 Comments
Security researchers have uncovered a new Chinese influence operation targeting Western rare earth producers, which could set the tone for future campaigns in other sectors. The Dragonbridge campaign has been operating since 2019, using a network of thousands of inauthentic accounts on multiple social media platforms, websites and forums to promote Chinese interests abroad. However, Mandiant
0 Comments
by Paul Ducklin Sadly, over the years, we’ve needed to write numerous Naked Security warnings about romance scammers and sextortionists. Although those are general-sounding terms, they’ve come to refer to two specific sorts of online crime: Romance scamming. This typically refers to a long-game confidence trick in which cybercriminals court your online friendship under a
0 Comments
UK critical national infrastructure (CNI) organizations could face an exodus of cybersecurity leaders over the next 12 months due to stress and burnout, according to new research from Bridewell Consulting. The survey of 521 UK cybersecurity decision-makers in communications, utilities, finance, government, transport and aviation found that 95% of respondents are experiencing factors that would make them likely