Month: October 2021

0 Comments
The first ever person to be convicted of cyber-stalking in the District of Nebraska has been sentenced to federal prison. Dennis Sryniawski, a 48-year-old resident of Bellevue, was charged with intent to extort and cyber-stalking his former girlfriend, Diane Parris, in an attempt to prevent her husband, Jeff Parris, from being elected to the Nebraska
0 Comments
In the hands of a thief, your Social Security Number is the master key to your identity.  With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away.  Part of what makes an
0 Comments
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the
0 Comments
A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest. More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month. During the event, teams of NCFI-trained local law enforcement officials
0 Comments
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a “lone wolf” threat actor operating a Lahore-based fake
0 Comments
by Paul Ducklin [00’30”] Hook up with our forthcoming Live Malware Demo presentation. [02’02”] How to build your cybersecurity career. [07’24”] Why we think you should celebrate Global Encryption Day. [10’55”] A whole new twist on bogus online “friendships”. [21’01”] How to stop your network cables giving you away. [34’50”] Oh! No! Why superglue is
0 Comments
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs.  Award recipients NPower and CyberWarrior will use the cash injection to bring cybersecurity training to the unemployed and to underemployed communities. CISA announced the awards yesterday to coincide with the third week of its Cybersecurity Summit, organized
0 Comments
Many people are excited about Gartner’s Secure Access Service Edge (SASE) framework and the cloud-native convergence of networks and security. While originally proposed as fully unified architecture delivering network and security capabilities, the reality soon dawned that enterprise transition to a complete SASE model would be a decade long journey due to factors such as
0 Comments
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can
0 Comments
A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m.  The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education. 
0 Comments
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams.  QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a
0 Comments
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants alone, according to a report by the Financial Crimes Enforcement Network (FinCEN)
0 Comments
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National
0 Comments
A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees has been sent to prison.  Former Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson pleaded guilty on May 20 to counts 1 and 39 of a 43-count indictment. The court heard that
0 Comments
by Paul Ducklin The overall motto of #Cybermonth consists of three simple words. Repeat these words (try sitting on your hands while you’re saying them, for extra safety) whenever you’re faced with a cybersecurity risk, instead of rushing straight in and making a possibly expensive mistake: Stop. Think. Connect. Well, in Week 3 of #Cybermonth
0 Comments
American media company Sinclair Broadcast Group is in the grips of a ransomware attack. The Baltimore-based company, which operates and/or provides services to 185 television stations in 86 markets, became aware of a potential security incident on Saturday and launched an investigation.  In a statement released Monday, the group said: “On October 17, 2021, the Company [Sinclair Broadcast Group]
0 Comments
When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely.  This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust
0 Comments
The personal data of thousands of individuals have been stolen from a non-profit professional membership organization located in Illinois. Cyber-thieves struck the American Osteopathic Association (AOA) in the summer of 2020, making off with information that included names, Social Security numbers, and financial account details. The AOA, which is headquartered in Chicago, represents around 151,000