Are the days numbered for ‘123456’? As Microsoft further nudges the world away from passwords, here’s what your organization should consider before going password-free. For such a clumsy sounding word, “passwordless” actually promises to make life a lot easier – for both users and security teams. It offers the tantalizing prospect of cutting admin costs,
Month: November 2021
No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks. Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to
by Paul Ducklin It’s that time of year again, just after Cybersecurity Awareness Month and just before Black Friday… …time for the latest Sophos Threat Report. We know what lots of you are thinking. Here come pages and pages of thinly disguised product pitches, setting aside science for sensationalism and advice for advertising. Well, it’s
Apple fans will have the opportunity to purchase a rare piece of cyber history when an Apple-1 computer is auctioned off tomorrow. The machine was hand-built by Steve Wozniak, Steve Jobs, and others in garage in Los Altos, California, in 1976 and 1977. It has been listed by California-based auction house John Moran Auctioneers in their Postwar and Contemporary
You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready. One aspect of cybercrime that deserves a fair share of attention is the
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to
A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients. Nationwide Laboratory Services, which is based in Boca Raton, identified suspicious activity on its network on May 19, 2021. An examination of the activity revealed that attackers had used ransomware to encrypt files across
The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and
A digital forensics tool capable of retrieving previously unrecoverable data is now available to license from the United States Department of Defense’s Cyber Crime Center (DC3). DC3’s Advanced Carver was invented by digital forensics expert Dr. Eoghan Casey to salvage corrupted data files from almost any digital device. The tool can be used to recover digital content, including
If you hadn’t heard of Telegram till 2021 then you wouldn’t be alone. This relatively unknown messaging and social media platform has risen from relative anonymity to become one of the biggest players in the ‘secret messaging’ business in less than a year. When What’s App changed its terms of usage in early 2021 and
Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within “aggressive” timeframes. “These vulnerabilities pose significant
by Paul Ducklin Have you ever had an angry customer bellow the dreaded words, “Just you wait, I’m going to report you to your manager”, or something along those lines? We’re willing to bet that you have, and word on the street in the UK is that customer complaints, supposedly intensified by coronavirus-related frustrations, are
School districts in Ohio have been given a new online resource to help them improve their cybersecurity posture. The launch of the Ohio Department of Education Cyber Security Resources web page was announced by the Ohio Department of Education’s Cyber Security Steering Committee on November 3. The new resource was developed through the combined efforts of the Ohio Department
It’s safe to say that many Americans are obsessed with Squid Game. According to Business Insider, the Korean drama series has driven the newest engagers to a Netflix title of any Netflix series over the last three years. And while word-of-mouth buzz has played a big part in the show’s success, TV watchers aren’t the only ones taking note. Cybercriminals are also formulating ways
Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes Google has released its monthly round of security patches for Android that plugs a bevy of vulnerabilities, including a zero-day flaw that is believed to be actively exploited in the wild by threat actors. “There are indications
Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB). Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said
by Paul Ducklin [00’21”] Norbert (huzzah for Norbert!) does tech support. [02’38”] Europol digs into the ransomware scene. [09’21”] Microsoft finds a wacky bug in Apple’s shell. [18’09”] The Morris worm turns 33. [21’57”] Edge on Linux phans the phlames. [26’18”] Ola! Gibberish peculiarity textual solvage. With Paul Ducklin and Doug Aamoth. Intro and outro
A 22-year-old man from Britain has been indicted by the United States in connection with the 2019 theft of crypto-currency worth approximately $784,000. It is alleged that Joseph James O’Connor, also known as “PlugwalkJoe,” conspired with others to carry out SIM swap attacks against at least three individuals, all of whom were executives employed by the same
Your Cyber Security Comic Relief Apache server version 2.4.50 (CVE-2021-42013) Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview of what we believe to be the most noteworthy vulnerabilities over the last month. We don’t rely on a single scoring system like CVSS
Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations Privacy and security fans have long flocked to Swiss security enclaves, hoping for maximum protection against prying government eyes, much to the ire of those seeking to poke legal holes to get access to information on bad actors.
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability “can be exploited locally or remotely within a network to
by Paul Ducklin No more facial recognition on Facebook! Is it a publicity stunt? Is it an admission that it simply doesn’t work very well? Or is it a genuine attempt to disavow the sort of technology that gives both privacy advocates and cybersecurity experts the heebie-jeebies? As Facebook, or more precisely the new holding
A company that handles the membership data of Britain’s Labour Party has been affected by a “cyber-incident.” Labour said that the event at the third-party firm has rendered “a significant quantity” of party data “inaccessible on their systems.” The incident has been reported to the UK’s National Cyber Security Centre (NCSC), National Crime Agency (NCA),
It’s little surprise that a digital currency scam based on the popular Squid Games series on Netflix is making the news. If you haven’t caught wind of it yet, the story goes along the following lines: Note that this Squid Game cryptocurrency had no relationship to the show or to Netflix, aside from hijacking the Squid Game name without permission so that the
On top of illegally streaming sports games for profit, the man is also believed to have attempted to extort MLB for $150,000 A 30-year-old Minnesota man has been charged with breaching the computer systems of top sports leagues in the United States and illegally streaming their content on his website for monetary gain, according to
An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period. No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date,
by Paul Ducklin This is the third in our collection of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This time, we talk to Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, about the controversial topic of
New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn. The 2021 Child Identity Fraud study authored by Tracy Kitten, director of fraud & security at Javelin Strategy & Research, analyzed factors that put children at the highest risk of identity theft and
The holidays are almost here! That means it’s time to start making your list and checking it twice. To help prepare you for this year’s holiday shopping spree, McAfee is providing you with the ultimate holiday shopping list for every Tech lover in your family. Here are the devices to keep on your radar this holiday shopping season and what you