By spotting these early warning signs of identity theft, you can minimize the impact on you and your family We’re all spending more of our time online. Last year, US adults spent one hour more per day on digital activities across all of their devices than they did in 2019. By the end of 2022,
Month: December 2021
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a
by Paul Ducklin Amongst all the brouhaha about Log4Shell, it’s easy to forget all the other updates that surround us. Not only is it Patch Tuesday (keep your eye on our sister site news.sophos.com for the latest on that score later in the day)… …but it’s also time to check your Apple devices, because Apple
Police have arrested a professor at a Louisiana university after child sexual abuse material was discovered on his office desktop computer. An investigation was begun in East Baton Rouge on Thursday after officials at Louisiana State University’s (LSU’s) Agricultural Center (AgCenter) were contacted by concerned employees in the center’s IT department. The IT workers raised the alarm
Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and family in time for the holidays. While buyers prepare for the festivities, cybercriminals look for opportunities to scam shoppers with various tricks. In 2020, the FBI received over 17,000 complaints regarding goods that were never delivered, totaling losses of more than
The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far Just as the holiday season is approaching our doorstep, a critical vulnerability in an Apache code library called Log4j 2 has come knocking at the door. Log4j is an open-source Java-based logging
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102, the flaw relates to a use-after-free bug in the V8 JavaScript and
by Paul Ducklin In this article, we explain the Apache Log4Shell vulnerability in plain English, and give you some simple educational code that you can use safely and easily at home (or even directly on your own servers) in order to learn more. Just to be clear up front: we’re not going to show you
Cyber-thieves hacked into the computer network of Swedish car manufacturer Volvo and exfiltrated research and development secrets. The carmaker posted a notice on its website yesterday stating that it had suffered a cybersecurity breach in which a limited amount of data was stolen. Though the quantity of data swiped in the incident was small, Volvo warned that its loss
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed
An investigation into the springtime cyber-attack on HSE Ireland has found that criminals spent two months inside the healthcare system’s computer network before deploying ransomware. The attack, which struck HSE Ireland with Conti ransomware in mid-May, forced the health service to take its IT systems offline, leading to the cancellation of multiple hospital appointments. An investigation
Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its
Details have emerged about what’s the first Rust-language-based ransomware strain spotted in the wild that has already amassed “some victims from different countries” since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. “Victims can pay with Bitcoin or Monero,” the researchers said in a series of tweets detailing the file-encrypting malware.
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A cyber-attack has been carried out against major German logistics provider Hellmann Worldwide Logistics. The security incident forced Hellmann to take its central data center offline yesterday. Today, operations at the Osnabrück-based company remain disrupted. Hellmann said that since the attack was discovered, it has been under the constant observation of its Global Crisis Taskforce, which
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them. Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable. One research group
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated,
by Paul Ducklin Just when you thought it was safe to relax for the weekend… …when your cybersecurity Christmas decorations lit up with the latest funkily-named bug: Log4Shell. Apparently, early reports of the bug referred to it as LogJam, because it allows you to JAM dodgy download requests into entries in LOG files. But LogJam
A political activist and former star of the reality TV show 19 Kids and Counting has been convicted of two charges relating to the sexual abuse of children. On Thursday, after a six-day trial that featured ten witnesses, a jury found Josh Duggar guilty of one count of receiving CSAM and one count of possessing CSAM. It took the jury just
We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you. Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. After demonstrating the ease with which anybody can hijack your WhatsApp in 2020, I took a hiatus in ethically hacking people’s accounts. It’s just not the same hacking
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity
Amazon‘s cloud computing network suffered a five-hour outage on Tuesday, chiefly impacting individuals and businesses in the eastern United States. Online services provided by a swathe of companies were disrupted by the incident at Amazon Web Services, which also affected Amazon’s own e-commerce business. Gaming site League of Legends PUBG went down, and Tinder, Coinbase,
Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be? Device Dependence These conversations weigh heavy on parents for a good reason. According
Google on Tuesday said it took steps to disrupt the operations of a sophisticated “multi-component” botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin’s blockchain as a resilience mechanism. As part of the efforts, Google’s Threat Analysis Group (TAG) said it
by Paul Ducklin Today’s a Firefox Tuesday, when the latest version of Mozilla’s browser comes out, complete with all the security updates that have been merged into the product since the previous release. We used to call them Fortytwosdays, because Mozilla followed a six-weekly coding cycle, instead of monthly like Microsoft, or quarterly like Oracle,
Two brothers from Peru have admitted their role in an international call-center scam that defrauded Spanish-speaking immigrants to the United States. Under the conspiracy, victims were called up and threatened with legal action or deportation if they didn’t buy certain educational products. The scam was perpetrated from a series of call centers in Peru, including
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts. Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool
It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season It’s that time of the year again, when we’re all online looking for presents to give and