In an unprecedented move, Russia’s Federal Security Service (FSB), the country’s principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct
Month: January 2022
by Paul Ducklin Lots of people “run Linux” without really knowing or caring – many home routers, navigational aids, webcams and other IoT devices are based on it; the majority of the world’s mobile phones run a Linux-derived variant called Android; and many, if not most, of the ready-to-go cloud services out there rely on
The assistant principal of a high school in Florida has been charged with aggravated cyber-stalking. Duval County School Board Police arrested 42-year-old Kenyannya Wilcox on Friday over an alleged incident involving her former romantic partner. The defendant’s arrest report alleges that Wilcox was involved in a scheme that aimed to cause “adverse economic impact” to
Is loyalty fraud on your radar? Here’s why your hard-earned reward points and air miles may be easy pickings for cybercriminals. Loyalty accounts are big business, and hackers and fraudsters are increasingly zeroing in on a potential goldmine. According to one study, the global market for loyalty management is set to grow at an annual
A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A cyber-attack on the Medical Review Institute of America (MRIoA) may have exposed the personal data of 134,571 individuals. MRIoA, which is based in Salt Lake City, Utah, said it was “the victim of a sophisticated cyber incident” discovered on November 9, 2021, that resulted in a threat actor’s gaining unauthorized access to its network and exfiltrating
We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills. While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or
As you attempt to strike it rich in the digital gold rush, make sure you know how to recognize various schemes that want to part you from your digital coins The world seems to have gone ‘crypto-mad’. Digital currencies like bitcoin, Monero, Ethereum and Dogecoin are all over the internet. Their soaring value promises big
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed “CharmPower” for follow-on post-exploitation. “The actor’s attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous
by Paul Ducklin Yesterday was the first Patch Tuesday of 2022, with more than 100 security bugs fixed. We wrote up an overview of the updates, as we do every month, over on our sister site news.sophos.com: First Patch Tuesday of 2022 repairs 102 bugs. For better or for worse, one update has caught the
Cyber-physical systems (CPS) security company Claroty has announced the acquisition of healthcare IoT security business Medigate. In a statement released January 10, Claroty said the deal would allow it to secure the Extended Internet of Things (XIoT) “by delivering unmatched visibility, protection, and threat detection for all connected organizations via one comprehensive solution.” Medigate, which is headquartered in New York’s
The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes,
We don’t need no stinkin’ wall power as CES shows off the power and promise of usable long-range wireless charging While wireless charging has been around for some time (like charging my iPhone in my Toyota’s center console), CES is showcasing real power at real distances measured in meters, not centimeters. At one booth I
Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical “wormable” vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known
by Paul Ducklin Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB. The product comes from a Taiwanese hardware and software maker called Kcodes, which describes itself as follows: [A] leading supplier and developer of USB over
A police forensics expert has been sent to prison in the UK for downloading thousands of grim images from police computer systems onto his own computer. Darren Collins, 56, of Little Haywood near Stafford, admitted illegally accessing photographs of crime scenes and post-mortem examinations performed on murder victims. The Crown Prosecution Service (CPS) said Collins “used his digital
If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first
But as we learned in mashing up other technologies, the security devil is in the details Cars have historically been monumentally difficult to manufacture and sell successfully, but in today’s world, you can mash up an electric car with off-the-shelf doodads from any of a number of manufacturers displaying here at CES, and voila! You
Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple’s macOS operating system that could be weaponized by a threat actor to expose users’ personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings
A man who worked at the Monsanto Company has admitted stealing a trade secret from his former employer and attempting to sell it to the People’s Republic of China. Xiang Haitao was employed by the American agrochemical and agricultural biotechnology corporation and its subsidiary, The Climate Corporation, as an imaging scientist from 2008 to 2017. The 44-year-old
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. “Ironically, all the information we gathered was possible
Cerberus Cyber Sentinel Corporation today announced its acquisition of an American cybersecurity operations and compliance company. The Arizona-based cybersecurity consulting and managed services firm said the decision to acquire True Digital Security was part of a strategy to bring together global security talent as partners. True Digital Security was founded in 1985 and currently has offices in West
With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of online protection today. As all that change reshapes how we spend our time online, we believe that one thing remains constant: meaningful protection is a personal right. Your right. That’s how we see it here
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. “The attack likely consists of a reconnaissance phase, where the
by Paul Ducklin Owners of Honda cars of a certain age – apparently somewhere between 10 and 16 years old – have spent the first few days of the New Year reporting a weird “millennium bug style” problem. Apparently, for many cars that are a decade or so old, New Year’s Day 2022 was ushered
A cyber-attack has forced the government of New Mexico’s most populous county to close most of its county buildings to the public. Bernalillo County had to take some of its IT systems offline on Wednesday after becoming the target of a digital assault that county officials suspect was a ransomware attack. In a statement released Wednesday, the
Your Cybersecurity Comic Relief Why am I here? If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. Feel free to pat yourself on the back, get yourself a nice cup of coffee, tea, LaCroix (you
And no more worrying about your satellite being smashed by a “drunk driver” as new tech promises to predict hazards in orbit Headed to space and worried about astral fender benders from space junk collisions? There’s a CES vendor for that. Worried too many satellites are snooping in your direction? Same thing. Want a comfy
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to “educate people” about its approach with regards to how it collects and processes personal information across its family of social media apps. “Privacy Center provides helpful information about five common privacy topics: sharing, security,