Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the
Month: February 2022
A notorious ransomware outfit has been given a taste of its own medicine after a vast trove of internal chat data was leaked by a Ukrainian researcher. The leaks were posted online yesterday with rough Google Translate versions of the text in English here. They amount to tens of thousands of messages taken from Conti’s
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts
A group of academics from Tel Aviv University have disclosed details of now-patched “severe” design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android’s hardware-backed Keystore in Samsung’s Galaxy
Authored by Oliver Devane and Vallabh Chole Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously blogged about how to change desktop browser settings to stop malicious notifications. This blog focuses on Chrome notifications on Android mobile devices such as phones and tablets, and
Cops in Florida have arrested 10 men in a sting operation to catch online child sexual predators. Operation Peek-a-Boo was conducted over a two-week period by 16 investigators with the Internet Crimes Against Children (ICAC) Unit at the Okaloosa County Sheriff’s Office (OCSO). OCSO said the 10 suspects believed they were chatting with minors online when they were
Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia’s military invasion of the country. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” the CERT-UA
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent
The Ukrainian government is reportedly seeking volunteer hackers and security experts to help Ukraine defend its critical infrastructure against cyber-attacks. According to a report by Reuters, Ukraine’s pleas for assistance started appearing on Ukrainian hacking forums on Thursday morning, shortly after the county was invaded on three fronts by Russian armed forces in an attack condemned by US President
What can social movements of the past teach you about the future – and about protecting your digital self? Being African American and working at a cybersecurity company doesn’t seem at first glance to provide fertile ground for pondering about the historical past. So, when asked in August 2021 if I could write something for
A new malware capable of controlling social media accounts is being distributed through Microsoft’s official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware “Electron Bot,” in reference to a command-and-control (C2) domain used
by Paul Ducklin If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you’ll know that the version numbers of these products are currently at 97 and 98 respectively. And if you’ve ever looked at your browser’s User-Agent string, you’ll know that these version numbers are, by default, transmitted to
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see. Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level
Hacktivist group Anonymous has declared “cyber war” against Vladimir Putin’s government following the Russian invasion of Ukraine. The well-known international hacking collective made the announcement on its Twitter account on Thursday, shortly after the Kremlin commenced military action. The message read: “The Anonymous collective is officially in cyber war against the Russian government. #Anonymous #Ukraine.” Shortly after,
Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites A number of organizations in Ukraine have been hit by a cyberattack that involved new data-wiping malware dubbed HermeticWiper and impacted hundreds of computers on their networks, ESET Research has found. The attack came just
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via
The UK government has unveiled plans to roll out free cyber skills training for thousands of secondary school pupils. The Cyber Explorers program aims to educate 30,000 11 to 14-year-olds on a range of cybersecurity concepts, such as open-source intelligence, digital forensics and social engineering. The program will be delivered via a new online learning platform, in
The climate solutions we need to transform every sector are here. The question is: what role will you play in this transformation? You, your community, your business, your government? Technology is an expansive term. It’s not just apps and electronics. Human ingenuity has created everything from plows to fishing gear, bicycles to boomboxes, windmills to
TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is “partially due to a big shift from Trickbot’s
by Paul Ducklin When the Apple AirTag hit the market in 2021, it immediately attracted the attention of hackers and reverse engineers. Could AirTags be jailbroken? Could AirTags be simulated? Could the AirTag ecosystem be used for purposes beyond Apple’s own imagination (or at least beyond its intentions)? We soon found ourselves writing up the
It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being
The UK’s construction industry has received its first-ever cybersecurity guidance from the National Cyber Security Centre (NCSC). The document, Cyber security for construction businesses, provides practical, tailored advice for construction firms on protecting their businesses and building projects from cyber-attackers. The guidance details the most common attack vectors construction faces, including spear-phishing, ransomware and supply chain attacks. The
It’s never too late to prevent children from being dragged to the dark side and to ensure their skills are a force for good When we talk about cybercrime and children, it’s often in the context of protecting the young ones from online dangers. That could mean ensuring our kids’ devices have the right parental
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. “The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API
by Paul Ducklin WordPress plugins need to be kept up-to-date just as keenly as WordPress itself… …especially if those plugins are designed to help you look after the entirety of your WordPress site data. That’s why we thought we’d write about a recent warning from the creators of Updraft and Updraft Plus, which are free
Companies continue to accelerate their digital transformation and hybrid work strategies with security remaining top of mind. For a growing number of enterprises, the solution has been the deployment of a Security Service Edge (SSE). Introduced as a market category by Gartner, per our view we believe SSE is the consolidation of Secure Web Gateway
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report. The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business
Make no mistake, counting on a computer is not as easy as it may seem. Here’s what happens when a number gets “too big”. For many people in the IT community, 2022 got off to a bad start after a bug in on-premises versions of Microsoft Exchange Server caused emails to become stuck en route
- 1
- 2
- 3
- 4
- Next Page »