by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Month: February 2022
Phishing kits designed to circumvent multi-factor authentication (MFA) by stealing session cookies are increasingly popular on the cybercrime underground, security researchers at Proofpoint have warned. After years of prompting by security teams and third-party experts, MFA finally appears to have reached a tipping point of user adoption. Figures from Duo Security cited by Proofpoint in a new blog today
Some fraudsters may use low-tech tactics to steal your sensitive information – peering over your shoulder as you enter that data is one of them We live in an age of pervasive connectivity. But our always-on, mobile-centric lives also expose us to risk. For many people, it is the prospect of phishing, remotely deployed malware
An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. “The threat actor used ‘free productivity apps installation’ or ‘free software development tools installation’ themes as SEO keywords to lure victims to a compromised website and to
by Paul Ducklin If you run a WordPress site and you use the Elementor website creation toolkit, you could be at risk of a security hole that combines data leakage and remote code execution. That’s if you use a plugin called Essential Addons for Elementor, which is a popular tool for adding visual features such
A critical vulnerability in a popular open-source networking protocol could allow attackers to execute code with root privileges unless patched, experts have warned. Samba is a popular free implementation of the SMB protocol, allowing Linux, Windows and Mac users to share files across a network. However, a newly discovered critical vulnerability (CVE-2021-44142) in the software
We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM’s Cost of a Data Breach Report that has been tracking this statistic
by Paul Ducklin Remember all those funkily named bugs of recent memory, such as Spectre, Meltdown, F**CKWIT and RAMbleed? Very loosely speaking, these types of bug – perhaps they’re better described as “performance costs” – are a side effect of the ever-increasing demand for ever-faster CPUs, especially now that the average computer or mobile phone
A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents. After notifying the owner, Swedish
Think your smartphone has been compromised by malware? Here’s how to spot the signs of a hacked phone and how to remove the hacker from your phone. With the dawn of the Android and iOS operating systems, phones have evolved far beyond their humble call and text features – they now are portable smart devices
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the