I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take
Month: March 2022
The US military knows it needs to speed up technology adoption through optimization, something at the heart of Silicon Valley culture The U.S. military won’t soon be adopting open-plan work environments, flexible PTO, free ubiquitous food, and lean manufacturing processes, although Silicon Valley wants it to. At the recent Rocky Mountain Cyberspace Symposium, both were
In what’s yet another act of sabotage, the developer behind the popular “node-ipc” NPM package shipped a new version to protest Russia’s invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting
Sioux Falls City Council has approved a $10m appropriation toward a Dakota State University (DSU) cybersecurity lab. The funding for the project, which could bring 650 jobs to the Sioux Falls and Madison areas, was approved by a unanimous vote on Tuesday night. Dakota State University announced its $90m Applied Research Lab (ARL) project on January 26 2022. The
by Paul Ducklin Last year, we wrote about a research paper from SophosLabs that investigated malware known as CryptoRom, an intriguing, albeit disheartening, nexus in the cybercrime underworld. This “confluence of criminality” saw cybercrooks adopting the same techniques as romance scammers to peddle fake cryptocurrency apps instead of false love, and fleece victims out of
An overview of some of the most popular open-source tools for threat intelligence and threat hunting As the term threat intelligence can be easily confounded with threat hunting, we will first endeavor to outline some of the differences between them. Threat intelligence refers to the aggregation and enrichment of data to create a recognizable profile
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360’s Netlab security team called it B1txor20 “based on its propagation using the file name ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm
The highest court in the United Kingdom has refused to hear an appeal by WikiLeaks founder Julian Assange against his extradition to the United States to face espionage charges. Australian citizen Assange was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and
by Paul Ducklin The latest raft of non-emergency Apple security updates are out, patching a total of 87 different CVE-rated software bugs across all Apple products and plaforms. There are 10 security bulletins for this bunch of updates, as follows: APPLE-SA-2022-03-14-1: iOS 15.4 and iPadOS 15.4 (HT213182) APPLE-SA-2022-03-14-2: watchOS 8.5 (HT213193) APPLE-SA-2022-03-14-3: tvOS 15.4 (HT213186)
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and
This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, the malware was first detected at 11.38 a.m.
As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively.
Police in Manitoba, Canada, have arrested an 18-year-old man on suspicion of carrying out cyber-attacks on victims across North America. Dayne Parrott-Jones, of Brandon, was taken into custody on March 8 by members of the Brandon Police Service Crime Suppression Unit following an 11-month investigation by the Federal Bureau of Investigation (FBI) and police forces
by Paul Ducklin Ever wanted or needed to buy or sell cryptocoins on a whim, without going online? Ever felt like cashing in 100,000 Satoshis or so at 3am to treat your party buddies to a kebab-fest on the way home from a big night out? Well, if you live in the UK, you can’t
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it. There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more
French video game company Ubisoft on Friday confirmed it was a victim of a “cyber security incident,” causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. “Also, we can confirm
A former employee of the Canadian government has been extradited to the United States to face charges pertaining to a slew of ransomware attacks. Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, is accused of using NetWalker ransomware to target dozens of victims all over the world, including hospitals and school districts. The United States launched a global action against the
Meta Platforms’ WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service’s web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to “automatically verif[y] the authenticity of the WhatsApp Web code being
French bank BNP Paribas has reportedly blocked its Russian-based employees from accessing its internal computer systems. According to a Reuters source, the bank rescinded the access privileges of its Russian workforce over fears that connections to the local network could leave BNP Paribas vulnerable to cyber-attacks by Russian threat actors. The restriction is reportedly part of the French lender’s
What is Ransomware? Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay.
Ukraine has been under cyber-fire for years now – here’s what you should know about various disruptive cyberattacks that have hit the country since 2014 On February 24th, Russia invaded Ukraine. Just a few hours earlier, ESET discovered a destructive piece of malware that wrought havoc on the computer networks of a number of important
The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country’s unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected
Czech-based multinational cybersecurity software company Avast has suspended the sale and marketing of its products in Russia and Belarus. In a statement shared Thursday, Avast said it was ceasing business in Russia and offering its premium products free of charge to the people of Ukraine. “With immediate effect, we have withdrawn the availability of all of our products
by Naked Security writer In cybersecurity history, the US Independence Day weekend of 2021 is not remembered for the restful and relaxing summer celebrations that you’d usually associate with the Fourth of July. Instead, it’s remembered as the weekend of the infamous Kaseya ransomware attack. This was ransomware-with-a-difference, and the difference was the ultimate scale
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 80,000 One extension,
How can you tell fact from fiction and avoid falling for and spreading falsehoods about the war in Ukraine? The Russian invasion of Ukraine has led to a torrent of fake news, misinformation and disinformation being spread on social media. The fabricated, manipulated and otherwise false and misleading content and narratives reach a global audience
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of
Two 66-year-old women from Colorado have been accused of interfering with election equipment and official misconduct. On Tuesday, a Mesa County grand jury returned a 13-count indictment against clerk and recorder Tina Peters and deputy clerk Belinda Knisley. According to the indictment, the women tampered with the security of Dominion Voting Systems machines in late May 2021. It is
by Paul Ducklin LISTEN NOW What do ransomware blackmailers ask for when they don’t want money? Why did Firefox get two updates in three days? How did Adafruit get hoist by the petard of “shadow IT”? And what’s with those dirty Linux pipes? Click-and-drag on the soundwaves below to skip to any point. You can
Who loves tax season besides accountants? Scammers. Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same