If better privacy and anonymity sound like music to your ears, you may not need to look much further than Tor Browser. Here’s what it’s like to surf the dark web using the browser. When I speak to people about the dark web, many are still very wary of it and often think that it
Month: April 2022
The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. “Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various
Cyber-criminals are impersonating the confectioner Cadbury online to steal personal data. Users of social media platform Facebook and messaging platform WhatsApp have encountered a scam that lures victims with the promise that they will receive a free Easter basket packed with chocolate treats. Cadbury has confirmed that the offer is “not genuine” and has stated that it is taking
Throw open the windows and let in some fresh air. It’s time for spring cleaning. And that goes for your digital stuff too. Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and
An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group
The American Public University System (APUS) is joining forces with the US Cyber Command (USCYBERCOM) to help boost the nation’s cybersecurity posture. APUS is a private online learning university system composed of American Military University and American Public University. Each offers a strong cyber defense-focused curriculum at undergraduate and graduate levels. The National Security Agency (NSA)
by Paul Ducklin Tomorrow is 31 March 2022, and the last day of March is World Backup Day… …which is a good time for us to remind you of a little saying that we like. You’ll have heard it before if you listen to the Naked Security Podcast; if so, here it is again, because
The City of London Police on Friday disclosed that it has charged two of the seven teenagers, a 16-year-old and a 17-year-old, who were arrested last week for their alleged connections to the LAPSUS$ data extortion gang. “Both teenagers have been charged with: three counts of unauthorized access to a computer with intent to impair
An employee of the United States National Security Agency (NSA) has been accused of sending national defense secrets from his personal email account. A 26-count indictment unsealed Thursday in the District of Maryland alleges that 60-year-old Mark Robert Unkenholz willfully transmitted classified National Defense Information (NDI) on 13 occasions between February 14 2018 and June 1 2020.
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Authored by Vallabh Chole and Oliver Devane Scammers are very quick at reacting to current events, so they can generate ill-gotten gains. It comes as no surprise that they exploited the current events in Ukraine, and when the Ukrainian Twitter account tweeted Bitcoin and Ethereum wallet addresses for donations we knew that scammers would use
How can businesses that lack the resources and technological expertise of large organizations hold the line against cybercriminals? Running and growing a business is hard work even in good times, but times of crisis bring a fresh crop of challenges. And as our reliance on technology for so many aspects of our lives increases, so
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. “An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second
The United States House of Representatives has passed a bill that would change how cybercrime is tracked, measured and reported by the federal government. The Better Cybercrime Metrics Act (S.2629), authored by US senator Brian Schatz, was approved by the House in a bipartisan 377-48 vote on Tuesday. Once signed into law, the bill will encourage local and federal
by Paul Ducklin Apple has just sent out two security advisories covering two zero-day security holes, namely: Apple Bulletin HT213219: Kernel code execution bug CVE-2022-22675. This security fix is for iOS and iPadOS, both of which get updated to version 15.4.1. Apple Bulletin HT213220: Kernel code execution bug CVE-2022-22675 and kernel data leakage bug CVE-2022-22674.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and the countless snapshots of your furry companion. Next, open your laptop or desktop and check to
The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of