The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea’s Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge
Month: May 2022
IKEA says that it has notified Canada’s privacy watchdog following a large data breach involving the personal information of approximately 95,000 customers. In a statement, the furniture retailer said that some of its customers’ personal information appeared in the results of a “generic search” performed by a co-worker at IKEA Canada between March 1-3 using
by Paul Ducklin Remember the jokes (OK, they were sold as “jokes” when you were at school to add a touch of excitement to Eng. Lang. lessons) about creating valid and allegedly meaningful sentences with a single word repeated many times? There’s an very dubious one with the word BUFFALO seven times in a row,
Like most things in life, online privacy is a 2-way street. As consumers, we expect the companies we deal with online to manage and safeguard our data to a super professional level however we also have a role to play here too. So, this Privacy Awareness Week (PAW), let’s focus on what we can do
Here’s what you should know about some of the nastiest mobile malware – from malicious software that takes phones and data hostage to RATs that allow hackers to control devices remotely These days, the device in your pocket can do far more than call or send text messages. Your smartphone stores almost every aspect of
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named “Raspberry Robin,” Red Canary researchers noted that the worm “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.” The earliest signs of the
The owner of a Delaware computer repair shop, who alerted the FBI to the contents of a laptop reportedly owned by President Joe Biden’s son, Hunter, is suing a politician and several news media outlets for allegedly defaming him. John Paul Mac Isaac said Hunter’s MacBook Pro was dropped off at his shop in April 2019 and
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’23”] Fun Fact. What comes after “123”? [01’57”] World Password Day. (We still need it!) [04’20”] GitHub authentication troubles. [11’55”] This Week in Tech History. Sasser, the sassy Windows worm. [15’55”] Firefox hits
By Oliver Devane McAfee has identified several Youtube channels which were live-streaming a modified version of a live stream called ‘The B Word’ where Elon Musk, Cathie Wood, and Jack Dorsey discuss various aspects of cryptocurrency. The modified live streams make the original video smaller and put a frame around it advertising malicious sites that
The bitter truth about how fraudsters dupe online daters in this new twist on romance fraud The world is a confusing and lonely place sometimes. Police and security experts have been out in force for years warning lonely hearts not to fall for the romance fraudsters whose schemes cost victims more than US$950 million in
The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector. “It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components — which
A book on cybersecurity that doesn’t feature any words written by individuals who identify as male has been published by JupiterOne. Reinventing Cybersecurity, which came out on Tuesday, claims to be “the first cybersecurity book written entirely by women and non-binary experts.” The publication is a collection of original stories from 17 female and non-binary security professionals. Linking
by Paul Ducklin Back in the late 1960s and the start of the 1970s (or so we’ve heard), primary school children in the UK got a special treat. Unlike their parents and grandparents before them, they were exempted from learning how to do calculations involving money. Their teachers were no longer expected to show them
Passwords: we entrust our most important data to these strings of letters, numbers, and special characters. So, we should make sure our passwords are words or phrases that we can easily remember, right? While this might be the most convenient option, there are more secure ways to digitally lock up your most sensitive personally identifiable
The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse
A former executive of eBay has pleaded guilty to taking part in a disturbing cyber stalking campaign waged against a married couple from Massachusetts. The couple’s terrifying experience began after they wrote about eBay in an online newsletter aimed at eBay sellers, which they edited and published. Under the campaign, parcels with horrifying contents were anonymously sent
by Paul Ducklin Firefox has followed Chromium to the century mark, reaching a score of 100* with its latest scheduled almost-monthly release. For readers without the sporting good fortune of living in a cricket-playing country, an individual score of 100 in a single innings, known as a century or a ton, is considered a noteworthy
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws
Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles. In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices. The minister for the presidency, Félix Bolaños, said that the
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. “The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as ‘Viper,'” Cluster25 said in a report published last week. “The target
A Texas school district employee has tendered their resignation after being caught secretly mining cryptocurrency on school premises. Pings picked up by Galveston Independent School District’s firewall a couple of weeks ago aroused the suspicion of the district’s IT department. An investigation into the activity determined that multiple cryptocurrency mining machines were operating on the
India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours
The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) are coming together to tackle cyber threats facing the bioeconomy. The partnership, which aims to protect economic activity in the United States involving the use of biotechnology and biomass in the production of goods, services or energy, was announced on Thursday.
Here’s what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group In this edition of Week in security, Tony looks at the latest ESET research that: provided a detailed overview of TA410, a cyberespionage umbrella group that targets entities in the government and education sectors
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. “By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular