Month: July 2022

0 Comments
This week HP released their report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back, exploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis. The report’s findings showed how cybercrime is being supercharged through “plug and
0 Comments
Ever hear of a crime called skimming? It may not be as dramatic a crime as assault or Ponzi schemes, but it can cause significant problems to you as your  savings account can be wiped out in a flash. Picture a scrawny nerd tampering with an automated teller machine (ATM)—the machine you use with your
0 Comments
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an “improper neutralization of special
0 Comments
Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified
0 Comments
Sextortion is something no parent wants to think could happen to their child, nor a topic most of us would ever imagine we’d need to discuss in our homes. However, according to the latest FBI reports, sextortion is a digital threat to children that, woefully, is on the rise. According to the FBI, there has
0 Comments
The number of ransomware victims in the second quarter was over a third lower than Q1 2022, thanks in part to the halt in operations from the prolific Conti group, according to GuidePoint Security. The firm’s quarterly ransomware report was based on data obtained from publicly available resources, including postings by threat groups on their data
0 Comments
by Paul Ducklin Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS
0 Comments
Russian adversaries are taking advantage of trusted cloud services, including DropBox and Google Drive to deliver malware to businesses and governments, according to new research. Cloaked Ursula – AKA the Russian government-linked APT29 or Cozy Bear – is increasingly using popular online storage services because it makes attacks difficult to detect and prevent, researchers at Palo Alto
0 Comments
There’s no denying that the internet fills a big part of our days. Whether playing, working, or studying, we rely on staying connected. But just as there’s a lot of good that comes with the internet, it can also make us susceptible to cybercriminals.   This is especially true if you’re using your phone on public
0 Comments
Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims. The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to
0 Comments
Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. “Its capabilities clearly show that the
0 Comments
The Tor Project has updated its flagship anonymizing browser to make it easier for users to evade government attempts to block its use in various regions. Tor Browser 11.5 will “transform the user experience of connecting to Tor from heavily censored regions,” according to the US-based non-profit that manages the open source software. It replaces
0 Comments
Your mobile phone can do so many things, thanks to the wonders of technology. One of those things is having very accurate information about your location. In fact, some apps have to know your location to work.   Of course, you can’t expect Google Maps to function as it should without tracking your location. But you’re
0 Comments
With global cybercrime costs expected to reach $10.5 trillion annually by 2025, it comes as little surprise that the risk of attack is companies’ biggest concern globally. To help businesses uncover and fix the vulnerabilities and misconfigurations affecting their systems, there is an (over)abundance of solutions available. But beware, they may not give you a
0 Comments
This week the US Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report into the December 2021 Log4j event, where a number of vulnerabilities were reported with this Java-based logging framework. The report’s methodology included a mixture of interviews and requests for information over a 90-day period, engaging with approximately 80 organizations and individuals
0 Comments
So much of our personal and professional lives are online — from online banking to connecting with friends and family to unwinding after a long day with our favorite movies and shows. The internet is a pretty convenient place to be! Unfortunately, it can also be a convenient place for cybercriminals and identity theft.  One
0 Comments
by Paul Ducklin It’s prime vacation season in the Northern Hemipshere, and in some countries, July and August aren’t just months when some people take some days off, but a period of extended family holidays, often involving weeks away from home or on the road. The good news, of course, is that if you’ve had
0 Comments
A virtual private network (VPN) is a tool that hides your geolocation and protects your privacy while you’re online. It does this by creating an encrypted tunnel from your home network to a VPN provider’s server.   When you buy an internet plan, your internet service provider (ISP) gives your equipment (like your router and modem)