Google Play Store’s new Data Safety labels have been criticized for being inaccurate in nearly 80% of cases. The claims come from Mozilla’s *Privacy Not Included researchers, who published a new study about them on Thursday. “[We] found that the labels were false or misleading based on discrepancies between the apps’ privacy policies and the
admin
With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected?
Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular
Russia’s invasion of Ukraine has disrupted the vast cybercrime underground operating from the country, thanks to mobilization of some threat actors and the emigration of others, according to Recorded Future. The threat intelligence firm’s new report, Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem, is compiled from analysis of dark web sources. The cybersecurity vendor
by Paul Ducklin LEARNING FROM OTHERS The first search warrant for computer storage. GoDaddy breach. Twitter surprise. Coinbase kerfuffle. The hidden cost of success. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You
The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group ESET researchers have discovered one of the payloads of the Wslink downloader that we uncovered back in 2021. We named this payload WinorDLL64 based on its filename WinorDLL64.dll. Wslink, which had the filename WinorLoaderDLL64.dll,
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered “serious loopholes” that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies
The UK’s privacy regulator has called on accountants to play a key role in ensuring the country’s SMEs are compliant with rigorous data protection laws. The Information Commissioner’s Office (ICO) said that research from 2021 revealed that around a third (34%) of smaller businesses trust their accountants for advice, while a fifth (20%) use these
by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality.
Feb 23, 2023Ravie LakshmananMalware / Threat Intel Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints
A suspected distributed denial of service (DDoS) attack downed several websites broadcasting President Putin’s state of the nation address on Tuesday, according to reports. Reuters said journalists based in multiple locations were unable to access the All-Russia State Television and Radio Broadcasting Company (VGTRK) website or the Smotrim live-streaming platform for periods during the speech.
by Paul Ducklin Popular cryptocurrency exchange Coinbase is the latest well-known online brand name that’s admitted to getting breached. The company decided to turn its breach report into an interesting mix of partial mea culpa and handy advice for others. As in the recent case of Reddit, the company couldn’t resist throwing in the S-word
Feb 22, 2023Ravie LakshmananOpen Source / Supply Chain Attack In what’s a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. “The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another,” Checkmarx researcher
Three fund managers have been sentenced to 12 years and three months following a seven-year investigation into their fraudulent handling of the Libyan sovereign wealth fund. The UK’s National Crime Agency (NCA) said it began its investigation after one of the trio, Frederic Marino, walked out of a London meeting with auditors and promptly fled
by Paul Ducklin Twitter has announced an intriguing change to its 2FA (two-factor authentication) system. The change will take effect in about a month’s time, and can be summarised very simply in the following short piece of doggerel: Using texts is insecure for doing 2FA, So if you want to keep it up you're going
AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware? ChatGPT didn’t write this article – I did. Nor did I ask it to answer the question from the title – I will. But I guess that’s just what ChatGPT might say. Luckily, there are
Feb 21, 2023Ravie LakshmananCyber Threat Intelligence A new information stealer called Stealc that’s being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. “The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers,” SEKOIA said
The FBI has released a brief statement about a recent cyber-incident that occurred at one of its highest profile field offices, claiming it is now under control. Sources briefed on the matter told CNN that a malicious incident impacted part of its network used in investigations of images of child sexual exploitation. “The FBI is
by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently
Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently. Challenges of new threats’
Several Chinese state-sponsored threat groups have been observed targeting businesses and governments in the European Union. The claims come from a joint publication by the EU Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU). Published on Wednesday, the document directly mentions particular advanced persistent threats (APTs): APT27,
ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results ESET researchers identified a malware campaign that targets Chinese-speaking people in Southeast and East Asia by buying misleading advertisements to appear in Google search results that lead to
Feb 19, 2023Ravie LakshmananNetwork Security / Firewall Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list
A new malicious actor dubbed “WIP26” by SentinelOne has been observed targeting telecommunication providers in the Middle East. Describing the threat in a Thursday advisory, the security researchers said the team has been monitoring WIP26 with colleagues from QGroup GmbH. “WIP26 is characterized by the abuse of public Cloud infrastructure – Microsoft 365 Mail, Microsoft
Threat actors used search engine ads to impersonate makers of popular software and direct internet users to malicious websites This week, the ESET research team has published a report describing a malware campaign that took aim at Chinese-speaking people in Southeast and East Asia. The campaign involved malicious advertisements that appeared in Google search and
Feb 18, 2023Ravie LakshmananAuthentication / Online Security Twitter has announced that it’s limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors,” the company said. “We will no longer allow
The recent rise in supply chain attacks has placed supply chain security high on the agenda of decision-makers across all industries. The UK National Cybersecurity Centre (NCSC) launched a list of recommendations on 16 February to help medium and large enterprises ‘map’ their supply chain dependencies in order to better anticipate the cyber risks coming
by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With
No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield As military and tech gather to address the frosty world defense conditions and what the intersection of technology’s role is with attendees at AFCEA West, it’s clear that the global warfighting world has changed. No longer
- « Previous Page
- 1
- …
- 35
- 36
- 37
- 38
- 39
- …
- 114
- Next Page »