Hands down, children look to their parents to keep them safe online more than anyone else, which begs the question—what’s a parent to do? Our recent study on connected families found that nearly three-quarters of children said their parents were best suited to teach them about staying safe online, nearly twice than teachers at school
admin
The European Union (EU) has reached political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations. The new directive will replace the EU’s existing rules on the security of network and information systems (NIS Directive), which requires updating because “of the increasing degree of digitalization and interconnectedness of our society and the
by Paul Ducklin What does the word Glib mean to you? Does it make you think of a popular programming library from the GNOME project? Do you see it as a typo for glibc, a low-level C runtime library used in many Linux distros? Do you picture someone with the gift of the gab trying
Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit? Did you know that some 90 percent of successful cyberattacks start with a phishing email? This helps show why learning to recognize and avoid phishing attacks is such an important skill to
Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect
How do parents and children connect and protect themselves online? We spoke with thousands of them around the world to find out. In December 2021 we conducted a study about beliefs and behaviors about life online among members of connected families—as individuals and as a family unit. Parents and children were surveyed together, with parents
Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals. According to a notice posted on the clinic’s website, on May 12, the clinic identified a data security incident that affected its computer system. To investigate the incident, OKCIC enlisted the help
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. Listen on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.Or simply drop the URL
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other.
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed
A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used phishing and other means to obtain user credentials from January 2011 to
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? We all know there’s a cybersecurity skills shortage. Across the globe, the shortfall of talent is now measured in the millions. We’ve also all heard about the Great Resignation: a once-in-a-generation period of
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in
The Spanish government has sacked its spy chief Paz Esteban amid a dual phone-hacking scandal involving Pegasus spyware, the country’s defense minister said today. The National Intelligence Center (CNI) that Esteban headed faced controversy recently for reportedly using Pegasus, developed by Israel’s NSO Group, to spy on leaders of the Catalan independence movement. CNI was
by Paul Ducklin If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline. The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide. DarkSide is
The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. “Analysis of these samples indicates that the developer has access to REvil’s source code, reinforcing the likelihood that the threat group has reemerged,” researchers from Secureworks Counter Threat Unit
Russians tuning in to view the country’s Victory Day parade today were shocked to find anti-war messages after the country’s television listings system was hacked. The hack affected several major networks, including Channel One, Rossiya-1 and NTV-Plus, the BBC reported. The name of every program was replaced with a message stating, per the BBC’s translation: “On your
by Paul Ducklin Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with
LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform Job hunting is hard work, a kind of full-time job in itself. It requires focus and patience to go from one job posting to another
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be
A trainee solicitor and special police constable has been handed a two-year suspended sentence after using encrypted channels to post messages about child sexual abuse. Jack Mallinson, 26, who was employed by West Yorkshire Police while training to be a solicitor, was arrested on January 7 2021 by officers from the UK’s National Crime Agency
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol of a person’s popularity. Instagram’s large user base has not gone unnoticed to cybercriminals. McAfee’s Mobile Research Team recently found new Android
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. “It allows the ‘fileless’ last stage trojan to be hidden from plain sight in the file system,” Kaspersky researcher Denis Legezo said in a technical write-up published this week. The
The US National Institute of Standards and Technology (NIST) has updated its guidance on supply chain cybersecurity. The revised publication, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, gives organizations key practices to adopt as they manage cybersecurity risks across their supply chains. In particular, it advises organizations to consider vulnerabilities in the components of a
by Paul Ducklin Google’s May 2022 updates for Android are out. As usual, the core of Android received two different patch versions. The first is dubbed 2022-05-01, and contains fixes for 13 CVE-numbered vulnerabilities. Fortunately, none of these are currently being exploited, meaning that there are no zero-day holes known this month; none of them
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link
The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations’ most valuable data The conflict in Ukraine has highlighted the risks of cyberespionage and sabotage, which typically involve Advanced Persistent Threat (APT) groups. In this special edition of Week in security, Tony looks
The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea’s Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge
IKEA says that it has notified Canada’s privacy watchdog following a large data breach involving the personal information of approximately 95,000 customers. In a statement, the furniture retailer said that some of its customers’ personal information appeared in the results of a “generic search” performed by a co-worker at IKEA Canada between March 1-3 using
by Paul Ducklin Remember the jokes (OK, they were sold as “jokes” when you were at school to add a touch of excitement to Eng. Lang. lessons) about creating valid and allegedly meaningful sentences with a single word repeated many times? There’s an very dubious one with the word BUFFALO seven times in a row,
- « Previous Page
- 1
- …
- 72
- 73
- 74
- 75
- 76
- …
- 114
- Next Page »