Senior US officials have stepped up their warnings about Russian cyber-attacks on critical national infrastructure (CNI) as the war in Ukraine intensifies. During an interview on “60 Minutes” on CBS, Deputy Attorney General Lisa Monaco from the Department of Justice (DoJ) and Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly discussed cyber-threats and the
admin
by Paul Ducklin Back when the Bitcoin protocol was invented, the idea was to build a simple global payment system that wasn’t (and couldn’t be) controlled by any central broker. In other words, you wouldn’t need to apply to a private company for a credit card, or to get permission from a regulator to send
ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo
A Ukrainian energy supplier was targeted by a new variant of Industroyer malware named Industroyer2. The discovery was made by researchers from cybersecurity vendor ESET in collaboration with the Ukrainian Computer Emergency Response Team (CERT-UA). The Industroyer malware was believed to have been used by the Sandworm APT group to cut power in Kiev, Ukraine, back in 2016. In
As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep your online
An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. This included a user-friendly tool like a full-text search engine to facilitate the extraction of metadata and enable the
The developer of a popular WordPress plugin has updated its product to fix a critical vulnerability that could be exploited to change the appearance of websites. Elementor is marketed as a leading website building platform for WordPress, enabling over five million users to easily create websites for themselves or their business without writing any code. However,
Java is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most technical skills, the best way to learn Java is through building your own projects. But you can definitely speed things up with high-quality training. The Complete
Microsoft has revealed how a coordinated operation helped disrupt a notorious Trojan used widely around the world to facilitate ransomware and other attacks. ZLoader was spawned from the infamous Zeus banking Trojan, but like similar malware TrickBot and Emotet, it underwent significant development over the years, adding new functionality. As such, it soon evolved from
by Paul Ducklin For the third time this year, Google’s Chrome browser has quietly received a security update together with the dreaded words, “Google is aware that an exploit […] exists in the wild.” In this case, the bug is officially dubbed CVE-2022-1364: Type Confusion in V8. V8 is Google’s JavaScript engine – the same
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity’s Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address
The number of publicly reported data breaches in the US increased by double digits year-on-year in the first three months of 2022, according to the Identity Theft Resource Center (ITRC). The non-profit claimed that the increase represents the third successive year in which Q1 figures have exceeded those recorded 12 months previously. The vast majority
If you look back at the long arc of history, it’s clear that one of the most crucial drivers of real progress in society is innovation If you look back at the long arc of history, it’s clear that one of the most crucial drivers of real progress in society is innovation: people coming up
As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. “Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive
The MetroHealth System in Cleaveland, Ohio, recently disclosed a data breach involving 1700 of its patients. In a recent statement, MetroHealth announced that on November 13, while the health system’s electronic medical records systems were being upgraded, 1700 patient records were unintentionally disclosed. The breach involved patient names, care provider names and appointment details. MetroHealth claimed
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses ESET has collaborated with partners Microsoft’s Digital Crimes Unit, Lumen’s Black Lotus Labs, Palo Alto Networks Unit 42, and others in an attempt to disrupt known Zloader botnets. ESET contributed to the project by providing technical analysis,
A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. “There is no question North Korea poses a national security threat to our nation, and the
German wind turbine manufacturer, Nordex Group, was hit by a cyber-attack on 31 March 2022, with an update issued by the firm this week. The cyber-attack was detected by IT security team at an early stage, according to Nordex, and response measures were taken quickly. Nordex revealed that the necessary response protocols were taken and IT
by Naked Security writer The cryptocurrency world is full of weird stories. You’ve probably heard of the Welshman who who claimed he inadvertently threw away a hard disk containing bitcoinage worth $500 million, and went to his local council for permission to dig up the landfill site where he assumed it would have been dumped,
Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it’s
A certified ethical hacker has been charged with multiple offenses after stealing a significant sum of cryptocurrency worth nearly $600,000, Police in Pinellas Park, Florida, arrested 27-year old Aaron Daniel Motta after he reportedly stole an elderly client’s Trezor hardware wallet and its password while providing security help. Clearwater Police said that Motta transferred the
by Paul Ducklin Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr (a slow walk). They’re apparently
This ICS-capable malware targets a Ukrainian energy company This is a developing story and the blogpost will be updated as new information becomes available. Executive summary The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server’s IP address, and other network information. “The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability
California-based respiratory care provider SuperCare Health revealed it had been hit by a data breach that affected more than 300,000 individuals. A recent data security notice posted on its website revealed that it discovered the incident on July 27 2021, when unauthorized activity was detected on a number of its systems. A subsequent investigation revealed that certain systems were
by Paul Ducklin Three years ago, we published an article with the dramatic-sounding title Serious Security: Post-Quantum Cryptography (and why we’re getting it). As you probaby know, so-called quantum computers work in a rather mysterious way compared to conventional computers, inasmuch as they can perform certain sorts of calculation so that they effectively “compute” all
Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. “Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim’s machines to look like the instant messaging application ‘Telegram,'” Zscaler ThreatLabz researchers Avinash
The multifaceted nature of modern supply chain risks was highlighted by Jon France, CISO for (ISC)², during (ISC)² Secure London this week. France, who was appointed the first-ever CISO of (ISC)² earlier this year, emphasized that rapid digitization across all industries had significantly widened organizations’ threat landscape during COVID-19. “Speed can sometimes be the enemy of risk,” he noted,
- « Previous Page
- 1
- …
- 75
- 76
- 77
- 78
- 79
- …
- 114
- Next Page »