Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be
admin
Some 97% of multinational cybersecurity vendors have exposed assets in their AWS environments, many of them classed as high severity issues, according to Reposify. The US startup used its scanning technology to analyze the cloud environments of a sample of 35 vendors and over 350 subsidiaries. During a two-week window in January, Reposify’s external attack surface
Press play to hear Aryeh Goretsky, Jean-Ian Boutin and Robert Lipovsky discuss how recent malware attacks in Ukraine tie into years of cyberattacks against the country Long before the first Russian soldier set foot on Ukrainian soil, the country had been a target of sophisticated digital operations spying on its officials, and sabotaging its critical
Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that “user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group.” Prominent among the
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
“You’re sold on the idea of zero trust. Now you need to implement it,” was the overarching theme of a star-studded panel discussion session titled ‘Best Policy: A Guide to Implementing Zero Trust and Reducing Overall Risk’ on day one of this year’s Cloud and Cyber Security Expo in Excel, London. Tim Holman, chief executive officer of 2|SEC Consulting,
A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the “first side-channel attack” on homomorphic encryption that could be exploited to leak data as the encryption process is underway. “Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption,
by Paul Ducklin Just over a year ago, graphics card behemoth Nvidia announced an unexpected software “feature”: anti-cryptomining code baked into the drivers for its latest graphics processing units (GPUs). Simply put, if the driver software thinks you’re using the GPU to perform calculations related to Ethereum cryptocurrency calculations, it cuts the execution speed of
Cryptocurrency has boomed in the last several years, with beginners and experts alike jumping into the industry. It’s proven now to be more than a passing hobby or trend. Cryptocurrency is a way of conducting business and making money for people around the world. As the intrigue and interaction with crypto grows, cybercriminals are finding
The emergence of hybrid work and growing reliance on cloud technology means that zero trust security model is “becoming the de facto posture at many organizations.” This was the message delivered by Fredrik Hult, chief information security officer at PagoNxt, during his “Master class: Adopting the Zero Trust Security Model” session on the first day
As the conflict in Ukraine heightens the risk of cyberattacks globally, what can organizations do to improve their resiliency? Due to the current attack by Russian forces on Ukraine, do you expect there to be more cyberattacks? This is the most common question I am being asked post Russia unleashing its offensive in Ukraine. The
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what’s seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social
You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. I you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being
The extensive use of cyber and information operations in the ongoing Ukraine-Russia conflict was highlighted by threat intelligence experts during a virtual session organized by Recorded Future. Opening the session, Christopher Ahlberg, co-founder and CEO of Recorded Future, explained that the Russian invasion of Ukraine represents a new type of warfare, which has been “converted into
ESET researchers uncover a new wiper that attacks Ukrainian organizations and a worm component that spreads HermeticWiper in local networks As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. On February 23rd, 2022, a destructive campaign using HermeticWiper targeted multiple Ukrainian organizations. This cyberattack preceded, by
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don’t even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One
by Paul Ducklin We monitor a range of email addresses related to Naked Security, so we receieve a regular (a word we are using here to mean “unrelenting”) supply of real-world spams and scams. Some of our email addresses are obviously directly associated with various Sophos-related social media accounts; others are more general business-oriented addresses;
Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the
A notorious ransomware outfit has been given a taste of its own medicine after a vast trove of internal chat data was leaked by a Ukrainian researcher. The leaks were posted online yesterday with rough Google Translate versions of the text in English here. They amount to tens of thousands of messages taken from Conti’s
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts
A group of academics from Tel Aviv University have disclosed details of now-patched “severe” design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android’s hardware-backed Keystore in Samsung’s Galaxy
Authored by Oliver Devane and Vallabh Chole Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously blogged about how to change desktop browser settings to stop malicious notifications. This blog focuses on Chrome notifications on Android mobile devices such as phones and tablets, and
Cops in Florida have arrested 10 men in a sting operation to catch online child sexual predators. Operation Peek-a-Boo was conducted over a two-week period by 16 investigators with the Internet Crimes Against Children (ICAC) Unit at the Okaloosa County Sheriff’s Office (OCSO). OCSO said the 10 suspects believed they were chatting with minors online when they were
Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia’s military invasion of the country. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” the CERT-UA
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent
The Ukrainian government is reportedly seeking volunteer hackers and security experts to help Ukraine defend its critical infrastructure against cyber-attacks. According to a report by Reuters, Ukraine’s pleas for assistance started appearing on Ukrainian hacking forums on Thursday morning, shortly after the county was invaded on three fronts by Russian armed forces in an attack condemned by US President
What can social movements of the past teach you about the future – and about protecting your digital self? Being African American and working at a cybersecurity company doesn’t seem at first glance to provide fertile ground for pondering about the historical past. So, when asked in August 2021 if I could write something for
A new malware capable of controlling social media accounts is being distributed through Microsoft’s official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware “Electron Bot,” in reference to a command-and-control (C2) domain used
by Paul Ducklin If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you’ll know that the version numbers of these products are currently at 97 and 98 respectively. And if you’ve ever looked at your browser’s User-Agent string, you’ll know that these version numbers are, by default, transmitted to
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see. Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level
- « Previous Page
- 1
- …
- 81
- 82
- 83
- 84
- 85
- …
- 114
- Next Page »