admin

0 Comments
A digital forensics tool capable of retrieving previously unrecoverable data is now available to license from the United States Department of Defense’s Cyber Crime Center (DC3). DC3’s Advanced Carver was invented by digital forensics expert Dr. Eoghan Casey to salvage corrupted data files from almost any digital device. The tool can be used to recover digital content, including
0 Comments
If you hadn’t heard of Telegram till 2021 then you wouldn’t be alone. This relatively unknown messaging and social media platform has risen from relative anonymity to become one of the biggest players in the ‘secret messaging’ business in less than a year. When What’s App changed its terms of usage in early 2021 and
0 Comments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within “aggressive” timeframes. “These vulnerabilities pose significant
0 Comments
School districts in Ohio have been given a new online resource to help them improve their cybersecurity posture. The launch of the Ohio Department of Education Cyber Security Resources web page was announced by the Ohio Department of Education’s Cyber Security Steering Committee on November 3. The new resource was developed through the combined efforts of the Ohio Department
0 Comments
It’s safe to say that many Americans are obsessed with Squid Game. According to Business Insider, the Korean drama series has driven the newest engagers to a Netflix title of any Netflix series over the last three years. And while word-of-mouth buzz has played a big part in the show’s success, TV watchers aren’t the only ones taking note. Cybercriminals are also formulating ways
0 Comments
Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB). Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said
0 Comments
by Paul Ducklin [00’21”] Norbert (huzzah for Norbert!) does tech support. [02’38”] Europol digs into the ransomware scene. [09’21”] Microsoft finds a wacky bug in Apple’s shell. [18’09”] The Morris worm turns 33. [21’57”] Edge on Linux phans the phlames. [26’18”] Ola! Gibberish peculiarity textual solvage. With Paul Ducklin and Doug Aamoth. Intro and outro
0 Comments
A 22-year-old man from Britain has been indicted by the United States in connection with the 2019 theft of crypto-currency worth approximately $784,000. It is alleged that Joseph James O’Connor, also known as “PlugwalkJoe,” conspired with others to carry out SIM swap attacks against at least three individuals, all of whom were executives employed by the same
0 Comments
Your Cyber Security Comic Relief Apache server version 2.4.50 (CVE-2021-42013) Why am I here? Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview of what we believe to be the most noteworthy vulnerabilities over the last month. We don’t rely on a single scoring system like CVSS
0 Comments
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability “can be exploited locally or remotely within a network to
0 Comments
A company that handles the membership data of Britain’s Labour Party has been affected by a “cyber-incident.” Labour said that the event at the third-party firm has rendered “a significant quantity” of party data “inaccessible on their systems.” The incident has been reported to the UK’s National Cyber Security Centre (NCSC), National Crime Agency (NCA),
0 Comments
It’s little surprise that a digital currency scam based on the popular Squid Games series on Netflix is making the news.   If you haven’t caught wind of it yet, the story goes along the following lines:  Note that this Squid Game cryptocurrency had no relationship to the show or to Netflix, aside from hijacking the Squid Game name without permission so that the
0 Comments
by Paul Ducklin This is the third in our collection of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This time, we talk to Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, about the controversial topic of
0 Comments
New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn. The 2021 Child Identity Fraud study authored by Tracy Kitten, director of fraud & security at Javelin Strategy & Research, analyzed factors that put children at the highest risk of identity theft and
0 Comments
A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The
0 Comments
by Paul Ducklin Here’s the second in our series of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This article is an interview with Sophos expert Chester Wisniewski, Principal Research Scientist at Sophos, and it’s full of useful and actionable advice
0 Comments
Cyber-criminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California. Nonprofit Community Medical Centers (CMC), which is headquartered in the city of Stockton, primarily serves low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano,
0 Comments
Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from
0 Comments
by Paul Ducklin [00’29”] Don’t miss our cybersecurity podcast minisodes! [01’46”] Bliss is a hill in wine country. [03’37”] Lessons from a cryptotrading hamster. [08’46”] Ransomware gang hacked back. [20’27”] Docusign phishers go after 2FA codes. [30’23”] Oh! No! Sleep mode considered harmful. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith
0 Comments
Law enforcement agencies in the United States have searched the Florida premises of a Chinese payment-terminal provider. A warehouse and offices belonging to multinational Pax Technology were scoured by the Federal Bureau of Investigation, the Department of Homeland Security, and other agencies on Tuesday after concerns were reportedly raised over the company’s security. The FBI said that
0 Comments
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed “Shrootless” and tracked as CVE-2021-30892, the “vulnerability lies in how Apple-signed packages with