Security

0 Comments
The UK’s data protection watchdog has hit out at several newspaper editors for misrepresenting the nature of a draft code of practice for journalists. The Information Commissioner’s Office (ICO) is currently working with the media industry to develop a Journalism Code of Practice. The aim is to help journalists meet their statutory data protection obligations,
0 Comments
by Paul Ducklin Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. Details of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: [A]n unauthorized party gained access to portions of the LastPass development environment through
0 Comments
The FBI has warned that cyber-criminals are using search engine advertisement services to defraud the public. The public service announcement, issued on December 21, 2022, stated that threat actors are purchasing these ad services to impersonate brands for the purpose of luring users to malicious websites. These sites, which “look identical to the impersonated business’s
0 Comments
by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack
0 Comments
by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists
0 Comments
Ransomware groups are expected to tweak their tactics, techniques and procedures (TTPs) and shift their business models as organizations strengthen their cybersecurity measures, law enforcement gets better at tracking down threat actors and governments tighten regulations on cryptocurrencies, according to Trend Micro’s latest research paper. In the report, published on 15 December and titled The
0 Comments
by Paul Ducklin If you’re a regular Naked Security reader, you can probably guess where on the planet we’re headed in this virtual journey…. …we’re off once more to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel. Researchers in the department’s Cyber-Security Research Center regularly investigate security
0 Comments
Prominent threat actors have been spotted exploiting legitimately signed Microsoft drivers in active intrusions into telecommunication, business process outsourcing (BPO), managed security service providers (MSSP) and financial services companies. The findings from SentinelLabs, Sophos and Mandiant were first shared with Microsoft in October 2022. On Tuesday, the four companies released advisories detailing the attacks. Investigations into
0 Comments
Social media company Twitter has issued a public statement regarding allegations that it was hacked earlier this year. Writing in a blog post on Friday, the Elon Musk-owned platform said it learned that someone had potentially exploited a vulnerability that Twitter reportedly discovered in January and fixed in June 2022. The flaw enabled someone submitting
0 Comments
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m). The figures come from a letter from HSE chief information officer Fran Thompson sent to Aontú leader Peadar Tóibín last Friday. The missive, viewed by The Irish Times, comes months after the Department of Health
0 Comments
A subgroup of the Iran-based Cobalt Mirage threat group has been observed leveraging Drokbk malware to achieve persistence on victims’ systems. The claims come from Secureworks Counter Threat Unit (CTU) researchers, who shared an advisory about Drokbk with Infosecurity before publication. According to the security team, the attacks come from Cobalt Mirage’s subgroup, Cluster B.
0 Comments
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cybersecurity specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages. “Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads
0 Comments
Indiana’s attorney general filed two separate lawsuits against social media firm TikTok Wednesday alleging the platform promoted content to young users that isn’t age-appropriate and did not adequately protect the safety of users’ data. According to court documents, the TikTok algorithm “promotes a variety of inappropriate content to 13-17-year-old users throughout the United States.” Indiana’s