Security

0 Comments
California-based respiratory care provider SuperCare Health revealed it had been hit by a data breach that affected more than 300,000 individuals. A recent data security notice posted on its website revealed that it discovered the incident on July 27  2021, when unauthorized activity was detected on a number of its systems. A subsequent investigation revealed that certain systems were
0 Comments
by Paul Ducklin Three years ago, we published an article with the dramatic-sounding title Serious Security: Post-Quantum Cryptography (and why we’re getting it). As you probaby know, so-called quantum computers work in a rather mysterious way compared to conventional computers, inasmuch as they can perform certain sorts of calculation so that they effectively “compute” all
0 Comments
The multifaceted nature of modern supply chain risks was highlighted by Jon France, CISO for (ISC)², during (ISC)² Secure London this week. France, who was appointed the first-ever CISO of (ISC)² earlier this year, emphasized that rapid digitization across all industries had significantly widened organizations’ threat landscape during COVID-19. “Speed can sometimes be the enemy of risk,” he noted,
0 Comments
The websites of Finland’s defense and foreign affairs were taken offline today following DDoS attacks. The ministries each confirmed the attacks on Twitter earlier today, although the websites now appear to be back up and running. The nation’s Ministry of Defense wrote at 10.45 am GMT: “The Department of Defense website http://defmin.fi is currently under attack. We
0 Comments
The Information Commissioner’s Office (ICO) is currently investigating a cyber-attack across TrustFord branches throughout the UK. The vehicle dealer group revealed the attack, which is believed to have been committed by the Conti ransomware gang, affected the firm’s internal systems. In particular, access to the internet and phones within the business was affected. However, TrustFord assured
0 Comments
by Paul Ducklin LISTEN NOW [01’34”] LAPSUS$ hacking, 2022-style. [06’11”] Zero-day emergency updates from Apple. [08’46”] Elevation of privilege patches in Android. [09’41”] Bugs fixed in Firefox 99. [11’00”] The SATAN network scanner and its impact on threat reponse. [14’02”] Two confusing bugs in VMware Spring. [20’17”] Old-school hacking, PDP-11 style. Click-and-drag on the soundwaves
0 Comments
by Paul Ducklin German police have located and closed down the servers of Hydra, allegedly one of the world’s biggest underground online stores. Investigators at the Bundeskriminalamt (BKA – the Federal Criminal Police Office) claim that the Russian-language Hydra darkweb site, accessible via the Tor network, had about 17 million customer accounts (many individual buyers
0 Comments
Russian hackers used compromised employee credentials to launch the cyber-attack that severely disrupted internet services in Ukraine last week, it has been claimed today. Kyrylo Honcharuk, CIO of Ukrtelecom, Ukraine’s national telecommunications provider targeted in the attack on March 28, said Russia accessed the account of an employee in a region “recently temporarily” occupied, although
0 Comments
by Paul Ducklin The once-every-four-weeks security update to Mozilla’s Firefox browser officially arrived today. The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the
0 Comments
Federal police in Germany have disrupted a Russian-language darknet marketplace that specialized in the sale of illicit drugs, forged documents, intercepted data and illegal digital services. In an action coordinated with the United States Justice Department, authorities shut down the Germany-based servers of the Hydra Market on Tuesday, seizing $25m in bitcoin what they allege to be proceeds of crime. 
0 Comments
Cyber-criminals are impersonating the confectioner Cadbury online to steal personal data.  Users of social media platform Facebook and messaging platform WhatsApp have encountered a scam that lures victims with the promise that they will receive a free Easter basket packed with chocolate treats. Cadbury has confirmed that the offer is “not genuine” and has stated that it is taking
0 Comments
The American Public University System (APUS) is joining forces with the US Cyber Command (USCYBERCOM) to help boost the nation’s cybersecurity posture. APUS is a private online learning university system composed of American Military University and American Public University. Each offers a strong cyber defense-focused curriculum at undergraduate and graduate levels. The National Security Agency (NSA)
0 Comments
An employee of the United States National Security Agency (NSA) has been accused of sending national defense secrets from his personal email account.  A 26-count indictment unsealed Thursday in the District of Maryland alleges that 60-year-old Mark Robert Unkenholz willfully transmitted classified National Defense Information (NDI) on 13 occasions between February 14 2018 and June 1 2020.
0 Comments
The United States House of Representatives has passed a bill that would change how cybercrime is tracked, measured and reported by the federal government. The Better Cybercrime Metrics Act (S.2629), authored by US senator Brian Schatz, was approved by the House in a bipartisan 377-48 vote on Tuesday. Once signed into law, the bill will encourage local and federal
0 Comments
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint statement with the Department of Energy (DoE) warning of attacks against internet-connected uninterruptible power supply (UPS) devices. UPS devices provide emergency battery backup power during power surges and outages and are routinely attached to networks for power monitoring and routine maintenance. In a warning
0 Comments
by Paul Ducklin VMware Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the “server” part of the process yourself. If you’ve heard the term serveless computing, then this is the sort of programming environment it refers to: the overall
0 Comments
The United States Federal Bureau of Investigation (FBI) is currently investigating more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns. Information on the Bureau’s efforts to tackle the malware threat was among the remarks delivered to the United States House Committee on the Judiciary in Washington on Tuesday by
0 Comments
by Paul Ducklin You’ve probably heard of Zlib, but even if you haven’t, you’ve almost certainly used it. Zlib’s unashamedly 1990s-style website describes the product as A Massively Spiffy Yet Delicately Unobtrusive Compression Library (Also Free, Not to Mention Unencumbered by Patents). Data compression software (and, of course, the matching code to decompress it later)
0 Comments
A Russian tech company is sending to Russia data collected from iOS app users who have never used its apps, according to a security researcher.  In a report by the Financial Times, researcher Zach Edwards explains how third-party apps can use a developer tool created by the company Yandex to harvest iOS users’ data. Yandex is the largest
0 Comments
A Health District in the State of Washington has made its second data breach announcement of 2022.  Both data breaches at the Spokane Regional Health District (SRHD) occurred when employees fell victim to phishing attacks.  On January 24, the district confirmed that personal data may have been compromised when an unauthorized individual compromised an employee’s email account
0 Comments
Personal data belonging to American Major League Baseball Players and their family members have been stolen during a cyber-attack on a third-party vendor. Consulting firm Horizon Actuarial Services LLC. (Horizon Actuarial), based in Silver Spring, Maryland, was attacked with ransomware in November 2021.  In a recent data incident notice, the company revealed that data in its