Security

0 Comments
by Naked Security writer The name “Kaseya” has become one of the biggest words in ransomware infamy. Cybercriminals penetrated the IT management business Kaseya earlier this year and used the company’s own remote management tools to wreak simultaneous ransomware havoc across its customer base. Unfortunately for the many victims of the attack, Kaseya’s software required
0 Comments
Small and mid-sized businesses (SMBs) were today granted free access to a virtual security awareness training program. The program was put together by six-year-old security awareness training company Curricula, which is based in Atlanta, Georgia. In a statement released Tuesday, Curricula said: “Our team at Curricula is proud to announce a free security awareness training program designed to
0 Comments
Apple fans will have the opportunity to purchase a rare piece of cyber history when an Apple-1 computer is auctioned off tomorrow. The machine was hand-built by Steve Wozniak, Steve Jobs, and others in garage in Los Altos, California, in 1976 and 1977. It has been listed by California-based auction house John Moran Auctioneers in their Postwar and Contemporary
0 Comments
A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients.  Nationwide Laboratory Services, which is based in Boca Raton, identified suspicious activity on its network on May 19, 2021. An examination of the activity revealed that attackers had used ransomware to encrypt files across
0 Comments
A digital forensics tool capable of retrieving previously unrecoverable data is now available to license from the United States Department of Defense’s Cyber Crime Center (DC3). DC3’s Advanced Carver was invented by digital forensics expert Dr. Eoghan Casey to salvage corrupted data files from almost any digital device. The tool can be used to recover digital content, including
0 Comments
School districts in Ohio have been given a new online resource to help them improve their cybersecurity posture. The launch of the Ohio Department of Education Cyber Security Resources web page was announced by the Ohio Department of Education’s Cyber Security Steering Committee on November 3. The new resource was developed through the combined efforts of the Ohio Department
0 Comments
by Paul Ducklin [00’21”] Norbert (huzzah for Norbert!) does tech support. [02’38”] Europol digs into the ransomware scene. [09’21”] Microsoft finds a wacky bug in Apple’s shell. [18’09”] The Morris worm turns 33. [21’57”] Edge on Linux phans the phlames. [26’18”] Ola! Gibberish peculiarity textual solvage. With Paul Ducklin and Doug Aamoth. Intro and outro
0 Comments
A 22-year-old man from Britain has been indicted by the United States in connection with the 2019 theft of crypto-currency worth approximately $784,000. It is alleged that Joseph James O’Connor, also known as “PlugwalkJoe,” conspired with others to carry out SIM swap attacks against at least three individuals, all of whom were executives employed by the same
0 Comments
A company that handles the membership data of Britain’s Labour Party has been affected by a “cyber-incident.” Labour said that the event at the third-party firm has rendered “a significant quantity” of party data “inaccessible on their systems.” The incident has been reported to the UK’s National Cyber Security Centre (NCSC), National Crime Agency (NCA),
0 Comments
by Paul Ducklin This is the third in our collection of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This time, we talk to Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, about the controversial topic of
0 Comments
New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn. The 2021 Child Identity Fraud study authored by Tracy Kitten, director of fraud & security at Javelin Strategy & Research, analyzed factors that put children at the highest risk of identity theft and
0 Comments
by Paul Ducklin Here’s the second in our series of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This article is an interview with Sophos expert Chester Wisniewski, Principal Research Scientist at Sophos, and it’s full of useful and actionable advice
0 Comments
Cyber-criminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California. Nonprofit Community Medical Centers (CMC), which is headquartered in the city of Stockton, primarily serves low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano,
0 Comments
by Paul Ducklin [00’29”] Don’t miss our cybersecurity podcast minisodes! [01’46”] Bliss is a hill in wine country. [03’37”] Lessons from a cryptotrading hamster. [08’46”] Ransomware gang hacked back. [20’27”] Docusign phishers go after 2FA codes. [30’23”] Oh! No! Sleep mode considered harmful. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith
0 Comments
Law enforcement agencies in the United States have searched the Florida premises of a Chinese payment-terminal provider. A warehouse and offices belonging to multinational Pax Technology were scoured by the Federal Bureau of Investigation, the Department of Homeland Security, and other agencies on Tuesday after concerns were reportedly raised over the company’s security. The FBI said that
0 Comments
A man from Minnesota has been charged with hacking four major American professional sports leagues and defrauding them of millions of dollars by illegally streaming copyrighted live games. St. Louis Park resident Joshua Streit, who is also known as Josh Brody, allegedly intruded into the computer systems of the National Basketball Association (NBA), the National Football League
0 Comments
by Naked Security writer In an intriguingly worded news statement issued today, Europol has announced police action in both Switzerland and Ukraine against 12 cybercrime suspects. The document doesn’t actually use words such as a “arrested” or “charged with criminal offences”, saying merely that: A total of 12 individuals wreaking havoc across the world with
0 Comments
RED74, a managed security services provider based in New Jersey, has been acquired by cybersecurity consulting and managed services firm Cerberus Cyber Sentinel Corporation. The financial terms of the acquisition were not disclosed when the deal was announced on Thursday. RED74 is a privately held company whose clientele are primarily in the financial services and distribution/warehouse management sectors.
0 Comments
Microsoft has announced plans to fill 250,000 cybersecurity roles by working with community colleges across the United States. As part of the recruitment drive, the American multinational technology corporation said today that it intends to invest millions of dollars in education and teacher training over the next three years. As of January 2021, there were
0 Comments
by Paul Ducklin First thing this morning, just after midnight, we received the latest slew of Apple Security Bulletins by email. As often seems to happen with Cupertino’s patches, the emails were informative and confusing in equal measure, offering an intriguing mix of security update information: The latest macOS 12 Monterey emerges as 12.0.1. We’re
0 Comments
The United States government has launched an appeal against a UK court’s decision to refuse to extradite Wikileaks founder Julian Assange. Australian citizen Assange, who is aged 50, was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. The
0 Comments
by Paul Ducklin Two weeks ago was Cybersecurity Awareness Month’s “Fight the Phish” week, a theme that the #Cybermonth organisers chose because this age-old cybercrime is still a huge problem. Even though lots of us receive many phishing scams that are obvious when we look at them ourselves… …it’s easy to forget that the “obviousness”
0 Comments
A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
0 Comments
A non-profit educational foundation has teamed up with a cybersecurity company to develop a game that reveals what happens in a cyber-attack. The online simulation is the joint effort of Kaspersky and the DiploFoundation, and is based on the Kaspersky Interactive Protection Simulation (KIPS). The game was created with the intention of helping diplomats and professionals who lack