Security

0 Comments
A Ukrainian accused of decrypting the credentials of thousands of computers across the globe and selling them on the dark web has been extradited to the United States. US authorities indicted Glib Oleksandr Ivanov-Tolpintsev in October 2020 in connection with charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.  Polish authorities arrested 28-year-old
0 Comments
A student who hacked into a British university’s computer network and made thousands of dollars by selling the answers to exams has been sentenced to prison. Hayder Aljayyash, who is 29 and was born in Iraq, was welcomed into the UK as an asylum seeker. Between November 2017 and May 2019, Aljayyash illegally accessed the
0 Comments
Cloud security company Menlo Security has appointed Devin Ertel as its Chief Information Security Officer (CISO). Ertel takes up the post following nearly 20 years of experience as an information security professional. Most recently, he was CISO at FinTech firm BlackHawk Network, where he managed a global team responsible for security, risk and compliance. Prior
0 Comments
Securing the new hybrid workplace may require significant changes to culture, policy and technology after new HP research revealed significant pushback from remote workers during the pandemic. The tech giant surveyed over 1000 IT decision-makers and more than 8400 workers across the globe to compile its latest HP Wolf Security study, Rebellions & Rejections. It revealed that nearly
0 Comments
US government security experts have urged system administrators to patch two critical flaws in widely used Cisco and Atlassian products, exposing them to compromise. In a rare move, US Cyber Command took to Twitter before the Labor Day holiday weekend on Friday to address the Atlassian bug. “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing
0 Comments
Another Accellion breach victim has been named nine months after threat actors exploited zero-day vulnerabilities in the company’s File Transfer Application. Beaumont Health has notified approximately 1500 patient that their personal data may have been compromised in the December attack on Accellion software.  Goodwin Procter LLP, which was hired by Beaumont to provide legal services, used Accellion’s File Transfer software
0 Comments
Two new senior cybersecurity appointments have been announced by the United States Department of Homeland Security. Former lead solution engineer at Salesforce, David Larrimore, has been named as the Department’s chief technology officer. Between 2016 and 2019, Larrimore occupied the same position at the Immigration and Customs Enforcement (ICE) component. Other roles held by Larrimore include an
0 Comments
A team of researchers at a UK university have designed a new device, which they claim will mitigate the risk of malicious USB drives. The “external scanning device” was designed at Liverpool Hope University and will soon go into production, having been granted a patent by the Indian government. It has been engineered to overcome
0 Comments
The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data from NCC Group. Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter (22%) of data leaks in
0 Comments
Scores of ransomware attacks on US schools and colleges last year may have cost them over $6bn, according to a new report published today. Security testing site Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time. Rransom costs are
0 Comments
The US Air Force has chosen a town nicknamed “Danger City” to be the location for the Air National Guard’s first Cyber Warfare Wing. Mansfield has around 50,000 inhabitants and is situated in the northeastern part of Ohio, midway between Columbus and Cleveland. According to local beer-maker, the Phoenix Brewing Company, the town earned its ominous nickname
0 Comments
American multinational technology corporation Microsoft has warned thousands of its cloud computing customers that their data could be accessed, altered or erased, according to a report by Reuters. Customers were warned that threat actors could even delete their main database by exploiting a vulnerability in Microsoft Azure’s flagship Cosmos DB database that has been named ChaosDB. The alleged
0 Comments
An entertaining new campaign has been launched to combat the sea of misinformation about coronavirus vaccines on social media that was branded an “infodemic” by the World Health Organization. The Instagram-based campaign was created by healthcare agency FCB Health New York IPG and non-profit group GMHC and is fronted by drag queen and influencer Miz
0 Comments
by Paul Ducklin [02’00”] More money troubles in cryptotown. [10’28”] Trouble with plastic spaghetti. [21’10”] The mouse that conquered Windows. [31’38”] Oh! No! When you report yourself for phishing. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith Mudge. LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in
0 Comments
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate. It noted that these include phishing emails with malicious attachments to gain
0 Comments
Personal and clinical data of more than 73,000 patients have been affected by a “sophisticated ransomware cyber-attack” on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients’ names, addresses, ID card numbers, contact details and clinical information.
0 Comments
by Paul Ducklin We all know a sysadmin or two (or three, or four) who are seriously into gaming, and have the cool hardware to prove it… …perhaps including a special chair, dedicated headphones, an ultra-hackable mouse, and an indestructible, mechnically triggered, 6-key-rollover, touch-typist’s keyboard (with multicoloured blank keycaps, configured in COLEMAK format, rather QWERTY
0 Comments
The average time taken to fix high severity application security flaws has increased by ten days in just a month, according to the latest data from NTT Application Security. The security vendor’s AppSec Stats Flash report for August offers a broad view of the current state of application security across various verticals. Most important is