Infosecurity Europe, Europe’s number one information security event, will run from Tuesday 21 to Thursday 23 June 2022 in its new home, ExCeL London. For many years, Infosecurity Europe, organised by RX (Reed Exhibitions), has taken place at London Olympia. The last two editions of the in-person event have been postponed due to COVID-19. According
Security
A former editor of the New York Observer who was pardoned in January for alleged cyber-stalking has been re-charged for a similar, related offense. New Jersey resident Kenneth Kurson, also known as Jayden Wagner and Eddie Train, was charged on October 23, 2020, with cyber-stalking three individuals and harassing two additional people. His alleged victims include his
High school students who raised the alarm after discovering a severe data breach involving teachers’ personal information say they were ignored for months. In January, students at Brooklyn Technical High School reportedly stumbled across a Google Drive containing documents uploaded by staff and students at schools across New York City. Among the documents were college recommendation letters,
by Paul Ducklin Another week, another cryptocurrency catastrophe. Last week’s story was about Chinese cryptocoin smart contract company Poly Networks, which was robbed of about $600 million’s worth of various cryptocurrencies. That heist has turned into an ongoing saga in which, mirabile dictu, the hacker ultimately seems to have agreed to return as much of
Global fines for anti-money laundering (AML) and data privacy compliance breaches have fallen by nearly 50% year-on-year in the first half of 2021, but could bounce back quickly as financial crime continues apace, according to Fenergo. The digital transformation company claimed that 85 individual fines were levied on global financial institutions for breaches of AML, Know
by Paul Ducklin [02’45”] Copyright infringement scams that beg you to call. [09’32”] An IoT bug that could be exploited for video snooping and more. [17’13”] A hacker steals $600m and then makes a song and dance out of giving it back. [26’18”] Oh! No! How Doug’s PS5 issues could have been solved back in
The US Census Bureau has been heavily criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching. Although the attacker was not able to access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report. Fortunately,
The average cost of phishing for large US organizations has soared by 289% over the past six years, with firms now losing nearly $15m annually, according to Proofpoint. The security vendor commissioned the Ponemon Institute to poll nearly 600 IT and IT security practitioners to compile its latest Cost of Phishing study. It revealed that
by Paul Ducklin Researchers at security company Mandiant have written up a report about a device-hijack bug in a video sharing and surveillance network called Kalay. Operated by Chinese smart device company ThroughTek, Kalay (which apparently means “handshake” in the Dawu language) is pitched as a cloud-based solution for vendors of home automation devices, including
The UK’s Ministry of Defence (MoD) is calling on startups to help the military reduce its cyber-attack surface by designing a new generation of more secure hardware and software. The MoD’s Defence and Security Accelerator (DASA) issued the call-to-arms on Monday, claiming it is prepared to fund proposals up to £300,000 for a nine-month contract. “The Defence Science and
by Paul Ducklin Copyright scams aren’t new – we’ve written about them many times in recent years. These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order
Nearly half (48%) of US hospitals have disconnected their networks in the past six months due to ransomware, according to a new study from Philips and CyberMDX. The Perspectives in Healthcare Security Report is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians. The findings revealed the outsized impact ransomware continues to have on
Texts purporting to be from parcel and delivery companies are the most prevalent form of ‘smishing’ scams, according to new data provided to UK Finance by cybersecurity firm Proofpoint. The data showed that over two-thirds (67.4%) of all UK texts reported as spam to the NCSC’s 7726 text messaging system, operated by Proofpoint, during the 30
American tech-driven beauty brand IL MAKIAGE has acquired Israeli deep-tech AI-based computational imaging startup Voyage81 for $40m. IL MAKIAGE, which is based in New York City’s Soho area, was relaunched in 2018 by brother and sister duo Oran Holtzman and Shiran Holtzman-Erel. Two years later, the company became the fastest-growing online beauty brand in the United States. Voyage81
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research. In a survey conducted by the International Data Corporation (IDC), it was found that many organizations that fell victim to ransomware experienced multiple ransomware events. In the
by Paul Ducklin [02’31”] Home and small business routers under attack. [16’22”] A hacking tool favoured by crooks gets hacked. [23’56”] The Navajo Nation’s selfless cryptographic contribution to America. [29’43”] A cybercrook gets aggrieved at being ripped off by cybercrooks. [38’33”] Oh! No! The steaming CEO with the flashing phone. With Doug Aamoth and Paul
A Virginia businessman who conned his victims out of more than a million dollars has been sentenced to prison. Glen Allen resident Gordon G. Miller III was the owner and operator of software engineering company G3 Systems and of purported venture capital company, G3i Ventures, LLC. From 2017, the 56-year-old began running multiple fraud schemes
by Paul Ducklin Remember Mt. Gox? Sure you do! Although it’s usually said aloud as “Mount Gox”, as if it were a topographic feature, it actually started life as MTGOX, short for Magic: The Gathering Online Exchange, where MTG fans could trade cards via the internet. The web domain was eventually repurposed for what was,
Consumer cybersecurity companies NortonLifeLock and Avast have announced an agreement for the Tempe-based cyber safety company to buy the digital security privacy company. NortonLifeLock’s closing share price was $27.20 as of July 13, 2021 — the last trading day before market speculation began — meaning the merger values between $8.1 bn and $8.6 bn. According
by Paul Ducklin Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router. The idea, it seems, was more to learn about the general techniques, tools and procedures available to router hackers than to conduct a security assessment of any particular product. Understandably, therefore,
The owner of a martial arts academy in Florida is in custody after allegedly installing hidden cameras in the restroom to spy on students. Police in Broward County arrested 64-year-old martial arts instructor Robert Danilo Franco on Friday. An investigation was launched after a 17-year-old female student spotted the devices and tipped off police. Investigators said the
Autonomous farming equipment that can be controlled remotely now helps to feed humanity. But what if that farming equipment were hacked? On August 8, at the DEF CON 29 conference, an Australian researcher known only as ‘Sick Codes‘ detailed what he referred to as a “tractor load of vulnerabilities” that, if exploited by an attacker,
by Paul Ducklin [00’26”] Timezone curiosities – when modular arithmetic gets weird [04’38”] Microsoft researcher found Apple 0-day in March, didn’t report it [13’18”] Retro computing – the TRS-80 arrived in August 1977 [19’17”] BazarCaller – the crooks who talk you into infecting yourself [33’02”] Oh! No! A billionaire… but only for 5 minutes With
There may be little if any argument about the vast impact that social media platforms have on the lives of hundreds of millions of people around the world. Social media has also had a profound influence on elections. In a session at the DEF CON 29 conference on August 7, Sebastian Bay, a researcher at
No attack type has been as impactful as ransomware in 2021. According to a panel of experts at the DEF CON 29 conference, the rising notoriety and impact of ransomware in 2021 has accelerated the need for both government and the private sector to act—though there was no clear consensus on the panel on exactly
by Paul Ducklin If you like a touch of irony in your cybersecurity news, then this has been the week for it. Yesterday, we wrote about an exploitable security hole… …inside a hacking tool that helps you exploit security holes. Today, we’re writing about a ransomware-related data breach that leaked organisational information… …from inside a
by Paul Ducklin If you’re a regular reader of Naked Security and Sophos News, you’ll almost certainly be familiar with Cobalt Strike, a network attack tool that’s popular with cybercriminals and malware creators. For example, by implanting the Cobalt Strike “Beacon” software on a network they’ve infiltrated, ransomware crooks can not only surreptitiously monitor but
The United States has been given leave to appeal a British court’s decision not to extradite WikiLeaks founder Julian Paul Assange to America. In Westminster Magistrate’s court in January, district judge Vanessa Baraitser ruled that Australian citizen Assange should not be extradited to the United States to face 17 charges under the Espionage Act and one charge under the
The Biden administration has announced the cancellation of a $10bn massive cloud-computing contract awarded to Microsoft. After Microsoft won a lengthy bidding process for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract in 2019, competing contractor Amazon Web Services (AWS) complained that the decision wasn’t fair. Yesterday the DoD issued a statement declaring that the contract had passed its sell-by date
The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research. The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data. A key finding of the