A new multifunctional malware written in the Go programming language has been spotted in the wild, targeting both Windows and Linux systems. The discovery has been made by Black Lotus Labs, the threat intelligence team at Lumen Technologies, who published an advisory about the new threat on Wednesday. The team reportedly discovered and analyzed roughly
by Paul Ducklin CUTTING THROUGH CYBERSECURITY NEWS HYPE With Paul Ducklin and Chester Wisniewski Intro and outro music by Edith Mudge. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good
Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online The digital world has provided countless opportunities for youngsters that their parents never experienced. It helped kids stay in touch with each other during the dark days of pandemic-era lockdowns. And now that
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. “The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works,” Kaspersky researchers said.
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers. As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials According to
Overall malware detections from the peaks seen in the first half of 2021 have decreased in the second quarter of 2022, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office. The figures come from a report published by WatchGuard earlier today and shared with Infosecurity Magazine. “While overall malware attacks
by Paul Ducklin Last week’s cyberintrusion at Australian telco Optus, which has about 10 million customers, has drawn the ire of the country’s government over how the breached company should deal with stolen ID details. Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of optusdata offering
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you. Globally, plenty of people pull double duty
Had your Instagram account stolen? Don’t panic – here’s how to get your account back and how to avoid getting hacked (again) A friend – let’s call her Ellie – recently called me with a devastated tone in her voice. Her Instagram account had been hacked and she was locked out. Her panic was evident
Security researchers at SentinelOne have uncovered a variant of the Operation In(ter)ception campaign using lures for job vacancies at cryptocurrency exchange platform Crypto.com to infect macOS users with malware. According to an advisory published on Monday, the new attacks would represent a further instance of a campaign spotted by ESET and Malwarebytes in August and
by Paul Ducklin For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted
The Ukrainian government on Monday warned of “massive cyberattacks” by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. “By the cyberattacks, the enemy will try
Wearable pioneer Fitbit has revealed a new clause that will require users to adopt a Google account for logins next year. “In 2023 we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account,” the company wrote in a blog post. “After the date of this launch, some
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that “moderators of the purported hacktivist Telegram channels ‘XakNet Team,’ ‘Infoccentr,’ and ‘CyberArmyofRussia_Reborn’ are coordinating their operations
The social network TikTok is chockfull of interesting, fun, laugh-out-loud videos shared by creators worldwide. Kids, as well as parents, can easily spend hours glued to the platform. But as with most popular platforms, the fun can eventually turn dark, even deadly, when viral challenges make their rounds. The latest viral challenge, the “blackout
The online world provides children with previously unimagined opportunities to learn and socialize, but it also opens them up to a range of hazards. How can you steer kids toward safe internet habits? The way our digital lives have become entangled with our physical world has brought new, major challenges for parents, caregivers and teachers.
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the
The cyber mercenary group, Void Balaur, continues expanding its hack–for–hire campaigns despite disruptions to its online advertising personas. The new information comes from cybersecurity experts at SentinelLabs, who recently published an advisory detailing Void Balaur’s latest campaigns. Written by senior threat researcher Tom Hegel, the document discusses the findings that SentinelLabs first unveiled at its
by Paul Ducklin The curious name LAPSUS$ made huge headlines in March 2022 as the nickname of a hacking gang, or, in unvarnished words, as the label for a notorious and active collective of cybercriminals: The name was somewhat unusual for a cybercrime crew, who commonly adopt handles that sound edgy and destructive, such as
Here’s to the hashtags, the likes, the followers, the DMs, and the LOLs—June 30th marks Social Media Day, a time to celebrate and reflect on how social media has changed our lives over the years. Started in 2010 by media and entertainment company Mashable, celebrations have taken on all kinds of forms. Meetups, contests, calls to increase your social circle
A major financial services company has learned the hard way about the importance of proper disposal of customers’ personal data The U.S. Securities and Exchange Commission (SEC) has announced that Morgan Stanley has agreed to pay a penalty of $35 million for exposing the personal information of 15 million customers. According to SEC, the financial
The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. “On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking,” the agency said, adding “he remains in police custody.” The department said
Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft researchers. It revealed the threat actors launched credential–stuffing attacks (which use lists of compromised user credentials) against high–risk, unsecured administrator accounts that didn’t have multi–factor authentication (MFA)
When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes. But how often should you create new
Your eyes may be the window to your soul, but they can also be your airplane boarding pass or the key unlocking your phone. What’s the good and the bad of using biometric traits for authentication? The ability to confirm your identity using your fingerprint or face is something we have already become accustomed to.
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted “many victim organizations.” The fraudulent
The Department of Air Force (DAF) Enterprise IT as a Service’s (EITaaS) Base Infrastructure Modernization (BIM) procurement said it will evolve its digital modernization strategy to an “as a Service” model that will integrate network, end–user services and computing platforms. According to an announcement by technology company Lumen, which will collaborate with the DAF on the
by Paul Ducklin Morgan Stanley, which bills itself in its website title tag as the “global leader in financial services”, and states in the opening sentence of its main page that “clients come first”, has been fined $35,000,000 by the US Securities and Exchange Commission (SEC)… …for selling off old hardware devices online, including thousands
*TW: Mentions Suicide Our passion for protecting people doesn’t stop with online safety. We deeply care for our people, their families and friends, and our communities. To recognize World Suicide Prevention on Sept. 10 and help normalize and encourage conversations about mental health year-round, we recently hosted a discussion with McAfee colleagues and suicide prevention
- « Previous Page
- 1
- …
- 54
- 55
- 56
- 57
- 58
- …
- 114
- Next Page »