0 Comments
What is Ransomware? Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay.
0 Comments
Czech-based multinational cybersecurity software company Avast has suspended the sale and marketing of its products in Russia and Belarus.  In a statement shared Thursday, Avast said it was ceasing business in Russia and offering its premium products free of charge to the people of Ukraine. “With immediate effect, we have withdrawn the availability of all of our products
0 Comments
by Naked Security writer In cybersecurity history, the US Independence Day weekend of 2021 is not remembered for the restful and relaxing summer celebrations that you’d usually associate with the Fourth of July. Instead, it’s remembered as the weekend of the infamous Kaseya ransomware attack. This was ransomware-with-a-difference, and the difference was the ultimate scale
0 Comments
Authored by Oliver Devane, Vallabh Chole, and Aayush Tyagi  McAfee has recently observed several malicious Chrome Extensions which, once installed, will redirect users to phishing sites, insert Affiliate IDs and modify legitimate websites to exfiltrate personally identifiable information (PII) data. According to the Google Extension Chrome Store, the combined install base is 80,000  One extension,
0 Comments
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It’s, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of
0 Comments
Two 66-year-old women from Colorado have been accused of interfering with election equipment and official misconduct. On Tuesday, a Mesa County grand jury returned a 13-count indictment against clerk and recorder Tina Peters and deputy clerk Belinda Knisley. According to the indictment, the women tampered with the security of Dominion Voting Systems machines in late May 2021. It is
0 Comments
The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. “The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware
0 Comments
A lengthy investigation into the online trade of child sexual abuse material (CSAM) has led to the arrest of dozens of individuals based in New Zealand. Led by New Zealand’s Te Tari Taiwhenua Department of Internal Affairs (DIA), the two-year international operation identified more than 90,000 online accounts that possessed or traded CSAM.  DIA’s Digital
0 Comments
Most consumers prefer to bank digitally rather than in person but are worried about the risk of fraud, according to new research by payments and data security company, Entrust. A survey of 1350 consumers who made or received digital payments in the past 12 months found that 88% of respondents prefer to do their banking online in some
0 Comments
Editor’s Note: This is the first in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely
0 Comments
No sector or organization is immune to rapidly escalating cyberthreats, but when it comes to healthcare, the stakes couldn’t be higher Even prior to Russia’s invasion of Ukraine, there was considerable fear that military escalation would bleed (further) into cyberspace and be followed by a rash of impactful digital assaults with international implications. Organizations worldwide
0 Comments
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” Ben Seri
0 Comments
Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome (CVE-2022-26143) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies,
0 Comments
by Paul Ducklin Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data… …via the GitHub account of a former employee. As you’ve probably figured out already, Adafruit is named after after Ada Lovelace, a nineteenth-century British intellectual who was a computer programmer long before any programmable computers existed. As mysterious as that might
0 Comments
Tesla boss Elon Musk has admitted that users of his Starlink satellite communications system in Ukraine could attract enemy fire. The warning came last week, as a truckload of satellite dishes arrived in the war-torn Eastern European country after a government request. Starlink terminals communicate with a constellation of around 2000 satellites in a low
0 Comments
Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target’s attack surface for gaps that can
0 Comments
Cyber-criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud. In a blog post published Friday, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.  Since March 1, researchers have been tracking two specific
0 Comments
Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS). “While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase,” Nelli Klepfish, security analyst
0 Comments
by Paul Ducklin Mozilla has published Firefox 97.0.2, an “out-of-band” update that closes two bugs that are officially listed as critical. Mozilla reports that both of these holes are already actively being exploited, making them so-called zero-day bugs, which means, in simple terms, that the crooks got there first: We have had reports of attacks
0 Comments
The United States Senate has passed legislation requiring critical infrastructure operators and federal agencies to report cyber-attacks within 72 hours and ransomware payments within 24 hours. America’s Upper House approved the Strengthening American Cybersecurity Act of 2022 on Tuesday. The Act combines language from three bills, including the cyber-incident reporting bill, introduced to the Senate by the Senate Homeland Security and