Hacktivist group Anonymous has declared “cyber war” against Vladimir Putin’s government following the Russian invasion of Ukraine. The well-known international hacking collective made the announcement on its Twitter account on Thursday, shortly after the Kremlin commenced military action. The message read: “The Anonymous collective is officially in cyber war against the Russian government. #Anonymous #Ukraine.” Shortly after,
Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites A number of organizations in Ukraine have been hit by a cyberattack that involved new data-wiping malware dubbed HermeticWiper and impacted hundreds of computers on their networks, ESET Research has found. The attack came just
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via
The UK government has unveiled plans to roll out free cyber skills training for thousands of secondary school pupils. The Cyber Explorers program aims to educate 30,000 11 to 14-year-olds on a range of cybersecurity concepts, such as open-source intelligence, digital forensics and social engineering. The program will be delivered via a new online learning platform, in
The climate solutions we need to transform every sector are here. The question is: what role will you play in this transformation? You, your community, your business, your government? Technology is an expansive term. It’s not just apps and electronics. Human ingenuity has created everything from plows to fishing gear, bicycles to boomboxes, windmills to
TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that’s used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is “partially due to a big shift from Trickbot’s
by Paul Ducklin When the Apple AirTag hit the market in 2021, it immediately attracted the attention of hackers and reverse engineers. Could AirTags be jailbroken? Could AirTags be simulated? Could the AirTag ecosystem be used for purposes beyond Apple’s own imagination (or at least beyond its intentions)? We soon found ourselves writing up the
It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being
The UK’s construction industry has received its first-ever cybersecurity guidance from the National Cyber Security Centre (NCSC). The document, Cyber security for construction businesses, provides practical, tailored advice for construction firms on protecting their businesses and building projects from cyber-attackers. The guidance details the most common attack vectors construction faces, including spear-phishing, ransomware and supply chain attacks. The
It’s never too late to prevent children from being dragged to the dark side and to ensure their skills are a force for good When we talk about cybercrime and children, it’s often in the context of protecting the young ones from online dangers. That could mean ensuring our kids’ devices have the right parental
Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. “The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API
by Paul Ducklin WordPress plugins need to be kept up-to-date just as keenly as WordPress itself… …especially if those plugins are designed to help you look after the entirety of your WordPress site data. That’s why we thought we’d write about a recent warning from the creators of Updraft and Updraft Plus, which are free
Companies continue to accelerate their digital transformation and hybrid work strategies with security remaining top of mind. For a growing number of enterprises, the solution has been the deployment of a Security Service Edge (SSE). Introduced as a market category by Gartner, per our view we believe SSE is the consolidation of Secure Web Gateway
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report. The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business
Make no mistake, counting on a computer is not as easy as it may seem. Here’s what happens when a number gets “too big”. For many people in the IT community, 2022 got off to a bad start after a bug in on-premises versions of Microsoft Exchange Server caused emails to become stuck en route
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan’s financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10, also known as
by Paul Ducklin Unfortunately, we’ve had to warn about sextortion, also known as porn scamming, many times before. Porn scams are phishing tricks whereby criminals try to squeeze you into making contact with them, or even to pay them money immmediately, by claiming to have evidence that you have committed some sort of sexually-related online
Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move
Credit Suisse has hit back at allegations of severe due diligence failures exposed by a major new leak of customer account information. Details of 18,000 accounts linked to 30,000 clients containing an estimated £80bn ($100bn) were shared by an anonymous whistleblower with various media outlets, including The Guardian. “I believe that Swiss banking secrecy laws are
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses’ digital defenses. And unfortunately — the bad guys have the upper hand at the moment. Part of the reason
The United States Department of Justice (DOJ) is cracking down on the criminal misuse of cryptocurrencies and digital assets. In a statement released Thursday, the DOJ announced the appointment of prosecutor and former senior counsel to the deputy attorney general, Eun Young Choi, as the first director of the National Cryptocurrency Enforcement Team (NCET). Comprising department attorneys,
Researchers have detailed what they call the “first successful attempt” at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. “We were able to recover the master key for generating the file encryption key without the attacker’s private key, by using a cryptographic vulnerability identified
by Paul Ducklin Storm conditions in November 2021 in northern and north-eastern parts of the UK brought down powerlines in some areas, leaving many homes without electricity for several days. British power companies, which, for better or worse, are privatised rather that state-run, are required to pay out compensation to customers who did not receive
A man from Florida will not be serving time in prison for his role in a multi-million dollar Medicare fraud scheme involving the sale of patients’ personal and medical data. Boca Raton resident, Nathan LaParl, aged 35, and his 30-year-old accomplice Talia Alexandre, of Palm Springs, worked with foreign call centers to contact Medicare patients
The U.S. Department of Justice (DoJ) earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET) it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets,” with a focus on illegal activities in virtual currency exchanges, mixing
by Paul Ducklin If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float(). A proof-of-concept exploit based on using PHP to query a database shows that the
The infamous Trickbot Trojan has targeted customers of scores of big-name brands over the past year, including Amazon, PayPal and Microsoft, according to new data from Check Point. The security vendor claimed that the malware had infected at least 140,000 victims since November 2020, with attackers being careful to target high-profile victims. Among the 60 brands
Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages. The company’s Microsoft 365 Defender Research Team called out various new avenues through which
- « Previous Page
- 1
- …
- 82
- 83
- 84
- 85
- 86
- …
- 114
- Next Page »