by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
The UK’s cybersecurity industry generated record levels of external investment and revenue in the last financial year, according to official figures. The DCMS Annual Cyber Sector Report 2022 revealed more than £1bn was raised in external investment over 84 deals during this period. This includes Bristol-based Immersive Labs, which secured £53.5m, and London-headquartered Tessian, which raised more
Progress is a driving force of humanity, but what does that word “progress” really mean and what part do we have to play? From spaceflight to medicine to renewable energy, we continue to see advances that could bring huge benefits to the world. Progress is a driving force of humanity, but what does that word
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple’s App Tracking Transparency (ATT) framework,
by Paul Ducklin VMWare’s latest security bulletin doesn’t mince its words about how quickly you should patch: When do I need to act? Immediately. The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. [… G]iven the severity, we strongly recommend that you act. The issues referred to
A range of pressing cybersecurity issues was discussed by members of the RSA Conference advisory board during a virtual session this week. The panelists began by highlighting the elevated profile of cybersecurity during the COVID-19 pandemic, which is increasingly coming to the attention of business leaders. Caroline Wong, chief strategy officer at Cobalt, noted that “when I began my career, I
Why would a tax agency contractor’s privacy policy mention collecting information about my Facebook friends? The IRS has made a U-turn on facial recognition, but what about the Social Security Administration or the California Department of Motor Vehicles’ use of the same contractor? In the last few weeks, the US Internal Revenue Service (IRS) made
VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there’s no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is
Summary The ShadowPad advanced modular remote access trojan (RAT) has been deployed by the Chinese government-sponsored BRONZE ATLAS threat group since at least 2017. A growing list of other Chinese threat groups have deployed it globally since 2019 in attacks against organizations in various industry verticals. Secureworks® Counter Threat Unit™ (CTU) analysis of ShadowPad samples
by Paul Ducklin In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. Remember that a zero-day exploit is a security bypass, typically one that allows Bad Guys to break in and run or implant software of their own
Reported scams surged by 17% in the final quarter of 2021 in the UK, while attempted scams increased by 70% over the same period, according to new data from Barclays. The findings, based on responses from over 2000 UK residents, came as the bank issued new guidance for the public on how to detect the common
How well retailers can manage the surge in cyberthreats may be crucial for their prospects in a post‑pandemic world It’s hardly surprising that the retail sector is one of the most frequently targeted globally, with retail sales in the US alone projected to top $5.2 trillion in 2022. Consumers’ money and data have for years been
Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others,
by Paul Ducklin Using the Adobe Commerce online selling platform? Using Magento, the free, open-source variant of the same product? Buying products from online stores that use either of these? Using online services that themselves use services that (…repeat up the supply chain as needed…) ultimately depend upon Magento or Adobe’s paid version? If so,
A local authority in the UK hit by suspected Russian actors has set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports. Gloucester City Council discovered the breach back in December and warned at the time that it could take up to six months to fix as servers would need rebuilding.
Spain’s National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and
Security researchers at Website Planet have discovered an unsecured Amazon S3 bucket containing the Personal Identifiable Information (PII) of millions of people. Inside the bucket were ten folders, containing around 6,000 files and totaling over 1GB of data. While most (approximately 99%) of the data belongs to American residents, some information relates to people living in Canada.
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company’s third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component
A leader of the hacking group Team-Xecuter has been sentenced to prison for participating in a piracy conspiracy against multiple gaming companies. Canadian national Gary Bowser, who is also known as GaryOPA, was arrested in the Dominican Republic in September 2020 on suspicion of creating and selling illegal software and devices that enabled users to play pirated
Don’t be the next victim – spot the signs of a faux romance in time and send that scammer ‘packing’ It is a truth universally acknowledged that we’re all looking for a special someone to share our lives with. Some of us are lucky enough to find that person. For the rest, the search goes
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union’s General Data Protection Regulation (GDPR) laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of
by Paul Ducklin Here on Naked Security, we’ve been lamenting the mysterious nature of Apple’s security updates for ages. For example, even when widely-known security problems appear in components that are part of Apple’s operating system, Apple routinely refuses to say when, or even if, it plans to address the issues itself. Back in February
Nearly half of emails destined for inboxes in 2021 were classed as spam, with Russia the biggest culprit, according to Kaspersky. In its new Spam and Phishing in 2021 report, the Russian AV company revealed that it detected spam rates at an average of 46% over the year, peaking at 48% in June. Most of it came from
A trip into the dark corners of Telegram, which has become a magnet for criminals peddling everything from illegal drugs to fake money and COVID-19 vaccine passes Just a few years ago, illicit services and online contraband were firmly sourced in the hidden, largely untraceable depths of the internet: the dark web. People frequenting dark
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.” Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as “ModifiedElephant,” an elusive threat actor that’s been operational since at least 2012,
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
The evolution of cyber-threats and the confluence of new systems and legacy systems are the most significant current challenges for security teams, according to a panel of CISOs speaking during a virtual event organized by HP Wolf Security. Moderated by Ed Amoroso, chief executive officer of TAG Cyber LLC, the session began with a simple question to
A view of the T3 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts While 2020 was the year of supply-chain attacks (and, yes, the start of the global COVID-19 crisis), 2021 was defined by shockingly severe vulnerabilities (…and by vaccines). The year started with
Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled out a broad range of sectors, including defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities,
by Naked Security writer The story as we know it now sounds simple, but the investigation wasn’t. It all started, according to court papers, with a security breach reported in August 2016 by the Bitcoin exchange Bitfinex. (The court application for an arrest warrant refers to the company only as “VCE”, short for Virtual Currency
- « Previous Page
- 1
- …
- 83
- 84
- 85
- 86
- 87
- …
- 114
- Next Page »