The UK’s Foreign Office was the target of “a serious cybersecurity incident,” according to a document accidentally published on a government website. The BBC reported that the tender document revealed that unidentified hackers infiltrated Foreign, Commonwealth and Development Office (FCDO) systems, but were detected. It added that cybersecurity company BAE Systems Applied Intelligence was called
No more turning a blind eye to algorithmic bias and discrimination if US lawmakers get their way For years, tech has claimed that AI decisions are very hard to explain, but still pretty darn good. If US lawmakers get their way, that will have to change. Citing potential for fraud and techno-fiddling to get the
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — code named Out to Sea — to a threat actor called OilRig (aka
by Paul Ducklin Yesterday, we wrote that Microsoft had decided to turn off a handy software deployment feature, even though the company described itself as “thrilled” by the feature, and described its functionality as “popular”. #ICYMI, that was about the use of so-called App Bundles to make software available for download via your browser. By
Pornographic websites will be legally obliged to introduce robust checks to verify the age of users under new plans published by the UK government. The measure is designed to protect children from accessing pornography from commercial providers. Announced on Safer Internet Day, the standalone provision has been added to the UK’s Online Safety Bill. The obligation
A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL
by Paul Ducklin Late last year (November 2021), we reported on an unusual campaign of scammy emails warning recipients that they were in big trouble at work. If you saw one of these, you’ll probably remember it: a customer had made a formal complaint and the company was scrambling to hold a meeting to investigate
The UK government has unveiled plans to strengthen its Online Safety Bill, which includes the creation of new criminal offenses. The legislation, first drafted in May 2021, will place new obligations on social media sites and other services hosting user-generated content or allowing people to talk to others online to remove and limit the spread of illegal
Systems hosting content pertaining to the National Games of China were successfully breached last year by an unnamed Chinese-language-speaking hacking group. Cybersecurity firm Avast, which dissected the intrusion, said that the attackers gained access to a web server 12 days prior to the start of the event on September 3 to drop multiple reverse web
Lithuanian-based cybersecurity companies and rival virtual private network (VPN) providers Nord Security and Surfshark have finalized a merger agreement. The companies said that the merger would “open new technical knowledge-sharing opportunities and enable more focused market diversification.” Both companies will continue to operate autonomously and maintain separate infrastructure and product roadmaps. Since both companies are privately owned entities, the transaction
Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions
Security researchers at Apiiro have discovered a significant software supply chain zero-day vulnerability in the popular open-source continuous delivery platform, Argo CD. Used by thousands of organizations globally, Argo CD is a tool that reads environment configurations (written as a helm chart, kustomize files, jsonnet or plain YAML files) from git repositories and applies it Kubernetes namespaces. The
QR codes are all the rage and scammers have taken notice. Look out for dangers lurking behind those little black-and-white squares. QR codes are having a moment. The humble squares may have been around since 1994, but it wasn’t until the COVID-19 era that they became a truly household name. These days, you can spot
Microsoft on Friday shared more of the tactics, techniques, and procedures (TTPs) adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations (NGO), judiciary, law enforcement, and
by Paul Ducklin To misquote (and, indeed, to mispunctuate) Charles Dickens: it was the best of blockhains; it was the worst of blockchains. This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens. Assuming a conversion rate
Cyber-criminals are making and laundering millions through non-fungible tokens (NFTs), according to new data from Chainalysis. NFTs are technically unique records on a blockchain that are each linked to a piece of digital content. They can be minted and sold by the content creator to investors, fans and collectors. Their popularity soared last year, according to
A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company’s devices. The development was reported by Reuters, citing unnamed sources, noting that “the two rival businesses gained the same ability
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
Phishing kits designed to circumvent multi-factor authentication (MFA) by stealing session cookies are increasingly popular on the cybercrime underground, security researchers at Proofpoint have warned. After years of prompting by security teams and third-party experts, MFA finally appears to have reached a tipping point of user adoption. Figures from Duo Security cited by Proofpoint in a new blog today
Some fraudsters may use low-tech tactics to steal your sensitive information – peering over your shoulder as you enter that data is one of them We live in an age of pervasive connectivity. But our always-on, mobile-centric lives also expose us to risk. For many people, it is the prospect of phishing, remotely deployed malware
An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. “The threat actor used ‘free productivity apps installation’ or ‘free software development tools installation’ themes as SEO keywords to lure victims to a compromised website and to
by Paul Ducklin If you run a WordPress site and you use the Elementor website creation toolkit, you could be at risk of a security hole that combines data leakage and remote code execution. That’s if you use a plugin called Essential Addons for Elementor, which is a popular tool for adding visual features such
A critical vulnerability in a popular open-source networking protocol could allow attackers to execute code with root privileges unless patched, experts have warned. Samba is a popular free implementation of the SMB protocol, allowing Linux, Windows and Mac users to share files across a network. However, a newly discovered critical vulnerability (CVE-2021-44142) in the software
We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM’s Cost of a Data Breach Report that has been tracking this statistic
by Paul Ducklin Remember all those funkily named bugs of recent memory, such as Spectre, Meltdown, F**CKWIT and RAMbleed? Very loosely speaking, these types of bug – perhaps they’re better described as “performance costs” – are a side effect of the ever-increasing demand for ever-faster CPUs, especially now that the average computer or mobile phone
A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents. After notifying the owner, Swedish
Think your smartphone has been compromised by malware? Here’s how to spot the signs of a hacked phone and how to remove the hacker from your phone. With the dawn of the Android and iOS operating systems, phones have evolved far beyond their humble call and text features – they now are portable smart devices
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the
by Paul Ducklin Typefaces can be a tricky business, both technically and legally. Before word processors, laser printers and digital publishing, printed materials were quite literally “set in metal” (or wood), with typesetters laying out lines and pages by hand, using mirror-image letters cast on metal stalks (or carved into wooden blocks) that could be
The US government has effectively stripped another Chinese telecoms player of its license to operate in the country on national security grounds. The new Federal Communications Commission (FCC) order ends the ability of China Unicom Americas to provide telecoms services within the US. It follows a March 2021 finding by the FCC in which it
- « Previous Page
- 1
- …
- 84
- 85
- 86
- 87
- 88
- …
- 114
- Next Page »