The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context. Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually
A sea of sensors will soon influence almost everything in your world Probably for the first time in its history, CES has more sensors on the show floor than attendees. What the show lacks in physical attendees, it makes up for with the sheer volume and variety of tiny sensors that will influence almost everything
The Commission nationale de l’informatique et des libertés (CNIL), France’s data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. “The websites facebook.com,
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A cyber-attack on American hospitality chain McMenamins may have exposed data belonging to its current and former employees. The business, which owns and operates brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington, issued a data breach notice after suffering a ransomware attack. Suspicious activity was identified in the company’s computer network on
Introduction In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 x64. The vulnerability, CVE-2021-1732, is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel (local
From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords The concept of the password has been around for centuries and passwords were introduced into computing way sooner than most of us can remember. One reason for the enduring popularity of passwords
VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an “important” security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary
by Paul Ducklin The Federal Trade Commission (FTC) is the US consumer rights body, and it has sailed into 2022 with a bang, not a whimper. Using the infamous Log4Shell vulnerability as what you might call its Exhibit A, the FTC has fired a shot across the bows of companies in US jurisdictions, telling them
Police in India have launched an investigation into an app featuring images of Muslim women described as being “for sale as maids.” Open-source online auction application Bulli Bai was hosted by GitHub but has now been removed from the online platform. Indian minister for information and technology Ashwini Vaishnawm said on Saturday that GitHub also
It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught
How can you help your kids navigate Instagram safely? Here are a few tips to help you protect their privacy on the app. While many teens have recently been captivated by other social media apps du jour, most notably TikTok, Instagram continues to hold its own among young internet users. Indeed, children aged 13-17 make
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby’s Realty that involved injecting malicious skimmers to steal sensitive personal information. “The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded
by Paul Ducklin A security research called Trevor Spiniolas has just published information about a bug he claims has existed in Apple’s iOS operating system since at least version 14.7. The bug affects the Home app, Apple’s home automation software that lets you control home devices – webcams, doorbells, thermostats, light bulbs, and so on –
Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022 The new year is a new opportunity to rewire your digital life. An increasingly important part of this is cybersecurity. In fact, 2021 is already shaping up to have been one of the most prolific years yet for cybercriminals.
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That’s according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. “This threat actor was able to leave most
The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online. We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems
Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. “The problem relates to a date check failure with the change of the new
Consumers have been warned to stay vigilant of delivery scam texts while online shopping for Christmas and during the Boxing Day sales. UK Finance cited new data from cybersecurity firm Proofpoint showing that delivery ‘smishing’ scams are surging amid the busiest shopping period of the year. This showed that over half (55.94%) of all reported smishing text
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that’s dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the
A Texas resident has been convicted of stealing hundreds of thousands of dollars from a school district in Idaho through a business email compromise (BEC) scam. Teton School District 401, which serves 1,800 students in seven schools in Teton County, fell victim to the cybercrime three years ago. In 2018, the district’s business manager, Carl Church,
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed “large academic
A man from Virginia has admitted cyber-stalking a United States Army recruiter for two years. Braxton Louis Danley, a 26-year-old resident of Luray, began harassing the female victim after failing to pass the army’s entrance exam. Prosecutors said Danley’s first contact with the victim occurred in February 2018 when he sent her an email asking for information
As we usher in the New Year, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends As the rollercoaster of a ride that was 2021 comes to a close and we’re entering a more hopeful new year, we thought it apt to compile a list of impactful
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise’s Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian
by Paul Ducklin If you create any sort of online content at all – even if you’re just a once-in-a-while blogger or an occasional social media user – you almost certainly know how easy it is for other people to rip off your material and present it as their own. We’re not talking about links,
Unique cyber-attacks declined for the first time in nearly three years in Q3 2021, according to new data from Positive Technologies. The researchers observed a 4.8% decline in unique attacks in Q3 compared to the previous quarter, the first time they have recorded a reduction since the end of 2018. They said that this trend was primarily by
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four
by Paul Ducklin Are you a sysadmin who managed to get your Log4Shell mitigations done in time for the US Government’s cybersecurity deadline of 24 December 2021? If so, you may have enjoyed a Christmas mini-vacation along with much of the rest of the world… …only to return to the fray this week and find
A federal grand jury has charged Uber’s former chief security officer (CSO) with three counts of wire fraud for reportedly failing to inform several hundred thousand Uber drivers that their driver’s licenses had been exposed during a 2016 breach. The superseding charges made to Joe Sullivan, 52, who served as Uber’s CSO from April 2015 through November
- « Previous Page
- 1
- …
- 88
- 89
- 90
- 91
- 92
- …
- 114
- Next Page »