Cyber-thieves hacked into the computer network of Swedish car manufacturer Volvo and exfiltrated research and development secrets. The carmaker posted a notice on its website yesterday stating that it had suffered a cybersecurity breach in which a limited amount of data was stolen. Though the quantity of data swiped in the incident was small, Volvo warned that its loss
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed
An investigation into the springtime cyber-attack on HSE Ireland has found that criminals spent two months inside the healthcare system’s computer network before deploying ransomware. The attack, which struck HSE Ireland with Conti ransomware in mid-May, forced the health service to take its IT systems offline, leading to the cancellation of multiple hospital appointments. An investigation
Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its
Details have emerged about what’s the first Rust-language-based ransomware strain spotted in the wild that has already amassed “some victims from different countries” since its launch last month. The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. “Victims can pay with Bitcoin or Monero,” the researchers said in a series of tweets detailing the file-encrypting malware.
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found.
A cyber-attack has been carried out against major German logistics provider Hellmann Worldwide Logistics. The security incident forced Hellmann to take its central data center offline yesterday. Today, operations at the Osnabrück-based company remain disrupted. Hellmann said that since the attack was discovered, it has been under the constant observation of its Global Crisis Taskforce, which
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them. Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable. One research group
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated,
by Paul Ducklin Just when you thought it was safe to relax for the weekend… …when your cybersecurity Christmas decorations lit up with the latest funkily-named bug: Log4Shell. Apparently, early reports of the bug referred to it as LogJam, because it allows you to JAM dodgy download requests into entries in LOG files. But LogJam
A political activist and former star of the reality TV show 19 Kids and Counting has been convicted of two charges relating to the sexual abuse of children. On Thursday, after a six-day trial that featured ten witnesses, a jury found Josh Duggar guilty of one count of receiving CSAM and one count of possessing CSAM. It took the jury just
We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you. Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder. After demonstrating the ease with which anybody can hijack your WhatsApp in 2020, I took a hiatus in ethically hacking people’s accounts. It’s just not the same hacking
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity
Amazon‘s cloud computing network suffered a five-hour outage on Tuesday, chiefly impacting individuals and businesses in the eastern United States. Online services provided by a swathe of companies were disrupted by the incident at Amazon Web Services, which also affected Amazon’s own e-commerce business. Gaming site League of Legends PUBG went down, and Tinder, Coinbase,
Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be? Device Dependence These conversations weigh heavy on parents for a good reason. According
Google on Tuesday said it took steps to disrupt the operations of a sophisticated “multi-component” botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin’s blockchain as a resilience mechanism. As part of the efforts, Google’s Threat Analysis Group (TAG) said it
by Paul Ducklin Today’s a Firefox Tuesday, when the latest version of Mozilla’s browser comes out, complete with all the security updates that have been merged into the product since the previous release. We used to call them Fortytwosdays, because Mozilla followed a six-weekly coding cycle, instead of monthly like Microsoft, or quarterly like Oracle,
Two brothers from Peru have admitted their role in an international call-center scam that defrauded Spanish-speaking immigrants to the United States. Under the conspiracy, victims were called up and threatened with legal action or deportation if they didn’t buy certain educational products. The scam was perpetrated from a series of call centers in Peru, including
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts. Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool
It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season It’s that time of the year again, when we’re all online looking for presents to give and
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been “unwittingly inherited” by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products,
The United States has imprisoned a woman for her role in a child sexual abuse material (CSAM) subscription service that produced millions of images and videos of sexualized minors. Patrice Eileen Wilowski-Mevorah of Tampa, Florida, was one of four people charged in August in connection with the Newstar Websites operated by Newstar Enterprise, out of Florida. Since then, two
Your Cybersecurity Comic Relief CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Why am I here? For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report – a digest of all the latest and greatest vulnerabilities from the last 30-ish days based on merits just
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. Around 6,000 of the 60,000 computers connected to ARPANET,
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing
by Paul Ducklin Two weeks ago, after three software audits and three months of live testing, a cryptocurrency startup called MonoX introduced what it described as “the premier bootstrap decentralized exchange, Monoswap”. In an announcement on 23 November 2021, the company declared: MonoX will revolutionize the DeFi ecosystem by fixing the capital inefficiencies of current
Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. Under the new Transportation Security Administration–issued mandate, rail operators, airport operators and airline operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours of detection. All three
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly. Did you know that your device can fall into cybercriminals’ hands without
- « Previous Page
- 1
- …
- 91
- 92
- 93
- 94
- 95
- …
- 114
- Next Page »