Water Labbu Abuses Malicious DApps to Steal CryptocurrencyThe parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their...
Day: October 25, 2022
ESET research into POLONIUM’s arsenal – Week in security with Tony Anscombe
ESET research into POLONIUM’s arsenal – Week in security with Tony AnscombeMore than a dozen organizations operating in various verticals were attacked by the threat actor...
Ukrainian Governmental Agencies Targeted by Ransomware Attacks
Ukrainian Governmental Agencies Targeted by Ransomware AttacksAn alert has been issued by the Computer Emergency Response Team of Ukraine (CERT-UA) on October 21st regarding Cuba Ransomware...
5 steps to protect your school from cyberattacks
5 steps to protect your school from cyberattacksWhat can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep...
Fine for Shein! Fashion site hit with $1.9 million bill after lying about data breach
Fine for Shein! Fashion site hit with $1.9 million bill after lying about data breachThe parent company of women's fashion site Shein has been fined $1.9...
Why Cybereason Went From IPO Candidate to Seeking a Buyer
Why Cybereason Went From IPO Candidate to Seeking a BuyerStiff Competition, Muddled Go-to-Market Strategy Put Cybereason on Path to SellingCybereason has abandoned its IPO plans altogether...
Don’t get scammed when buying tickets online
Don’t get scammed when buying tickets onlineWith hot-ticket events firmly back on the agenda, scammers selling fake tickets online have also come out in force The...
Emotet Botnet Drops Malware via Self-Unlocking Password-Protected RAR Files
Emotet Botnet Drops Malware via Self-Unlocking Password-Protected RAR FilesA surge of malspam campaigns has been recently attributed to Emotet botnet. Taking advantage of password-protected archive files, the notorious...
Smashing Security podcast #294: The Virgin trains swindler, cyber clowns, and AirTag election debacle
Smashing Security podcast #294: The Virgin trains swindler, cyber clowns, and AirTag election debacleSomeone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany,...
Tracking Earth Aughisky’s Malware and Changes
Tracking Earth Aughisky’s Malware and ChangesFor over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the...
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
Domestic Kitten campaign spying on Iranian citizens with new FurBall malwareAPT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware...
The safety of numbers
The safety of numbersThe future of effective crowdsourced cybersecurity according to Bugcrowd Webinar It was the English philosopher Sir Francis Bacon who first wrote 'knowledge is...
Akamai to boost network-layer DDoS protection with new scrubbing centers
Akamai to boost network-layer DDoS protection with new scrubbing centersContent delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able...
APT‑C‑50 updates FurBall Android malware – Week in security with Tony Anscombe
APT‑C‑50 updates FurBall Android malware – Week in security with Tony AnscombeESET Research spots a new version of Android malware known as FurBall that APT-C-50 is...
Microsoft “BlueBleed” data breach: customer details and email content exposed
Microsoft “BlueBleed” data breach: customer details and email content exposedMicrosoft says that it accidentally exposed sensitive customer data after failing to configure a server securely. But...
WhatsApp Down: Users Can’t Send or Receive Messages
WhatsApp Down: Users Can’t Send or Receive MessagesToday, October 25th, WhatsApp, the biggest messaging app in the world, suffered from an outage that shut down its...
Australia’s Data Breach Wave: Workaday Cybercrime
Australia's Data Breach Wave: Workaday CybercrimeNation-State Actors Aren't Going to Be as Obnoxious and PublicIs Australia's data breach wave a coincidence, bad luck or intentional targeting?...
5 reasons to keep your software and devices up to date
5 reasons to keep your software and devices up to dateNext time you're tempted to hold off on installing software updates, remember why these updates are...
How Water Labbu Exploits Electron-Based Applications
How Water Labbu Exploits Electron-Based ApplicationsIn the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt...
The Interpol Metaverse Was Launched to Help the Fight against Cybercrime
The Interpol Metaverse Was Launched to Help the Fight against CybercrimeLast week, at the 90th Interpol General Assembly in New Delhi, The International Criminal Police Organization...
Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos
Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videosA former officer at Louisville Metro Police has admitted his part in...
The Battle Against Phishing Attacks and Similar Scams
The Battle Against Phishing Attacks and Similar ScamsMany entities fight an uphill battle against increasingly clever phishing and related scams that lead to serious data compromises,...
Using Identity for Access Is a Huge Cybersecurity Risk
Using Identity for Access Is a Huge Cybersecurity RiskWhy FIDO’s proposal to use identification for cyber access opens more security vulnerabilities for threat actors to exploit...
Car dealer group Pendragon refuses to pay $60 million to ransomware extortionists
Car dealer group Pendragon refuses to pay $60 million to ransomware extortionistsPendragon - the car dealership group which owns Evans Halshaw, CarStore, and Stratstone, and operates...
Regulating DAOs
Regulating DAOsIn August, the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the cryptocurrency platform Tornado Cash, a virtual currency “mixer” designed to make it...
Upcoming Speaking Engagements
Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum, online, October...
Friday Squid Blogging: On Squid Ink
Friday Squid Blogging: On Squid InkIt’s aimed at children, but it’s a good primer. As usual, you can also use this squid post to talk about...
Automotive Retailer Pendragon Refuses to Pay $60 Million Ransom
Automotive Retailer Pendragon Refuses to Pay $60 Million RansomLockBit ransomware allegedly breached Pendragon Group, a U.K.-based auto dealer group with over 200 locations, and demanded $60...
Hacking Automobile Keyless Entry Systems
Hacking Automobile Keyless Entry SystemsSuspected members of a European car-theft ring have been arrested: The criminals targeted vehicles with keyless entry and start systems, exploiting the...
Seven months after it found out, FamilySearch tells users their personal data has been breached
Seven months after it found out, FamilySearch tells users their personal data has been breachedShouldn't affected users have been told sooner?Leer másGraham CluleyShouldn't affected users have...