Attackers move away from Office macros to LNK files for malware deliveryFor years attackers have used Office documents with malicious macros as one of the primary...
Month: January 2023
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed AppsResearchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700...
Near-Record Year for US Data Breaches in 2022
Near-Record Year for US Data Breaches in 2022Breach notices are increasingly opaque, warns non-profitLeer másBreach notices are increasingly opaque, warns non-profit
Dark Web Posts Advertising Counterfeit Cash Surge 90%
Dark Web Posts Advertising Counterfeit Cash Surge 90%Physical currency remains a big draw for cyber-criminalsLeer másPhysical currency remains a big draw for cyber-criminals
Threat Hunting: The Cost-Effective Way to Protect Your Organization’s Bottom Line (and Keep the Hackers at Bay)
Threat Hunting: The Cost-Effective Way to Protect Your Organization’s Bottom Line (and Keep the Hackers at Bay)Threat hunting is a proactive process of searching for signs...
NCSC: Iranian and Russian Groups Targeting Government, Activists and Journalists With Spearphishing
NCSC: Iranian and Russian Groups Targeting Government, Activists and Journalists With SpearphishingThe NCSC advisory details tactics used by Russia-based threat actor SEABORGIUM and Iran-based group TA453Leer...
Recent legal developments bode well for security researchers, but challenges remain
Recent legal developments bode well for security researchers, but challenges remainDespite the hoodie-wearing bad guy image, most hackers are bona fide security researchers protecting users by...
Cybersecurity is Facing a Cataclysmic Problem
Cybersecurity is Facing a Cataclysmic ProblemAt a time when cybersecurity threats are at an all-time high, an alarming statistic is emerging: Professionals in this field are...
9 API security tools on the frontlines of cybersecurity
9 API security tools on the frontlines of cybersecurityApplication programming interfaces (APIs) have become a critical part of networking, programs, applications, devices, and nearly everything else...
Public Groups Identify Tesla Terrorist After Unexplained Police Delay
Public Groups Identify Tesla Terrorist After Unexplained Police DelayA data sharing initiative with news video on a social media platform has identified the Tesla driver implicated...
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 FrameworksThe legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it...
Multi-million investment scammers busted in four-country Europol raid
Multi-million investment scammers busted in four-country Europol raid216 questioned, 15 arrested, 4 fake call centres searched, millions seized...Leer másNaked Security216 questioned, 15 arrested, 4 fake call...
Flexible Metal NASA Robot Tires Now Available for Bicycles
Flexible Metal NASA Robot Tires Now Available for BicyclesA couple of the awards at this year’s CES went to a metal mesh tire, based on NASA...
S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]
S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]As always: entertaining, informative and educational... and not bogged down with jargon! Listen...
Serious Security: Unravelling the LifeLock “hacked passwords” story
Serious Security: Unravelling the LifeLock “hacked passwords” storyFour straight-talking tips to improve your online security, whether you're a LifeLock customer or not.Leer másNaked SecurityFour straight-talking tips...
T-Mobile admits to 37,000,000 customer records stolen by “bad actor”
T-Mobile admits to 37,000,000 customer records stolen by “bad actor”Once more, it's time for Shakespeare's words: Once more unto the breach...Leer másNaked SecurityOnce more, it's time...
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS securityIt's a really cool and super-simple trick. The question is, "Will it help?"Leer másNaked SecurityIt's a really cool...
Apple patches are out – old iPhones get an old zero-day fix at last!
Apple patches are out – old iPhones get an old zero-day fix at last!Don't delay, especially if you're still running an iOS 12 device... please do...
SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric
SaaS Security Posture Management (SSPM) as a Layer in Your Identity FabricThe move to SaaS and other cloud tools has put an emphasis on Identity &...
GoTo admits: Customer cloud backups stolen together with decryption key
GoTo admits: Customer cloud backups stolen together with decryption keyWe were going to write, "Once more unto the breach, dear friends, once more"... but it seems...
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and FraudTwo security flaws have been disclosed in Samsung's Galaxy Store app for Android that could...
Facebook Introduces New Features for End-to-End Encrypted Messenger App
Facebook Introduces New Features for End-to-End Encrypted Messenger AppMeta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in...
Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability
Apple Issues Updates for Older Devices to Fix Actively Exploited VulnerabilityApple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence...
Emotet Malware Makes a Comeback with New Evasion Techniques
Emotet Malware Makes a Comeback with New Evasion TechniquesThe Emotet malware operation has continued to refine its tactics in an effort to fly under the radar,...
Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
Security Navigator Research: Some Vulnerabilities Date Back to the Last MillenniumVulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still...
FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto TheftThe U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors...
Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade DetectionOrganizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing...
VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities
VMware Releases Patches for Critical vRealize Log Insight Software VulnerabilitiesVMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs)...
LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised
LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups CompromisedLastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups...
North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks
North Korean Hackers Turn to Credential Harvesting in Latest Wave of CyberattacksA North Korean nation-state group notorious for crypto heists has been attributed to a new...