Tag

Naked
This week we bring you the podcast from our makeshift home studios (pillow forts). We discuss Dharma ransomware, the tour guide who turned out to be a Chinese spy, and why thousands of dark web sites suddenly vanished. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon, Peter Mackenzie and me. Listen...
Read More
Researchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math. That’s “math” as in “calculations relating to” and “rank” as in “search engine rating”, not “rank math” as in a real stinker of a calculus problem. The creators of...
Read More
Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Here’s one: fake bitcoin QR generators. According to web developer and cryptocurrency enthusiast Harry Denley, a wily scammer has been operating a network of fake bitcoin QR code generators...
Read More
On Monday, a video of former Microsoft CEO Bill Gates could be found playing on multiple YouTube channels that were broadcasting a well-known cryptocurrency Ponzi scam, ZDNet reported. The channels had apparently been hijacked from their rightful owners and renamed to make it sound like they were Microsoft brands. Microsoft has “vehemently” denied the suggestion...
Read More
A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers. Other examples of this type of router software include DD-WRT...
Read More
Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people. The hotel chain says it uses an application to help provide services to its guests. Beginning mid-January this year, the login credentials of two employees at a franchised property were used to access guest information on this...
Read More
Personally identifiable information (PII) belonging to more than 4.9 million people from the country of Georgia – including full names, home addresses, dates of birth, ID numbers, and mobile phone numbers, including that of dead people – was published on a hacking forum on Saturday. That’s more than the current total estimated population: according to...
Read More
Today is, wait for it, drum roll, please… …World Backup Day. You knew that already, didn’t you? So you’re way ahead of us here, with your backups neatly done and safely stored away. Or perhaps not, because sorting out your backups is a bit like taking the garbage out or washing the dog – you...
Read More
Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routers and their management software that admins will want to apply as soon as possible. SD-WAN is a technology that allows large companies to manage different types of Wide Area Network (WAN) communications links such as carrier MPLS, conventional broadband, and mobile 4G as...
Read More
If you follow @NakedSecurity on Twitter, you’ll have noticed that we warned last week about an old WhatsApp hoax that suddenly reappeared. The bogus news is generally known as the “Martinelli hoax”, because it starts like this: If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a...
Read More
Fake news, bogus miracle cures: Facebook has been dealing with a lot, and COVID-19 isn’t making it any easier. Like many other companies, Facebook is trying to keep its employees safe by allowing them to opt for working remotely, so as to avoid infection. But when humans are taken out of the content moderation loop,...
Read More
Notice anything missing from last week’s Microsoft Patch Tuesday? Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant’s monthly schedule. It’s mostly a practical convenience – admins and end-users get all the...
Read More
Welcome to Hong Kong, traveler, and to the mandatory, Disney MagicBand-esque tracking wristband we’re about to slap onto your potentially infectious arm. The city-state had already been requiring arrivals from mainland China to self-isolate at home for 14 days. But as the area undergoes a COVID-19 resurgence, mostly brought in by travelers coming from European,...
Read More
It’s the COVID-19 shortage nobody expected – not toilet rolls, tinned goods or headache pills this time but Google software engineers. It’s a problem that many believe explains the abrupt decision by Google to delay the release of Chrome 81, the stable version of which was scheduled to start appearing on users’ computers on 17...
Read More
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week. Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones. Software developers can access it using an application programming interface...
Read More
With so much of the world self-isolating, physically distancing themselves from others and remotely working from home, people are flocking to remote-work apps such as Microsoft, Slack and Zoom – anything that can make them feel connected by teleconference or videoconference. Well, hang on to your hats, hosts: before you set up meetings, you need...
Read More
This week, Duck advises on how to keep your company safe while working remotely, Peter discusses malwareless ransomware attacks, and Mark shares the latest in the EARN IT saga. Host Anna Brading is joined by Sophos experts Paul Ducklin, Peter Mackenzie and Mark Stockley. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip...
Read More
In 2017, the Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit looking to force the FBI and the National Institute of Standards and Technology (NIST) to cough up info about Tatt-C (also known as the Tattoo Recognition Challenge): a tattoo recognition program that involves creating an “open tattoo database” to use...
Read More
Thanks to Michelle Farenci and the Sophos Security Team for their help with this article. Cybercriminals really do know no limits. Remember sextortion, where they say they’ll spam your friends and family with x-rated photos of you that they got via malware? At least, they will unless you pay them $2000. Well, the Sophos Security...
Read More
Cryptojacking may not be entirely dead following the shutdown of a notorious cryptomining service, but it isn’t very healthy, according to a paper released this week. Cryptomining websites embed JavaScript code that forces the user’s browser to begin mining for cryptocurrency. The digital asset of choice is normally Monero, which is often used in cybercrime...
Read More
1 2 3 10
nationalcybersecurity.com

FREE
VIEW