News

Let's Encrypt, a free, automated, and open certificate signing authority (CA) from the nonprofit Internet Security Research Group (ISRG), has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million in June 2017. Since late last year, Let's Encrypt has issued at least 1.2 million

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack — named "IMPersonation Attacks in 4G NeTworks" (or IMP4GT) — exploits the mutual authentication

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for the same, Google also advised using an easy-to-implement security library available as part of its

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of

You are a cybersecurity professional with the responsibility to keep your organization secured, you know your job chapter and verse, from high level reporting duties to the bits and bytes of what malware targeted your endpoints a week ago. But it's a lot to hold in one's mind, so to make your life easier, The Ultimate Security Pros' Checklist, created by Cynet, provides you with a concise and

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly double the number detected during Q4 2018. Hackers have evolved their methods, from regular phishing

Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian. If this news hasn't gotten you excited yet... Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and

Google has banned nearly 600 Android apps from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines. The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions," such as a full-screen ad served when attempting to make a phone call. Although

Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the

Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle offers 93 hours of essential knowledge. You can pick up all 5 courses now for only $39.99 via the THN

Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software.

Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed

A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed "Fox Kitten," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering (click here to learn more) based on more than 72 hours of data collection, enabling

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development

Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements.

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple

The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US

Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate

  Today, almost every computer user leverages a variety of web browsers to surf the internet — Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari are some of the popular browsers in use in recent times. It is very important to configure internet browser(s) in a secure way because vulnerable web…

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few…

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with…

Very recently, the Coronavirus that apparently originated from the Wuhan province in China has created pandemonium across the world creating an atmosphere of a health crisis for the global populace. As the news of the deadly Coronavirus creates waves of panic across the globe, cyberattackers are lurking into this phenomenon…

In the last two days, we have received reports from Windows 7 users who have been unable to shut down or restart their PC and ran into the below error. While the exact cause of the issue is yet to be ascertained there is no official confirmation from Microsoft yet….

Introduction to IoT This blog describes one of the current disruptive technologies in the market, i.e. IoT (Internet of Things) devices. The Internet of things (IoT) is the Internet of connected physical devices, vehicles, appliances and everyday objects that can collect & share information without any intervention. Due to IoT…

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could…

Phishing email still remains one of the top malware propagation medium. Recently, we came across an interesting phishing email containing couple of Jumpshare links pointing to malicious components. Jumpshare is an online file sharing service and often cyber criminals abuse these kind of file sharing services. Upon clicking on one of the links in…

From past few months at Quick-Heal Labs, we have been observing a sudden rise in Spear Phishing mail containing distinct file formats as attachment like IMG, ISO, etc. These new types of attachments are mainly used to deploy some well-known and older Remote Access Trojans. The subject of these emails…

Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is…

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

If last week was the week where I felt like I was drowning in data that was still being processed, this week was the week where it came to light. Not all of it, mind you, I've still got ginormous volumes I'm disclosing but it certainly was a whole heap

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Back in 2016, I wrote a blog post about the Martin Lewis Money Show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. They'd given me a heads up as apparently, that's what the program

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

On reflection, I feel this week's update was dominated by having a laugh at an IoT candle 😂 And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

This week I'm at Microsoft Ignite "The Tour" in Sydney with Lars Klint. I've spent most of the last couple of days doing the "hallway track" (basically just wandering around and saying "hi" to people) and doing a bunch of meetings with folks here on cyber things. I didn't mention

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

I don't know exactly why the recent uptick, but lately I've had a bunch of people ask me if I've tried the Brave web browser. Why they'd ask me that is much more obvious: Brave is a privacy-focused browser that nukes ads and trackers. It also has some cool built-in

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Today is Safer Internet Day which marks the annual occurrence of parents thinking about their kids' online presence (before we go back to thinking very little about it tomorrow!) It's also the day the Courier-Mail here in my home state of Queensland published a piece on sharenting or as Wikipedia

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

I've got audio! Ok, so I cheated a bit in terms of recording back in the home office, but the plugs I need to make the Zoom H6 work the way it should (and yeah, I know I said "Rode" H6 in the vid, sorry!) are on the way and

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Well that's the audio issues fixed - mostly. The Zoom H6 is an awesome recorder, I just can't quite work out the right adaptors for the mic. I've got a couple of Saramonic SR-XLM1 lav mics and the guy at the DJ store I bought the Zoom from was convinced

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics. In that post I shared a photo of my then 6-year-old son Ari holding a

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

In a continued bid to make breach data available to the government departments around the world tasked with protecting their citizens, I'm very happy to welcome the first country onto Have I Been Pwned for 2020 - Denmark! The Danish Centre for Cyber Security (CFCS) joins the existing 7 governments

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

This is a blog post about disclosure, specifically the difficulty with doing it in a responsible fashion as the reporter whilst also ensuring the impacted organisation behaves responsibly themselves. It's not a discussion we should be having in 2020, a time of unprecedented regulatory provisions designed to prevent precisely the

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online

I couldn't get 2 days into the new decade without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that

ESET research uncovers a vulnerability in Wi-Fi chips – How to protect yourself against tax refund fraud – Clearview AI suffers a data breach

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

People in other parts of the world also have the option to flip on DNS encryption

The post Firefox turns on DNS over HTTPS by default for US users appeared first on WeLiveSecurity

The digital age has added a whole new dimension to hurtful behavior, and we look at some of the key features that set in-person and online bullying apart

The post Cyberbullying: How is it different from face‑to‑face bullying? appeared first on WeLiveSecurity

The startup came under scrutiny after it emerged that it had amassed 3 billion photos from social media for its facial recognition software

The post Facial recognition company Clearview AI hit by data theft appeared first on WeLiveSecurity

What the human battle against biological viruses can teach us about fighting computer infections – and vice versa

The post RSA 2020 – Hacking humans appeared first on WeLiveSecurity

With tax season – and tax scams – in full swing, here’s how fraudsters can steal your tax refund, and how you can avoid becoming a victim

The post Did someone file your taxes before you? appeared first on WeLiveSecurity

With earnings of top ethical hackers surpassing hundreds of thousands of dollars, some would say yes

The post Is bug hunting a viable career choice? appeared first on WeLiveSecurity

ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices

The post KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices appeared first on WeLiveSecurity

Do social media listen in on our conversations in order to target us with ads? Or are we just a bit paranoid? A little test might speak a thousand words.

The post Is your phone listening to you? appeared first on WeLiveSecurity

Hunting down Linux threats – The implications of DNS encryption for business security – MGM Resorts breach hits millions of people

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

What are the main security threats facing Linux? A Q&A with ESET Senior Malware Researcher Marc‑Etienne M.Léveillé, whose work has been instrumental in uncovering a number of malware strains hitting Linux servers.

The post Up close and personal with Linux malware appeared first on WeLiveSecurity

A number of celebrities, government officials and tech CEOs were also caught up in the incident

The post MGM Resorts data breach exposes details of 10.6 million guests appeared first on WeLiveSecurity

Malicious code is nothing to worry about on Linux, right? Hold your penguins. How Linux malware has gone from the sidelines to the headlines.

The post Linux and malware: Should you worry? appeared first on WeLiveSecurity

The dawn of the DNS over HTTPS era is putting business security and SOC teams to the challenge

The post What DNS encryption means for enterprise threat hunters appeared first on WeLiveSecurity

Other leaked records include videos, facial and body scans, as well as a range of patients' personal data

The post Sensitive plastic surgery photos exposed online appeared first on WeLiveSecurity

A fix is available, so you may want to make sure that you run the plugin’s latest version

The post Plugin flaw leaves up to 200,000 WordPress sites at risk of attack appeared first on WeLiveSecurity

The same hackers have also gotten their mitts on social media accounts of other high-profile sporting targets

The post FC Barcelona Twitter account hacked – again appeared first on WeLiveSecurity

How to spot and online dating scam – Almost 100 vulnerabilities fixed this Patch Tuesday – Cyber-risks in esports

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

WhatsApp also emerges as a favorite target for brand impersonation amid a general spike in social media phishing

The post PayPal remains the most‑spoofed brand in phishing scams appeared first on WeLiveSecurity

What are some of the most common warning signs that your online crush could be a dating scammer?

The post How romance scammers break your heart – and your bank account appeared first on WeLiveSecurity

On the upside, the Bureau recovered more than US$300 million in funds lost to online scams last year

The post FBI: Cybercrime losses tripled over the last 5 years appeared first on WeLiveSecurity

That’s for apps from third-party marketplaces; another 790,000 policy-breaking apps were stopped from reaching Google Play

The post Almost 2 billion malware installs thwarted by Google Play Protect in 2019 appeared first on WeLiveSecurity

What are some of the common signs that your children may be screen addicts and what can you do to limit their screen time?

The post Digital addiction: How to get your children off their screens appeared first on WeLiveSecurity

February may be the shortest month of the year, but it brings a bumper crop of patches

The post Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws appeared first on WeLiveSecurity

If you’re looking to become a pro gamer, there are risks you shouldn’t play down

The post Competing in esports: 3 things to watch out for appeared first on WeLiveSecurity

How digital forensics helps bring criminals to justice – Beef up your Facebook privacy – Take a quiz to test your phish-spotting prowess

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction

The post Critical Bluetooth bug leaves Android users open to attack appeared first on WeLiveSecurity

The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13

The post Facebook now lets parents monitor their children’s chats appeared first on WeLiveSecurity

What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice.

The post How to catch a cybercriminal: Tales from the digital forensics lab appeared first on WeLiveSecurity

A helmet may not be enough to keep you safe(r) while riding an e-scooter

The post Electric scooters vulnerable to remote hacks appeared first on WeLiveSecurity

As Facebook turns 16, we look at how to keep your personal information safe from prying eyes

The post Facebook privacy settings: Protect your data with these tips appeared first on WeLiveSecurity

As the tide of phishing attacks rises, improving your scam-spotting skills is never a bad idea

The post Would you get hooked by a phishing scam? Test yourself appeared first on WeLiveSecurity

ESET research into a campaign of the Winnti Group – The FBI warns of a job scam – What IoT legislation means for device makers and users

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

As the teams prepare to battle it out on the gridiron, fraudsters are waiting to intercept your funds

The post Don’t get sacked! Scams to look out for this Super Bowl appeared first on WeLiveSecurity

ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware

The post Winnti Group targeting universities in Hong Kong appeared first on WeLiveSecurity

No more default logins on new IoT devices if UK legislators get their way

The post IoT laws are coming: What to expect appeared first on WeLiveSecurity

The league and scores of teams were caught off-guard by the re-emergence of an infamous hacking group

The post Hackers blitz social media accounts of 15 NFL teams appeared first on WeLiveSecurity

Have you had a Google Privacy Checkup lately? If not, when better than Data Privacy Day to audit the privacy of your Google account?

The post How to take charge of your Google privacy settings appeared first on WeLiveSecurity

Cybercriminals are putting a new twist on an old trick

The post Job hunting? Beware hiring scams using spoofed company websites appeared first on WeLiveSecurity

Zero-day in Internet Explorer – Microsoft cloud leaked big – Dating apps accused of sharing user data with advertisers

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The browser's anti-tracking feature could apparently give access to users’ browsing habits

The post Google: Flaws in Safari’s privacy tool could enable tracking appeared first on WeLiveSecurity

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection

The post Microsoft exposed 250 million customer support records appeared first on WeLiveSecurity

Some of the most popular dating services may be violating GDPR or other privacy laws

The post Dating apps share personal data with advertisers, study says appeared first on WeLiveSecurity

Are you looking to hide in plain sight? Here’s a rundown of three options for becoming invisible online

The post 3 ways to browse the web anonymously appeared first on WeLiveSecurity

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a fix

The post New Internet Explorer zero‑day remains unpatched appeared first on WeLiveSecurity

Microsoft plugs a serious hole in Windows – Your options after Windows 7 end of life – iPhones as security keys for Google accounts

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A subscription to the trove of personal details could be had for as little as $2

The post FBI shuts down website selling billions of stolen records appeared first on WeLiveSecurity

And it doesn’t require much more than downloading a dedicated app

The post You can now turn your iPhone into a Google security key appeared first on WeLiveSecurity

An ESET-commissioned survey sheds light on the browsing habits of Australians and how they protect themselves online

The post Cyberawareness in Australia: The good and the bad appeared first on WeLiveSecurity

The company will also soon launch anti-fingerprinting measures aimed at detecting and mitigating covert tracking and workarounds

The post Google to end support for third‑party cookies in Chrome appeared first on WeLiveSecurity