-
Using Foreign Nationals to Bypass US Surveillance Restrictions
PRIVACY PRIVACY Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. What’s most…
-
Hackers are posting out malicious USB drives to businesses
PRIVACY PRIVACY A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. Read more in my article on the Tripwire State of Security blog. Read More
-
FBI arrests social engineer who allegedly stole unpublished manuscripts from authors
PRIVACY PRIVACY On January 5, 2022, the Department of Justice (DoJ) announced the FBI’s arrest of Italian citizen Filippo Bernardini at JFK International Airport in New York for wire fraud and aggravated identity theft. With the arrest of Bernardini, the DoJ unsealed a grand jury indictment dated July 14, 2021, of Bernardini that revealed a…
-
4 ways cybercriminals hide credential stuffing attacks
PRIVACY PRIVACY Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. High account usage, password reuse, and vast volumes of breached credentials on the dark web create the perfect storm for cybercriminals to carry out credential stuffing campaigns, while…
-
Smashing Security podcast #257: Pokemon-hunting cops and the Spine Collector scammer
PRIVACY PRIVACY Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing? All this and much more is discussed in the latest…
-
Hackers raided Panasonic server for months, stealing personal data of job seekers
PRIVACY PRIVACY Technology giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. Read more in my article on the Hot for Security blog. Read More
-
Faking an iPhone Reboot
PRIVACY PRIVACY Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a…
-
Microsoft touts first PCs to ship natively with secure Pluton chip
PRIVACY PRIVACY Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud. Read More
-
Is fighting cybercrime a losing battle for today’s CISO?
PRIVACY PRIVACY At times, the quest to stay on top of web application security can seem futile. It seems as though the adversaries are always a step ahead, and all we can do is try our best to contain the breaches. In this blog, we’ll look at the root causes of concern for today’s CISO…
-
Who is the Network Access Broker ‘Wazawaka?’
PRIVACY PRIVACY In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access…