News
-
4 ways cybercriminals hide credential stuffing attacks
Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. High account usage, password reuse, and vast volumes of breached credentials on the dark web create the perfect storm for cybercriminals to carry out credential stuffing campaigns, while tactics used…
-
Smashing Security podcast #257: Pokemon-hunting cops and the Spine Collector scammer
Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing? All this and much more is discussed in the latest edition of…
-
Hackers raided Panasonic server for months, stealing personal data of job seekers
Technology giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. Read more in my article on the Hot for Security blog. Read More
-
Faking an iPhone Reboot
Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown.…
-
Microsoft touts first PCs to ship natively with secure Pluton chip
Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud. Read More
-
Is fighting cybercrime a losing battle for today’s CISO?
At times, the quest to stay on top of web application security can seem futile. It seems as though the adversaries are always a step ahead, and all we can do is try our best to contain the breaches. In this blog, we’ll look at the root causes of concern for today’s CISO and share…
-
Who is the Network Access Broker ‘Wazawaka?’
In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This…
-
The Dark Web: A Definitive Guide
The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes,…
-
What to Do If Your Identity Has Been Stolen
We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills. While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or…
-
‘Wormable’ Flaw Leads January 2022 Patch Tuesday
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no…