Spyware merchants: the risks of outsourcing government hacking
Padlokr – Monique Mann, Queensland University of Technology; Adam Molnar, Deakin University, and Ian Warren, Deakin University An Australian Tax Office (ATO) staffer recently leaked on LinkedIn a step-by-step guide
Hunting hackers: An ethical hacker explains how to track down the bad guys
Padlokr – Timothy Summers, University of Maryland When a cyberattack occurs, ethical hackers are called in to be digital detectives. In a certain sense, they are like regular police detectives
Can your mobile phone get a virus? Yes – and you’ll have to look carefully to see the signs
Padlokr – Ritesh Chugh, CQUniversity Australia With nearly 84% of the world’s population now owning a smartphone, and our dependence on them growing all the time, these devices have become
Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber player
Padlokr – Paul Haskell-Dowland, Edith Cowan University In the 2022 federal budget, Treasurer Josh Frydenberg launched a range of vote-winning initiatives – one of which included a breathtaking A$9.9 billion
5 Casual Games You Can Play on Your Mobile Browser Now
Online gaming has always been the buddy of leisure time because they allow us to bring some enjoyment to our lives after spending some hectic time. That’s why online games
A Short Guide to Understanding the Exciting Realm of Fintech
Fintech is skyrocketing in popularity, posing the first serious challenge to legacy financial institutions. What is it & how does it work? Find out here. What is Fintech & How
There’s no code of ethics to govern digital forensics – and we need one
Padlokr – John J Sloan, III, University of Alabama at Birmingham Let me begin with a disclaimer: I am neither a digital forensics practitioner nor do I play one on
SolarWinds ready to move past breach and help customers manage theirs
Written by Eileen Yu, Contributor Eileen Yu Contributor Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently an
Avoiding Risks by Using Secure Online Crypto Platform
Cryptocurrency theft has become a common issue in the online trading space, thus making most investors take a step back in their cryptocurrency ventures. While this trading venture continues to
Threat Roundup for May 13 to May 20
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 13 and May 20. As with previous roundups, this post isn’t meant to be an
A year after report, task force urges U.S. to keep ransomware on front burner
Written by Tonya Riley May 20, 2022 | CYBERSCOOP The federal government has made strides in deterring ransomware over the past year, but still has a number of milestones to
Beware of Fake Windows 11 Downloads Distributing Vidar Malware
Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer. According to the cybersecurity firm Zscaler ThreatLabz, threat actors are trying to install info stealing malware on users’ devices
Pro-Russian Hackers Hit Critical Government Websites in Italy
Hacker group Killnet has targeted approximately 50 Italian institutions, including the council of judiciary Read More: https://www.infosecurity-magazine.com/news/pro-russian-hackers-italy/
DoJ: White Hat Hackers Will No Longer Face Prosecution
“Good faith” hackers will no longer face prosecution under the CFAARead More: https://www.infosecurity-magazine.com/news/doj-white-hat-hackers-prosecution/
This app shows you how to make your iPhone more secure better than Apple does
Written by Adrian Kingsley-Hughes, Contributor Adrian Kingsley-Hughes Contributor Adrian Kingsley-Hughes is an internationally published technology author who has devoted over two decades to helping users get the most from technology
Microsoft's out-of-band patch fixes Windows AD authentication failures
Microsoft has released an out-of-band patch to fix authentication failures on Windows after installing the May 10, 2022 security update on Windows Server domain controllers. The new update should fix
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. Infosec Insiders columnist Daniel Kaar, global director application security
Conti Ransomware Shuts Down and Rebrands Itself
The infamous ransomware gang known as the Conti group has effectively brought an end to their operation by taking their infrastructure down and informing their team leaders that the brand
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access. More than 380,000 Kubernetes API servers allow some kind
Does disk encryption slow down your PC? [Ask ZDNet]
If you forget your password, you are indistinguishable from a hostile intruder and you will be treated as such, which means you will be locked out from your encrypted data.
Modern “Smart” Farm Machinery Vulnerable to Cyber-Attackers
A new report warns hackers could exploit flaws in agricultural hardware used to plant and harvest cropsRead More: https://www.infosecurity-magazine.com/news/modern-smart-farm-machinery-cyber/
Ransomware Hits Media Giant Nikkei’s Asian Unit
Nikkei has recently announced that a ransomware attack impacted the Singapore group’s headquarters on May 13. According to the public statement: Unauthorized access to the server was first detected on
Fake domains offer Windows 11 installers – but deliver malware instead
Security researchers have found a new collection of phishing domains offering up fake Windows 11 installers that actually deliver information-stealing malware. Cybersecurity firm Zscaler said that newly registered domains appeared
Microsoft: This botnet is growing fast and hunting for servers with weak passwords
Microsoft has seen a 254% increase in activity over the past few months from XorDDoS, a roughly eight-year-old network of infected Linux machines that is used for distributed denial of
UK Sextortion Cases Doubled in 2021
The UK’s Revenge Porn Helpline received 1124 reports of sextortion last year, compared to 593 in 2020Read More: https://www.infosecurity-magazine.com/news/uk-sextortion-cases-doubled/
“Alarming” Surge in Conti Group Activity This Year
Ivanti observed a 7.6% rise in the number of vulnerabilities tied to ransomware, most of which were exploited by ContiRead More: https://www.infosecurity-magazine.com/news/alarming-conti-group-activity/
India reaffirms commitment to new cybersecurity rules
Image: Ministry of Electronics and Information Technology India has reaffirmed its commitment to new cybersecurity rules under a directive from the country’s computer emergency response team — known as Cert-In
Twitter to hide misleading tweets under new crisis response policy
Written by Aimee Chanthadavong, Senior Journalist Aimee Chanthadavong Senior Journalist Since completing a degree in journalism, Aimee has had her fair share of covering various topics, including business, retail, manufacturing,
Canada to ban Huawei and ZTE and tell telcos to rip out 5G and 4G equipment
Written by Chris Duckett, APAC Editor Chris Duckett APAC Editor Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer.
Why you should be using secure DNS on your Chromebook
Written by Jack Wallen, Contributing Writer Jack Wallen Contributing Writer Jack Wallen is what happens when a Gen Xer mind-melds with present-day snark. Jack is a seeker of truth and
US Justice Department says it won't prosecute white-hat hackers under the CFAA
Good-faith security researchers no longer have to worry about being prosecuted under the Computer Fraud and Abuse Act, the US Justice Department said on Thursday. The federal agency released a
Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1
Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also hacked on day one of PWN2OWN 2022 in Vancouver. Pwn2Own is a
Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. I will openly admit that I still own a “classic” iPod — the giant brick that weighed down
New Robo-Dialing Campaign Lets Users Prank Call Russian Bureaucrats
If you want to prevent Russian officials from performing their government duties, there’s a website that can fulfill your desire. What is WasteRussianTime.today? A group of hacktivists going by the
CISA Issues Emergency Directive for VMware Vulnerabilities
Federal agencies have until May 23 to mitigate the vulnerabilitiesRead More: https://www.infosecurity-magazine.com/news/cisa-emergency-directive-vmware/
Ransomware Targets Higher Education Institutions
Higher education institutions may be regarded as out-of-scope targets for ransomware operators, however, the trends show that things are quite the opposite. Three distinct colleges have been hit with ransomware.
Cyberattacks and misinformation activity against Ukraine continues say security researchers
The cyber offensive against Ukraine continues with malware attacks and the spread of misinformation, according to security researchers. So far, Russian, pro-Russian, and Belarusian cyberattackers have employed the most comprehensive
Innovative Tech Solutions Will Transform the Way We Use Data
All the world collects information, but few businesses know how to use it truly effectively. Gathering data is the easy—and inexpensive—part. What’s harder is determining how to analyze the information
Mandiant: Belarusian disinformation operation pushes phony organ harvesting tale
Written by AJ Vicens May 19, 2022 | CYBERSCOOP A hacking group associated with the government of Belarus and aligned with Russian interests “leveraged compromised assets” to push a false
Microsoft President: Cyber Space Has Become the New Domain of Warfare
Brad Smith argues that the Russia-Ukraine war marks significant shift in way warfare is conductedRead More: https://www.infosecurity-magazine.com/news/microsoft-cyberspace-domain-warfare/
Apple spits at Facebook, Google and, oh, the whole internet really
She’s shocked, I tell you. So shocked. Screenshot by ZDNet Does Apple really care about you? Overall, though, the company has done an excellent job of positioning itself as the
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. A critical privilege escalation flaw found in two themes used by more than 90,000
This Russian botnet does far more than DDoS attacks – and on a massive scale
An investigation into the Fronton botnet has revealed far more than the ability to perform DDoS attacks, with the exposure of coordinated inauthentic behavior “on a massive scale.” On Thursday,
FSB's Fronton DDoS tool was actually designed for widespread 'massive' fake info campaigns, researchers say
Written by AJ Vicens May 19, 2022 | CYBERSCOOP In March 2020, a Russian hacktivist group published a dozen documents showing that the Russian Federal Security Service was seeking technology
Attackers Can Unlock Tesla Cars and Smart Devices by Exploiting Bluetooth Flaws
Research reveals that cars, homes, and personal data of those depending on Bluetooth proximity authentication mechanisms to protect their smart devices are at risk. The IT security researchers at Manchester,
Specialists Spend a Lot of Time Fixing Security Flaws that Could Have Been Prevented
Security flaws frequently appear during the software development process and then reappear after an application has been deployed. The upsetting part is that in many cases, with the suitable approaches
Jupiter Plugin Vulnerabilities Enable Hackers to Hijack Websites
Privilege escalation is a malicious tactic to misuse an app or OS issue or configuration problem to get unauthorized access to sensitive information by taking over a user’s account that would
Bitdefender Threat Debrief | May 2022
MDR Insights The MDR intelligence cell recognizes the threat that comes with homograph domains used in phishing attacks. Our monitoring looks for homograph activity targeting the MDR customer base. Although