Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: Protection

California Man Arrested for Politically Motivated DDoS

The distributed denial-of-service attacks took a congressional candidate’s website offline for a total of 21 hours during the campaign for office. A man in Santa Monica, Calif., has been arrested for launching a series of attacks on the website of a California congressional candidate. Arthur Jan Dam is charged with one federal count of  intentionally damaging and attempting to damage a protected computer. According to the arrest affidavit, Dam was responsible for four distributed denial-of-service (DDoS) attacks on the candidates’ Web server, taking the site offline for a total of 21 hours during the campaign in 2018. Dam, it Read more…


Text message package scam delivers more than your business bargained for

There’s a text message scam making the rounds that could target your mail room staff, receptionist, or other employees. The FTC has tips on how you can protect your business. Our Consumer Blog describes a text message people are receiving that claims to be a FedEx tracking notice. In variations on the scheme, fraudsters also are falsely invoking the names of UPS and the U.S. Postal Service. According to the text, there’s a “delivery” that needs to be scheduled by clicking on a link. From there, people are taken to an “Amazon” page, which invites them to complete a customer Read more…


The Amazon Prime phishing attack that wasn’t…

by Paul Ducklin Earlier this week, we received a moderately believable Amazon Prime phish via email. The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account. To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t complete the verification process within 24 hours, then our account would be deactivated, not merely suspended. The “good” news, of course, is that verifying our account was as easy as clicking a link in the Read more…


Data of 10.6m MGM hotel guests posted for sale on Dark Web forum

by Lisa Vaas The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports. It doesn’t matter that the data isn’t freshly baked: it’s still edible. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as “the right person answered the phone.” The data was first spotted by an Israeli security researcher calling themselves Under the Breach who claims to have “deep relations” with Read more…


Freedom Hosting owner pleads guilty to distributing child abuse images

by John E Dunn The man arrested for running what was once believed to be the largest child abuse hosting provider on the dark web, has pleaded guilty in a US court to the charge of advertising child pornography. That service was Freedom Hosting and the man who operated it from its founding in 2008 until his arrest in Ireland in 2013 was dual US-Irish national, Eric Eoin Marques. Extradited to the US last year, what Marques has admitted to carries a mandatory sentence of 15 years, with up to double that possible when he is sentenced by a Read more…


Facebook’s Twitter and Instagram accounts hijacked

by John E Dunn Last Friday, in full glare of the world, Facebook admins suddenly found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts from attackers that had defaced them. Normally, these accounts trumpet new platform features or other assorted worthy accomplishments. But on Friday afternoon, a different type of tweet suddenly appeared: Hi, we are OurMine Well even Facebook is hackable but at least their security better than Twitter. The now deleted message continues by offering the services of OurMine to anyone wanting to improve their account security. The same group’s logo Read more…


Self-driving car dataset missing labels for pedestrians, cyclists

by Lisa Vaas A popular self-driving car dataset for training machine-learning systems – one that’s used by thousands of students to build an open-source self-driving car – contains critical errors and omissions, including missing labels for hundreds of images of bicyclists and pedestrians. Machine learning models are only as good as the data on which they’re trained. But when researchers at Roboflow, a firm that writes boilerplate computer vision code, hand-checked the 15,000 images in Udacity Dataset 2, they found problems with 4,986 – that’s 33% – of those images. From a writeup of Roboflow’s findings, which were published Read more…


FBI: Cybercrime tore a $3.5b hole in victims’ pockets last year

by Lisa Vaas Why do online swindlers rob people over the age of 60? Because that’s where the money is. According to the FBI’s 2019 Internet Crime Report, released on Tuesday by the bureau’s Internet Crime Complaint Center (IC3), the total amount of money clawed out of victims through a smorgasbord of cybercrime types just keeps climbing, with 2019 bringing both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000. Those of us with gray hair tend to have the most money, and thus we have the dubious honor Read more…


Google to force Nest users to turn on 2FA

by Lisa Vaas Nest owners, if you aren’t already flying with two-factor authentication (2FA) on your accounts, get ready for Google to push you into spreading those security wings. On Tuesday – which, appropriately enough, was Safer Internet Day – Google announced that in the spring (or in the fall, for those in the Southern Hemisphere), it will start forcing users of its Nest webcams and other products to use 2FA to secure their accounts. Nest users who haven’t yet enrolled in the 2FA option or migrated to a Google account will be required to take an extra step Read more…


Heading to RSA: NSA Brings Innovative Ideas to Cybersecurity Industry

FORT MEADE, Md., Feb. 12, 2020 — The breadth of talent and expertise across the private industry offers vast potential for collaboration. The RSA Conference — an annual security gathering hosting educational, professional, networking, and awards programs — offers one of the largest opportunities for NSA to bolster partnerships and continue to build understanding of shared risk, increase ongoing cooperation, and further expand opportunities, which is why the Agency will be joining participants again this year. Last year, during RSA Conference 2019, NSA released the highly praised open-source program, Ghidra, which has since garnered over half a million downloads. Read more…


Do I really need additional email security when using Office 365?

This is probably the most common question I get asked today! What customers are really asking is “Can I rely on the built-in security capabilities in Office 365 or do I still need to run a 3rd party email security solution such as a Secure Email Gateway?” And the answer — well that depends; every customer’s environment is different. Do I have to go to the Cloud? But first, let’s get the most common misconception out of the way. While it is more efficient to run your email security gateway in the cloud, close to your Office 365 tenancy, Read more…


5 tips for you and your family on Safer Internet Day

by Paul Ducklin No matter how safe and secure you feel when you use your computer, there’s always room for improvement. Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you’ve been putting off… …such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates, making backups of your most important files, and revisiting your privacy settings in case you’re oversharing by mistake? So, let’s go through those five tweaks one-by-one – they’re easier than you think, and much less hassle than you might fear. 1. PICK PROPER PASSWORDS Read more…


5 tips for businesses on Safer Internet Day

by Paul Ducklin Safer Internet Day is here! Note that it’s more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, “Cybersecurity is a journey, not a destination,” and that’s why we have SAFER internet day – it’s all about getting BETTER at cybersecurity, no matter how safe you think you are already. So here are five things you can do in your business, regardless of its size, to help you and your colleagues keep ahead of the cybercrooks. Read more…


Next on the regulatory review roll

It can be one of the biggest expenditures a consumer makes. It’s a uniquely sensitive transaction. And it’s covered by an FTC Rule. We’re talking about funerals and the FTC has just announced that as part of its ongoing regulatory review process, it’s taking another look at the Funeral Industry Practices Rule. In effect since 1984 and last amended in 1994, the Funeral Rule is designed to protect consumers from deception and unfairness. In promulgating the Rule, the FTC observed that shopping for funeral goods and services is different from other purchases. Consumers may lack familiarity with the transaction. Read more…


Google software glitch sent some users’ videos to strangers

Google has said a software bug resulted in some users’ personal videos being emailed to strangers. The flaw affected users of Google Photos who requested to export their data in late November. For four days the export tool wrongly added videos to unrelated users’ archives. As a result, private videos may have been sent to strangers, while downloaded archives may not have been complete. “We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25,” a Google spokesperson said. “These users may Read more…


NIST tests methods of recovering data from smashed smartphones

by John E Dunn Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones. And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means nothing if the internal memory chips remain in working order. The forensic engineers who help police gather evidence understand this even if it’s not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of Read more…


Twitter hands over student’s account to his college

by Lisa Vaas No, we do not police the social media activity of our students, a New York university said last week, and yes, we have a sense of humor – remember the banana we taped to the wall in the student union and then posted on Instagram? That was part of a Twitter stream posted by the State University of New York (SUNY) College at Geneseo, defending itself after a student’s parody account of the college – originally called @SUNYGenseeo, switched to NOT SUNY Geneseo, and now renamed geneseo’s #1 fan – was hijacked. The account’s rightful owner Read more…


Google’s Super Bowl ad will make you cry. Or wince.

by Lisa Vaas “How to not forget,” is typed into a Google search bar. That’s the simple way that Google started its Super Bowl ad, which featured an elderly man’s voice as he asked Google Assistant to help him remember details about his late wife. [youtube https://www.youtube.com/watch?v=6xSxXiHwMrg?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] The narrator laughs as the ad goes on to show a photo of a younger, moustachioed version of himself with “Loretta.” “Remember, Loretta hated my moustache,” he says in a way that makes the viewer think that the man is sitting around with his friends or family, sweetly reminiscing. But while you Read more…


200K WordPress Sites Vulnerable to Plugin Flaw

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


FTC alleges deception in “unbiased” review site’s ratings and rankings

Top picks, star ratings, in-depth reviews. Many consumers don’t buy anything without consulting third-party review sites or checking out the opinions of other customers. But how often are those ratings the product of buying and selling between the “independent” site and companies willing to pay for better play? And are those reviews really from satisfied customers or are they from employees acting on instructions to stuff the ballot box with five-star ratings? Those are the allegations in a lawsuit against LendEDU, a site the FTC says falsely claimed to offer “objective” evaluations of financial products. Does the proposed settlement Read more…


Ashley Madison Breach Extortion Scam Targets Hundreds

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Apple proposes simple security upgrade for SMS 2FA codes

by John E Dunn Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company’s Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website. This dodges today’s hazard that phishing websites can first fool people into entering their password and username, before asking them to submit Read more…


FTC warns VoIP providers that help robocallers: we can and will sue

by Lisa Vaas How many illegal robocalls do you get? As in, those spoofed numbers made to look like a neighbor’s calling, calls coming in even though you’re on the National Do Not Call Registry, scammers trying to get you to cough up your personal information? However many you get, it’s too much, since nearly all robocalls are illegal. And we already know that as of September 2019, the number of robocalls flooding US phones was 200 million per day. Would it be any comfort at all to learn that the US Federal Trade Commission (FTC) has growled at Read more…


Free webinar for businesses focuses on tax identity theft and cybersecurity

We know you’re busy with the business of your business. But we’re hoping for an hour of your time. Why? It’s tax season and tax identity thieves, government imposters, and cyber criminals are out in force. Find out how to help thwart them so you can keep focused on your bottom line.   On Tuesday, February 4, join a free webinar, “Protecting Sensitive Business and Customer Information: Practical Data Security Practices for Your Business.” Hear from the FTC and IRS about identity theft, the latest imposter scams targeting businesses, and creating a data security plan to protect your customers, employees, Read more…


Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Fraudsters posed as art dealer, bilked museum for millions

by Lisa Vaas “We got scammed!” said a London art dealer after business email compromise (BEC) scammers inserted themselves into a months-long conversation about the sale of a £2.4 million (USD $3.1 million) John Constable painting, spoofing their emails to make it look like the messages came from Simon C. Dickinson Ltd. “No, we got scammed,” said the Dutch museum Rijksmuseum Twenthe, which now has the work by the 19th century English landscape painter and whose money got whisked away by fraudsters who transferred the funds to a Hong Kong account. According to Claims Journal, lawyers for the two Read more…


Google launches open-source security key project, OpenSK

by Danny Bradbury Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and Read more…


Monday review – the hot 25 stories of the week

by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 27 January 2020 Tuesday 28 January 2020 Wednesday 29 January 2020 Thursday 30 January 2020 Friday 31 January 2020 News, straight to your inbox Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it. Latest Naked Security Live video [youtube https://www.youtube.com/watch?v=LGRpsYb9ZKs?version=3&rel=0&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] (Watch directly on YouTube if Read more…


Will we just accept our loss of privacy, or has the techlash already begun? | Alan Rusbridger

Probably too late to ask, but was the past year the moment we lost our technological innocence? The Alexa in the corner of the kitchen monitoring your every word? The location-betraying device in your pocket? The dozen trackers on that web page you just opened? The thought that a 5G network could, in some hazily understood way, be hardwired back to Beijing? The spooky use of live facial recognition on CCTV cameras across London. With privacy there have been so many landmarks in the past 12 months. The $5bn Federal Trade Commission fine on Facebook to settle the Cambridge Read more…


Serious Security – How ‘special case’ code blew a hole in OpenSMTPD

by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH – which ships with almost every Linux distribution and, since Windows 10, with Windows – and LibreSSL. There’s also OpenSMTPD, a mail server that aims to allow “ordinary machines to exchange emails with other systems speaking the SMTP protocol”, for example to let you run Read more…


UN hacked via unpatched SharePoint server

by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking Read more…


US Interior Dept extends drone grounding over foreign hacking fears

by John E Dunn Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected to their manufacture in China or use of Chinese parts. This week, the DOI doubled down on that order, with Secretary of the Interior David Bernhardt signing a follow-up that will keep the agency’s drones on the ground for another 30 days until a Read more…


Financial tech firms disagree on ban of customer data screen-scraping

by Lisa Vaas For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing transactions in your bank account, using the information to power its analysis… …putting your privacy, passcode and other security information in danger of getting lost along the way. Because of those potential dangers to people’s privacy and data, many in fintech are urging the Australian government to follow in the Read more…


Jeff Bezos met FBI investigators in 2019 over alleged Saudi hack

Jeff Bezos met federal investigators in April 2019 after they received information about the alleged hack of the billionaire’s mobile phone by Saudi Arabia, the Guardian has been told. Bezos was interviewed by investigators at a time when the FBI was conducting an investigation into the Israeli technology company NSO Group, according to a person who was present at the meeting. Reuters first reported on Thursday that the FBI was investigating the role of NSO in possible hacks of US residents and companies, citing four people familiar with the inquiry. Reuters also reported that the FBI had met Bezos Read more…


Facebook to pay $550m to settle face-tagging suit

by Lisa Vaas A class-action lawsuit against Facebook for scanning a user’s face in photos and offering tagging suggestions looks like it’s finally done churning through the courts. The upshot: it will pay $550 million to settle the suit, Facebook disclosed in its quarterly earnings report on Wednesday. Filed in 2015, plaintiffs had claimed that the platform violated the strictest biometric privacy law in the land – Illinois’s Biometric Information Privacy Act (BIPA) – with its tag suggestions tool. Facebook started using that tool in 2015 to automatically recognize people’s faces in photos and suggest to their friends that Read more…


Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


S2 Ep24: Tinder, angry customers and weleakinfo takedown – Naked Security Podcast

by Alice Duckett This week we discuss 70,000 images being stolen from Tinder, the weleakinfo.com FBI bust and how Sonos annoyed its longstanding customers. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon and producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in the podcast. View Original Source Article HERE


Trello exposed! Search turns up huge trove of private data

by John E Dunn Hands up who’s used the increasingly popular online collaboration platform Trello? Trello is great for organising to-do lists and for coordinating team tasks. But it has its downsides too. While the default for Trello boards is set to ‘private’, many users set them to ‘public’ which means that anyone can see what’s posted there. Not only that, search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards’ contents using a specialised type of search called a ‘dork’. And it’s surprising how much sensitive data there is. Our Read more…


Null and VoIP: FTC reminds service providers of the letter of the law

We usually wouldn’t suggest you read someone else’s mail, but FTC staff just sent letters to 19 providers of VoIP telephone services and the underlying message about the breadth of liability for consumer protection violations is relevant to other businesses. In many contexts, VoIP offers substantial benefits to consumers. But when it comes to robocalls and deceptive telemarketing pitches, VoIP can be a fraudster’s best friend. That’s because the technology allows scammers to blast out millions of illegal calls for very little money. Last month the FTC and Ohio Attorney General amended a pending lawsuit to name as a Read more…


Facebook knows a lot about your online habits – here’s how to stop it

by Danny Bradbury Facebook is rolling out a global tool to help you understand what other sites and apps tell it about your activities, to make it forget what they’ve shared in the past, and to control what they share in the future. It’s called Off-Facebook Activity, and it’s part of the company’s effort to appear more privacy-friendly to its users. This article looks at how to use it. Facebook first launched its Off-Facebook Activity feature in August 2019, making it available in a few select markets at first. It shows you what third-party sites and apps share data Read more…


Employers can’t force you to get microchipped, Indiana reps say

by Lisa Vaas You’ve got two choices, employee: a) let us slide a syringe between your thumb and index finger so we can inject a rice-sized microchip into your hand that can be used as a swipe card to open doors, clock in, operate printers or buy junk out of the snack machine, or b) find another job. An improbable scenario? Yes. It doesn’t happen – at least not if employees say no… For now. And the US state of Indiana wants to make sure it stays that way. Last week, the state House of Representatives unanimously passed legislation Read more…


Government spyware company spied on hundreds of innocent people

by Lisa Vaas In March 2019, researchers with a group called Security Without Borders – a non-profit that often investigates threats against dissidents and human rights defenders – identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google’s Play store. Those apps – which were just a decoy through which government spyware called Exodus was installed on targets’ phones – were anything but harmless. In a two-stage process, they snorted up lists of installed apps, browsing history, contact lists from numerous apps, text messages – including encrypted texts – location Read more…


Apple patches critical bugs on iPhone and Mac – update now!

by Paul Ducklin Apple has just announced its latest round of security updates. As usual, Apple’s fixes arrived unheralded, given the company’s insistence that security fixes are best handled simply by publishing them when they’re ready, rather than following any sort of formal schedule. Not everyone agrees – Microsoft has followed its Patch Tuesday process for many years (updates arrives on the second Tuesday of every month), for example, and Firefox has its own Fortytwosday calendar (major updates arrive every 42 days, i.e. six weeks, on a Tuesday). But Apple’s theory seems to be that security updates fall into Read more…


Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

by John E Dunn Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that’s tying down Intel’s patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling (MDS) affecting Intel’s speculative execution technology introduced in the late 1990s to improve chip performance. ZombieLoad is also what Naked Security likes to call a BWAIN, or Bug With an Impressive Name. BWAINs are everywhere with side-channel issues in microprocessor hardware proving particularly good at generating new ones. ZombieLoad was originally Read more…


Anatomy of a “free” gift – how online surveys can harm your digital health

by Paul Ducklin Over the weekend, we received a short, sweet and simple note. It arrived by email, but the crooks could easily – and for all we know, did – use the same content in an SMS or text message: We weren’t tempted, not least because of the giveaway HTTP link – which was a fortunate blunder by the sender, because the redirector site they were using immediately transferred us to a more legitimate-looking HTTPS page, complete with security padlock. (Remember: a web certificate and padlock doesn’t vouch for what’s actually on a web page – it’s called Read more…


Let’s make ransomware MORE illegal, says Maryland

by Lisa Vaas The oft-attacked city of Baltimore not only uses mind-bogglingly bad data storage. Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution. It is, of course, already a crime to use the data/systems-paralyzing malware in a way that costs victims money, but proposed legislation, Senate Bill 30, would criminalize mere possession. It’s not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar “let’s make malware more illegal” bills before it, SB 30’s attempts to protect Read more…


Fraud spike prompts Chrome developer lock-out

by Danny Bradbury Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. In an announcement posted to the Chromium extensions Google Group on 24 January, an Extensions Developer Advocate said: Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this Read more…


15 NFL teams’ Twitter hijacked in lead-up to the Super Bowl

by Lisa Vaas The cybercriminal group OurMine has struck again, claiming responsibility for hijacking and defacing the Twitter accounts of the US National Football League (NFL) and 15 of its teams. The timing is pointed: The attacks hit during this, the media-hectic week that leads up to Sunday’s Super Bowl Championship, which will pit the 49ers against the Chiefs. OurMine has a long history of hijacking high profile accounts to turn them into billboards to advertise its so-called security “services” and/or to vandalize pages, like it did to BuzzFeed back in the group’s busy-beaver year of 2016. OurMine has Read more…


New ‘CacheOut’ Attack Targets Intel CPUs

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE