CyberSecure Specialist

Many of 13 New Mac Malware Families Discovered in 2022 Linked to China

More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China. Mac security expert Patrick Wardle has compiled a list of the macOS malware that came to light over the course of last year. The number of new malware appears to be increasing as only eight new families were spotted in 2021. The first malware to emerge…

Read More

14 UK schools suffer cyberattack, highly confidential documents leaked

More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries. Passport, contract data…

Read More

SASE Company Netskope Raises $401 Million

Secure access service edge (SASE) provider Netskope on Thursday announced that it has raised $401 million in an oversubscribed financing round. To date, the company has raised close to $1.5 billion. The new investment round was led by Morgan Stanley Tactical Value, with participation from CPP Investments, Goldman Sachs Asset Management, and Ontario Teachers’ Pension Plan. Founded in 2012, the Santa Clara, California-based Netskope offers a converged SASE platform that provides optimized access and zero…

Read More

Twitter’s mushrooming data breach crisis could prove costly

Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action. Even as regulators in Europe begin to probe what appears to be a massive Twitter data…

Read More

The doctor will see you now … virtually: Tips for a safe telehealth visit

Are your virtual doctor visits private and secure? Here’s what to know about, and how to prepare for, connecting with a doctor from the comfort of your home. Telehealth services were one of the tech success stories of the COVID-19 pandemic. Just as cloud-based services helped suddenly locked-down workers to stay productive, telemedicine consultations ensured doctors could still provide essential healthcare and advice without endangering their patients or staff. In fact, telehealth consultations accounted for…

Read More

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

by Paul Ducklin LAST STRAW FOR LASTPASS? IS CRYPTO DOOMED? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE…

Read More

Banking Trojan apocalypse: how hackers are stealing millions

Several weeks ago, I received a phone call from my friend who is a business owner and works in the cargo industry. He informed me that US$24,000 had vanished from his bank account during the previous night. The bank customer care team could not assist and suggested that my friend file a report with the police. The funds were transferred using a mobile app. The transaction was verified via a text message and appeared to…

Read More

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub,  Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra…

Read More

Toyota Customers’ Personal Information Potentially Exposed in GitHub Repository

Although Toyota does not believe data was accessed by an unauthorized party, it is still recommended that those customers remain vigilant for the time being. Since email addresses were included with other exposed data, affected individuals are more vulnerable to scams and phishing attempts. If emails from unknown senders are received, they should not be interacted with. Unusual emails, emails involving payments, or emails involving sign-in links to high value accounts from trusted counterparties should…

Read More

Hackers Abuse Windows Error Reporting Tool to Deploy Malware

It is highly recommended to implement and maintain email security controls, including the ability to block certain file attachments. ISO files have become extremely popular among threat actors as a way to initially get malware on to the system while also evading defenses. In this campaign, the threat actors attach the ISO directly to a phishing email received by the end user. By being able to block incoming emails that contain ISO (or IMG) attachments,…

Read More