CyberSecure Specialist

Cisco Releases Security Updates for Multiple Products

Original release date: November 3, 2022 Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Apple Releases Security Update for Xcode

Original release date: November 3, 2022 Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Hacker Charged With Extorting Online Psychotherapy Service

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki, a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats. In late October…

Read More

Espionage campaign loads VPN spyware on Android devices via social media

A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It’s an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices. “In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and…

Read More

Is your personal data all over the internet? 7 steps to cleaning up your online presence

You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps Have you ever searched for yourself on Google? It may sound odd, but it is actually a great way to discover a tiny part of what the web knows about us. And, most importantly, it is the only way we have to know if we need to ask Google to remove relevant…

Read More

What is doxing and how to protect yourself

Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you How harmful can it be to have your social media accounts set to public? Or to tag the restaurant where you’re having that delicious meal? Almost everyone does it! Let’s turn the questions around: Do you remember ever searching for someone you just met on social media to find out as much as…

Read More

French hospital crippled by cyberattack – Week in security with Tony Anscombe

As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts A major hospital near Paris has been hit by a ransomware attack that crippled its computer and medical systems and forced it to send patients to other healthcare facilities. The criminals demand $10 million from the hospital for restoring access to its systems, which the facility refused to pay. In this week’s video, Tony wonders if the…

Read More

The OpenSSL security update story – how can you tell what needs fixing?

by Paul Ducklin Yesterday, we wrote about the waited-for-with-bated-breath OpenSSL update that attracted many column-kilometres of media attention last week. The OpenSSL team announced in advance, as it usually does, that a new version of its popular cryptographic library would soon be released. This notification stated that the update would patch against a security hole with a CRITICAL severity rating, the project’s highest. Unlike companies such as Apple, who deliberately announce forthcoming security patches simply…

Read More

White House ransomware summit highlights need for borderless solutions

The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, “While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most…

Read More

Making the case for security operation automation

According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage,…

Read More