Information

23 Feb

ESET SMB Digital Security Sentiment Report: The damaging effects of a breach

Information

SMBs need to not only reduce their odds of being hit by an attack, but also implement processes that they can follow if their defenses are breached The prevalence of cyberattacks continues to rise, with our telemetry showing a 13% increase in cyberthreat detections in 2022 year-on-year. While the news tends to feature breaches involving major companies, it would be wrong to assume that only large enterprises are targeted by cybercriminals. Although these incidents grab…

Read More
23 Feb

Writing like a boss with ChatGPT and how to get better at spotting phishing scams

Information

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data ChatGPT has been taking the world by storm, having reached 100 million users only two months after launching. However, media stories about the tool’s uncanny ability to write human-sounding text mask a potentially darker reality. In the wrong hands, the powerful chatbot (now also built into the Bing search engine) and technologies like it could…

Read More
23 Feb

NPM JavaScript packages abused to create scambait links in bulk

Information

by Paul Ducklin Johnathan Swift is probably most famous for his novel Gulliver’s Travels, during which the narrator, Lemuel Gulliver, encounters a socio-political schism in Liiliputian society caused by unending arguments over whether you should open a boiled egg at the big end or the little end. This satirical observation has flowed diretly into modern computer science, with CPUs that represent integers with the least significant bytes at the lowest memory addresses called little-endian (that’s…

Read More
22 Feb

Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017

Information, News

Intel has paid out more than $4.1 million through its bug bounty program since its creation in 2017, according to a product security report published by the chip giant on Wednesday. Between 2018 and 2021, Intel paid out, on average, $800,000 through its bug bounty program each year for vulnerabilities discovered in the company’s products. In 2022, it awarded $935,000.  Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as…

Read More
21 Feb

Will ChatGPT start writing killer malware?

Information, Malware

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware? ChatGPT didn’t write this article – I did. Nor did I ask it to answer the question from the title – I will. But I guess that’s just what ChatGPT might say. Luckily, there are some grammar errors left to prove I’m not a robot. But that’s just the kind of thing ChatGPT might do…

Read More
21 Feb

Coinbase breached by social engineers, employee data stolen

Information, Social Engineering

by Paul Ducklin Popular cryptocurrency exchange Coinbase is the latest well-known online brand name that’s admitted to getting breached. The company decided to turn its breach report into an interesting mix of partial mea culpa and handy advice for others. As in the recent case of Reddit, the company couldn’t resist throwing in the S-word (sophisticated), which once again seems to follow the definition offered by Naked Secuity reader Richard Pennington in a recent comment,…

Read More
21 Feb

VMware Plugs Critical Carbon Black App Control Flaw

Information, News

Virtualization technology giant VMware on Tuesday pushed out a major security fix to cover a critical vulnerability in its enterprise-facing Carbon Black App Control product. A critical-severity advisory from VMware tracks the vulnerability as CVE-2023-20858 and warns that hackers can launch injection exploits to gain full access to the underlying server operating system. “A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access…

Read More
20 Feb

Twitter tells users: Pay up if you want to keep using insecure 2FA

Information

by Paul Ducklin Twitter has announced an intriguing change to its 2FA (two-factor authentication) system. The change will take effect in about a month’s time, and can be summarised very simply in the following short piece of doggerel: Using texts is insecure for doing 2FA, So if you want to keep it up you’re going to have to pay. We said “about a month’s time” above because Twitter’s announcement is somewhat ambiguous with its dates-and-days…

Read More
20 Feb

Twitter Shuts Off Text-Based 2FA for Non-Subscribers

Information, News

Elon Musk’s Twitter started a security ruckus over the weekend with the sudden decision to turn off text message/SMS method of two-factor authentication (2FA) for anyone not subscribed to its paid Twitter Blue service. “While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA…

Read More
19 Feb

GoDaddy admits: Crooks hit us with malware, poisoned customer websites

Information, Malware

by Paul Ducklin Late last week [2023-02-16], popular web hosting company GoDaddy filed its compulsory annual 10-K report with the US Securities and Exchange Commission (SEC). Under the sub-heading Operational Risks, GoDaddy revealed that: In December 2022, an unauthorized third party gained access to and installed malware on our cPanel hosting servers. The malware intermittently redirected random customer websites to malicious sites. We continue to investigate the root cause of the incident. URL redirection, also…

Read More