Information

26 Jan

UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

Information, News, Uncategorized

The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups. The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster and Phosphorus).  The NCSC noted that the two groups covered by the advisory have similar tactics, techniques and…

Read More
25 Jan

Experian Glitch Exposing Credit Files Lasted 47 Days

Data Breaches, Information, Insights

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between…

Read More
25 Jan

5 valuable skills your children can learn by playing video games

Information

Gaming can help your children build and sharpen a range of life skills that will stand them in good stead in the future Videogames are now so popular that the number of players worldwide topped 3 billion last year! The boom goes far beyond gaming consoles and the most recognized gaming platforms, such as PlayStation, Xbox or Nintendo, as it reaches across PCs and right into our pockets via our smartphones. From casual gaming to…

Read More
25 Jan

GoTo admits: Customer cloud backups stolen together with decryption key

Information

by Paul Ducklin GoTo is a well-known brand that owns a range of products, including technologies for teleconferencing and webinars, remote access, and password management. If you’ve ever used GoTo Webinar (online meetings and seminars), GoToMyPC (connect and control someone else’s computer for management and support), or LastPass (a password manangement service), you’ve used a product from the GoTo stable. You’ve probably not forgotten the big cybersecurity story over the 2022 Christmas holiday season, when…

Read More
24 Jan

Learning to Lie: AI Tools Adept at Creating Disinformation

Information, News

Artificial intelligence is writing fiction, making images inspired by Van Gogh and fighting wildfires. Now it’s competing in another endeavor once limited to humans — creating propaganda and disinformation. When researchers asked the online AI chatbot ChatGPT to compose a blog post, news story or essay making the case for a widely debunked claim — that COVID-19 vaccines are unsafe, for example — the site often complied, with results that were regularly indistinguishable from similar…

Read More
24 Jan

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Information, Insights

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Emelyantsev, a.k.a.…

Read More
24 Jan

Hybrid play: Leveling the playing field in online video gaming and beyond

Information

Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play? First social apps, now gaming? The growth of cloud-powered apps like Telegram and Teams has created mega communities out of their users. Many of these apps have opened the door to personal self-expression and the types of risk-taking notorious on social media platforms. Oversharing, connecting with strangers, clickbait, and phishing…

Read More
24 Jan

Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security

Information

by Paul Ducklin Over the years, we’ve written and spoken on Naked Security many times about the thorny problem of DNS hijacking. DNS, as you probably know, is short for domain name system, and you’ll often hear it described as the internet’s “telephone directory” or “gazetteer”. If you’re not familiar with the word gazeteer, it refers to the index at the back of an atlas where you look up, say, Monrovia, Liberia in a convenient…

Read More
24 Jan

Apple patches are out – old iPhones get an old zero-day fix at last!

Information

by Paul Ducklin Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we’d already decided that iOS 12 had slipped (or perhaps been quietly pushed) off Apple’s radar, and would never be updated again, give that the previous update had been a…

Read More
23 Jan

Apple Patches WebKit Code Execution in iPhones, MacBooks

Information, News

Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multiple advisories. On the mobile side, Apple pushed out iOS and iPadOS 16.3 with fixes for more than a dozen documented security…

Read More