Information

29 Dec

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Information, Malware

by Paul Ducklin A DAY IN THE LIFE OF A CYBERCRIME FIGHTER Once more unto the breach, dear friends, once more! Paul Ducklin talks to Peter Mackenzie, Director of Incident Response at Sophos, in a cybersecurity session that will alarm, amuse and educate you, all in equal measure. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. Intro and outro music by Edith Mudge. You can listen…

Read More
29 Dec

The horror! The horror! NOTEPAD gets tabbed editing (very briefly)

Information, Uncategorized

by Paul Ducklin These days, almost every decent app, along with some that are half-decent (as well as a few that aren’t very good at all) will offer you tabbed whateveritis. Even command windows, which used to be just what they said (windows in which one – and only one – command shell was running), went “tabbed” somewhere in the 1990s, and have been ever since. If you want two command windows these days, you…

Read More
29 Dec

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

Information

by Paul Ducklin Remember quantum computing, and the quantum computers that make it possible? Along with superstrings, dark matter, gravitons and controlled fusion (hot or cold), quantum computing is a concept that many people have heard of, even if they know little more about any of these topics than their names. Some us are vaguely better informed, or think we are, because we have an idea why they’re important, can recite short but inconclusive paragraphs…

Read More
29 Dec

The Five Stories That Shaped Cybersecurity in 2022

Information, News

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem As we looked back at the security incidents, events and stories that demanded attention over the past year, it became crystal clear that high-profile data breaches and zero-day attacks would continue to dominate the headlines. It seemed that hardly a week went by without some sort of cybersecurity incident making headlines, stretching spending budgets to the limits as CISOs and…

Read More
29 Dec

Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Information, News

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) last week published three advisories to describe a total of four high-severity vulnerabilities. Rockwell Automation has published individual advisories for each security hole. One flaw is CVE-2022-3156, which impacts the Studio 5000 Logix Emulate controller emulation software. The vulnerability is caused by a misconfiguration that results in users being granted elevated…

Read More
29 Dec

Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

Information, News

Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach. A regional community healthcare system consisting of several facilities, LCMHS identified the cyberattack on October 25 and started informing the impacted patients of the incident on December 23. In a notification on its website, LCMHS says that ‘an unauthorized third party’ gained access to its network between October…

Read More
28 Dec

Twitter data of “+400 million unique users” up for sale – what to do?

Information

by Paul Ducklin Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has advertised: I’m selling data of +400 million unique Twitter users that was scraped via a vulnerability, this data is completely…

Read More
28 Dec

Netwrix Acquires Remediant for PAM Technology

Information, Malware, News

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category. Financial terms of the acquisition were not disclosed.  Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capital funding in August 2019. Remediant, founded in 2015 by security practitioners Paul Lanzi  and Tim Keeler, built a PAM software product that offered continuous…

Read More
28 Dec

EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer

Information, News

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States. The attack method, named EarSpy, is described in a paper published just before Christmas by researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University…

Read More
27 Dec

2022 in review: 10 of the year’s biggest cyberattacks

Information

The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022 The past year has seen the global economy lurch from one crisis to another. As COVID-19 finally began to recede in many regions, what replaced it has been rising energy bills, soaring inflation and a resulting cost-of-living crisis – some of…

Read More