Information

22 Dec

Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

Information, Malware, News

The recently detailed Internet of Things (IoT) botnet Zerobot has been updated with an expanded list of exploits and distributed denial-of-service (DDoS) capabilities. Initially detailed two weeks ago, Zerobot is a self-replicating and self-propagating piece of malware written in the Golang (Go) programming language, which can target twelve device architectures. Fortinet, which first warned of the threat’s capabilities, analyzed two variants of the malware, one of which contained exploits targeting 21 known vulnerabilities, including the…

Read More
21 Dec

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

Information

by Paul Ducklin When we woke up this morning, our cybersecurity infofeed was awash with “news” that Apple had just patched a security hole variously described a “gnarly bug”, a “critical flaw” that could leave your Macs “defenceless”, and the “Achilles’ heel of macOS”. Given that we usually check our various security bulletin mailing lists before even looking outside to check the weather, primarily to see if Apple has secretly unleashed a new advisory overnight……

Read More
21 Dec

Cyber Insurance Analytics Firm CyberCube Raises $50 Million

Information, News

CyberCube, a provider of cyber risk analytics for insurance companies, this week announced that it has raised $50 million in a new funding round that brings the total raised by the firm to $105 million. The new investment round was led by Morgan Stanley, with participation from Forgepoint Capital, Hudson Structured Capital Management (Bermuda) Ltd., MTech Capital, and angel investors. Founded in 2015, the San Francisco-based CyberCube helps insurers and brokers understand their portfolios’ exposure…

Read More
20 Dec

The Equifax Breach Settlement Offer is Real, For Now

Data Breaches, Information, Insights

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money. One reader’s copy of their Equifax Breach…

Read More
20 Dec

How to set up parental controls on your child’s new smartphone

Information

Give yourself peace of mind and help create a safe online space for your child using Android or iOS parental controls So you’re about to give your kid their first smartphone. While your child will be over the moon with their shiny new device, you begin to wonder how to stop the kid from spending every waking hour glued to the gadget. Chances are that somewhere along the way, you’ll start to discover the world…

Read More
20 Dec

OneCoin scammer Sebastian Greenwood pleads guilty, “Cryptoqueen” still missing

Information

by Paul Ducklin The “Missing Cryptoqueen” saga has made long-term headlines since co-founders Ruja Ignatova and Karl Sebastian Greenwood started a cryptocurrency scam known as OneCoin, way back in 2014. Ignatova, who hails from Bulgaria, and who apparently liked to be known as The Cryptoqueen (her charge sheet even shows that name as an alias), has been wanted in the US on various wire fraud, money laundering and securities fraud charges since October 2017. According…

Read More
20 Dec

DraftKings Data Breach Impacts Personal Information of 68,000 Customers

Information, News

Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings’ systems, the company says. Credential stuffing involves the use of leaked credentials (usernames, email addresses, and passwords) obtained from a third-party source to access an account on a different service. Such attacks are successful only because…

Read More
19 Dec

Hacked Ring Cams Used to Record Swatting Victims

Information, Insights

Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.…

Read More
19 Dec

Google Workspace Gets Client-Side Encryption in Gmail

Information, News

Google on Friday announced the beta availability of client-side encryption in Gmail for some of its Google Workspace customers. The feature is meant to improve the confidentiality of emails when they rest on Google’s servers, by applying encryption to the email body and attachments while providing Workspace customers with control over the encryption keys and the identity service used to access the keys. “Google Workspace already uses the latest cryptographic standards to encrypt all data…

Read More
17 Dec

MirrorFace aims for high‑value targets in Japan – Week in security with Tony Anscombe

Information

The group’s proprietary backdoor LODEINFO delivers additional malware, exfiltrates credentials, and steals documents and emails This week, the ESET research team published their findings about a spearphishing campaign that the Chinese-speaking threat actor MirrorFace launched in Japan and that mainly focused on members of a specific Japanese political party. The campaign – which ESET Research has named Operation LiberalFace and which occurred in the lead-up to the House of Councillors elections in July 2022 –…

Read More