Continuous Monitoring and Protection
by Naked Security writer He was sentenced under his real-life name of Ramon, but in back in his boastful days of pretending to be a seriously successful real estate agent based in Dubai, you may have seen and heard of him as Ray, or, to give him his full nickname, Ray Hushpuppi. To be clear, Ramon Olorunwa Abbas wasn’t pretending to have lots of money, but he was pretending to have acquired his money by…
Read MoreCanadian supermarket and pharmacy chain Sobeys is recovering from a cyberattack that might have involved the Black Basta ransomware. Sobeys is the second largest supermarket chain in Canada and a wholly-owned subsidiary of Empire Company Limited, which operates more than 1,500 stores across the country, under brands such as Foodland, IGA, Lawtons, Needs, Safeway, and more. On November 7, Empire disclosed that it fell victim to a cyberattack that impacted some in-store systems at its…
Read MoreWhen in doubt, kick it out, plus other tips for hardening your cyber-defenses against World Cup-themed phishing and other scams The FIFA World Cup 2022 in Qatar is just about to kick off! From November 20th through December 18th, one of this year’s most important global events will attract hundreds of millions of football (or soccer if you prefer) fans from all over the world. But as we’ve seen before, online fraudsters invariably use the…
Read MoreNew ESET report shows how ever-growing threats impact SMB sentiment and why many SMBs are underprepared to defend against attacks Three in four SMBs believe that they are more vulnerable to cyberattacks than enterprises, ESET’s 2022 SMB Digital Security Sentiment Report published this week has found. This doesn’t always seem to be reflected in their spending, however, as a similar share of the businesses admitted that their investment in cybersecurity has not kept pace with…
Read Moreby Paul Ducklin A bug bounty hunter called David Schütz has just published a detailed report describing how he crossed swords with Google for several months over what he considered a dangerous Android security hole. According to Schütz, he stumbled on a total Android lockscreen bypass bug entirely by accident in June 2022, under real-life conditions that could easily have happened to anyone. In other words, it was reasonable to assume that other people might…
Read Moreby Paul Ducklin THREE BILLION DOLLARS IN A POPCORN TIN? Radio waves so mysterious they’re known only as X-Rays. Were there six 0-days or only four? The cops who found $3 billion in a popcorn tin. Blue badge confusion. When URL scanning goes wrong. Tracking down every last unpatched file. Why even unlikely exploits can earn “high” severity levels. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on…
Read MoreMicrosoft-owned code hosting platform GitHub has announced the introduction of a direct channel for security researchers to report vulnerabilities in public repositories that allow it. The new private vulnerability reporting capability enables repository maintainers to allow security researchers to report to them any vulnerabilities identified in their code. Some repositories may contain specific instructions on how the maintainers can be contacted for vulnerability reporting, but for those that do not, researchers often report issues publicly.…
Read MoreCybersecurity researchers said they have found evidence of Chinese spyware in Uyghur-language apps that can track the location and harvest the data of Uyghurs living in China and abroad. Uyghurs are a Turkic Muslim minority predominantly in China’s northwestern region of Xinjiang, where a recent UN report said Beijing may have committed crimes against humanity. The United States and lawmakers in other Western countries say China’s treatment of the Uyghurs amounts to genocide. A Thursday…
Read MoreLiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server. The security holes were discovered during an audit of OpenLiteSpeed, the open source version of the LiteSpeed performance-focused web server made by LiteSpeed Technologies. Both versions are impacted by the vulnerabilities and they have been patched with the release of OpenLiteSpeed 1.7.16.1 and LiteSpeed 6.0.12. LiteSpeed is a popular web server and an…
Read MoreA nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued…
Read More