Information

ESET Research spots a new version of Android malware known as FurBall that APT-C-50 is using in its wider Domestic Kitten campaign This week, ESET researchers published their analysis of a new variant of the Android malware known as FurBall that APT-C-50 has used in its wider Domestic Kitten campaign. The campaign is known to take aim at Iranian citizens as part of mobile surveillance campaigns – and the same applies to this new FurBall…

Read More

by Naked Security writer Chinese company Zoetop, former owner of the wildly popular SHEIN and ROMWE “fast fashion” brands, has been fined $1,900,000 by the State of New York. As Attorney General Letitia James put it in a statement last week: SHEIN and ROMWE’s weak digital security measures made it easy for hackers to shoplift consumers’ personal data. As if that weren’t bad enough, James went on to say: [P]ersonal data was stolen and Zoetop…

Read More

by Paul Ducklin Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as programming jargon where it’s not a very good linguistic fit… …but the idea is simple, very powerful, and sometimes spectacularly dangerous. In other programming ecosystems it’s often known simply as string substitution, where string is shorthand for a bunch of characters, usually meant for displaying or printing out,…

Read More

by Paul Ducklin Sadly, we’ve needed to cover the DEADBOLT ransomware several times before on Naked Security. For almost two years already, this niche player in the ransomware cybercrime scene has been preying mainly on home users and small businesses in a very different way from most contemporary ransomware attacks: If you were involved in cybersecurity about ten years ago, when ransomware first started to become a massive money-spinner for the cyberunderworld, you will remember…

Read More

by Paul Ducklin WHAT DO YOU MEAN, “DOESN’T MEET THE BAR FOR SECURITY SERVICING”? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your…

Read More

by Paul Ducklin The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn’t finish the war with any sort of hero’s welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence. Make no…

Read More

by Paul Ducklin Popular and ubiquitous (software isn’t always both of those things!) cloud meeting company Zoom recently announced an oops-that-wasn’t-supposed-to-happen bug in the Mac version of its software. The security bulletin is, forgivably, written in the typically staccato and jargon-soaked style of bug-hunters, but the meaning is fairly clear. The bug is denoted CVE-2022-28762, and is detailed in Zoom Bulletin ZB-22023: When camera mode rendering context is enabled as part of the Zoom App…

Read More

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? Schools are at the center of societal change, whether it is by educating and empowering students or by serving as a mirror of current social and economic realities. In order to fulfill their role, however, schools need resources and staff ready to answer these challenges. While the digital era was increasing in pace…

Read More