Information

by Paul Ducklin WHAT DO YOU MEAN, “DOESN’T MEET THE BAR FOR SECURITY SERVICING”? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your…

Read More

by Paul Ducklin The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn’t finish the war with any sort of hero’s welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence. Make no…

Read More

by Paul Ducklin Popular and ubiquitous (software isn’t always both of those things!) cloud meeting company Zoom recently announced an oops-that-wasn’t-supposed-to-happen bug in the Mac version of its software. The security bulletin is, forgivably, written in the typically staccato and jargon-soaked style of bug-hunters, but the meaning is fairly clear. The bug is denoted CVE-2022-28762, and is detailed in Zoom Bulletin ZB-22023: When camera mode rendering context is enabled as part of the Zoom App…

Read More

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? Schools are at the center of societal change, whether it is by educating and empowering students or by serving as a mirror of current social and economic realities. In order to fulfill their role, however, schools need resources and staff ready to answer these challenges. While the digital era was increasing in pace…

Read More

APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it…

Read More

With hot-ticket events firmly back on the agenda, scammers selling fake tickets online have also come out in force As the events scene slowly came back to life in 2022, the clamor for tickets to festivals and gigs surged massively. Many festivals around the UK sold out within hours, and as a result people were tempted to take to secondary marketplaces and social networks to find resale tickets. Unfortunately, this created the ideal breeding ground…

Read More