Information

US Food Companies Warned of BEC Attacks Stealing Food Product Shipments

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are raising alarm on business email compromise (BEC) attacks leading to the theft of shipments of food products and ingredients. Typically used to steal money, BEC involves threat actors compromising email accounts at target companies and then targeting employees in charge of making payments with fraudulent emails that instruct them to…

Read More

Help! My kid has asked Santa for a smartphone

The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly. Choosing the right holiday gift(s) for your children can be nerve-racking, perhaps doubly so if you’re choosing it for your pre-teen. It’s at that age when many kids feel they’re too old for toys and start insisting they need their first smartphone. Indeed, at that age,…

Read More

Traveling for the holidays? Stay cyber‑safe with these tips

Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist. You’ve successfully avoided all sorts of shopping scams while hunting for bargains this holiday season, and now the time has come to drive, fly or take a train home for Christmas. You’re taking time off to relax, but it is certainly not the time to put cybersecurity on the back burner – cybercrime knows…

Read More

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

by Paul Ducklin PWNING THE WINDOWS KERNEL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Wireless spyware,…

Read More

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities…

Read More

GitHub Announces Free Secret Scanning, Mandatory 2FA

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, it helped identify 1.7 million potential secrets exposed in public repositories. “Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our…

Read More

Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer ESET researchers discovered a spearphishing campaign, launched in the weeks leading up to the Japanese House of Councillors election in July 2022, by the APT group that ESET Research tracks as MirrorFace. The campaign, which we have named Operation LiberalFace, targeted Japanese political entities; our…

Read More

API Security Firm FireTail Raises $5 Million

API security startup FireTail this week announced that it has raised $5 million in an early-stage financing round led by Paladin Capital Group, with participation from General Advance, Secure Octane, Zscaler, and angel investors. Founded in 2021, the Mclean, Virginia-based firm proposes a new approach to securing Application Programming Interfaces (APIs), helping organizations build API inventories and eliminate security issues associated with them. Already seeing early adopters across North America, Asia-Pacific, and Europe, FireTail says…

Read More

Six Charged in Mass Takedown of DDoS-for-Hire Sites

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services. The booter service OrphicSecurityTeam[.]com was one of the 48 DDoS-for-hire domains seized by the…

Read More

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. The security updates include…

Read More