by Paul Ducklin How scammers copied a government website almost to perfection. What to do about those fake “bug” hunters who ask for payment for finding “vulnerabilities” that aren’t. Why the Dutch data protection authority fined Booking.com for not sending in a data breach disclosure fast enough. With Kimberly Truong, . . . Read more
Lastest episode – listen now! (And please leave us a review if you like what you hear.)
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. Security threats from states and state-sponsored actors have been around since before the field of cybersecurity was defined. They have now evolved to cyberspace, and present unique challenges for defenders. While there are . . . Read more
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares. Three men suspected of participating in a massive business email compromise (BEC) ring have been arrested in Lagos, Nigeria. A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted . . . Read more
The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.
‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has . . . Read more
by Paul Ducklin If you are a regular Naked Security reader, you’ll know that we generally steer clear of publishing content that deals specifically with Sophos products and services. That’s because our primary goal on this site is to help all of you learn more about cybersecurity by offering information . . . Read more
With Election Day approaching, local governments need to be prepared for malware attacks on election infrastructure. Ransomware gangs have officially entered the 2020 election fray, with reports of one of the first breaches of the voting season, on Hall County, Ga. The county’s database of voter signatures was impacted in . . . Read more