HackDig : Dig high-quality web security articles

150,000 security cameras allegedly breached in “too much fun” hack

byPaul DucklinNews outlet Bloomberg has gone public with a dramatic cybersecurity news story about surveillance.Bloomberg claims that an “international hacker collective” was responsible for breaking into a network of 150,000 surveillance cameras and purloining private footage from live video feeds.According to Bloomberg, one of the hacking crew,
Publish At:2021-03-10 15:13 | Read:226 | Comments:0 | Tags:Data loss data breach hacking Verkada security hack

Keybase secure messaging fixes photo-leaking bug – patch now!

byPaul DucklinKeybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as w
Publish At:2021-02-23 12:31 | Read:276 | Comments:0 | Tags:Data loss Vulnerability CVE-2021-23827 data leakage KeyBase

SMS tax scam unmasked: Bogus but believable – don’t fall for it!

byPaul DucklinEvery month of the year has some sort of tax relevance somewhere in the world, and tax scamming cybercrooks take advantage of the many different regional tax filing seasons to customise their criminality to where you live.In the UK, the 2019/2020 tax year ended on 05 April 2020, and the deadline for filing your taxes electronically was 31 Janua
Publish At:2021-02-11 23:37 | Read:367 | Comments:0 | Tags:Data loss Phishing hmrc Scam tax

What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve

bySally AdamDr Jason R.C. Nurse is an Associate Professor in Cyber Security at the University of Kent, and a Visiting Academic at the University of Oxford. His research focuses on the socio-technical aspects of cyber security, privacy and trust.Jason has channelled years of research into a concise, evidence-led framework that outlines the best ways to deal w
Publish At:2021-02-03 12:49 | Read:375 | Comments:0 | Tags:Data loss breach response data breach Jason Nurse Sophos Evo

Was there a “COVID-19 vaccine hack” against the European Medicines Agency?

byPaul DucklinIf you’ve been following the news today, you’ve probably seen headlines announcing a breach at the European Medicines Agency (EMA).The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union – a role reflected in its former name, the European Agency for the
Publish At:2020-12-10 18:31 | Read:531 | Comments:0 | Tags:Data loss GDPR compliance Ransomware data breach EMA hacking

Gift card hack exposed – you pay, they play

byPaul DucklinThanks to Bill Kearney of Sophos Rapid Response for his work on this article.If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware.Sure, ransomware understandably hogs the media headlines these days, but cybercriminality go
Publish At:2020-11-24 16:25 | Read:745 | Comments:0 | Tags:Data loss Vulnerability Cybercrime gift cards hacking Scam h

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
Publish At:2020-11-18 12:13 | Read:717 | Comments:0 | Tags:Android BEC Botnet Data loss Linux Machine Learning Malware

Phone scamming – friends don’t let friends get vished!

byPaul DucklinAs regular readers will know, we write up real-world scams fairly frequently on Naked Security.Despite ever more aggressive spam filtering, including blocking some senders outright without even seeing what they’ve got to say, many of us receive a daily crop of outright dishonest and manipulative messages anyway.This sort of spam, better
Publish At:2020-10-26 22:06 | Read:614 | Comments:0 | Tags:Data loss Phishing Spam Cybersecurity Awareness Month fraud

Blast from the past! Windows XP source code allegedly leaked online

byPaul DucklinWe saw it in a tweet. How about you?pic.twitter.com/aNYt07qKsI— DEY! (@RoninDey) September 24, 2020 If the reports are to be believed, someone has just leaked a mega-torrent (pun intended – allegedly some of the files have also been uploaded to Kiwi file-sharing service Mega) of Microsoft source code going all the way back to MS-DOS
Publish At:2020-09-30 10:45 | Read:724 | Comments:0 | Tags:Data loss Microsoft leak Windows XP

REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more

byLisa VaasWhat would you do if your law firm to the stars were to be presented with this choice: pay us $42 million or we’ll sell Mariah Carey’s confidential legal documents on the dark web on 1 July?… followed by a carefully laid out schedule to sell personal correspondence, contracts, agreements, non-disclosure agreements, court conflicts and
Publish At:2020-06-26 06:27 | Read:1522 | Comments:0 | Tags:Celebrities Data loss Hacked Privacy Ransomware Security thr

Twitter apologizes for leaking businesses’ financial data

byLisa VaasTwitter apologized on Tuesday for sticking business clients’ billing information into browser cache – a spot where the uninvited could have had a peek, regardless of not having the right to see it.In an email to its clients, Twitter said it was “possible” that others could have accessed the sensitive information, which incl
Publish At:2020-06-25 07:17 | Read:1119 | Comments:0 | Tags:Data loss Privacy Security threats Twitter advertising platf

Hacker indicted for stealing 65K employees’ PII in medical center hack

byLisa VaasA Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center’s (UPMC’s) HR databases and theft of employees’ personal information – information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns.The 43-count indictment, returne
Publish At:2020-06-22 09:47 | Read:1031 | Comments:0 | Tags:Data loss Law & order Security threats arrest Detroit Justin

Babylon mobile health app mixes up patient consultation videos

byPaul DucklinMobile health app Babylon, which states its company mission as putting “an accessible and affordable health service in the hands of every person on earth”, has admitted to a software bug that went one step further than that.According to a BBC report, an app user in the UK ended up with other people’s health service data in his
Publish At:2020-06-10 09:05 | Read:943 | Comments:0 | Tags:Data loss babylon data breach Health Care

Botnet blasts WordPress sites with configuration download attacks

byPaul DucklinSecurity researchers at WordFence, a company that’s focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data.In a default installation of WordPress, whether you’ve installed it yourself or are using a hosted service, the configuration file wp-config.php should be off
Publish At:2020-06-05 12:25 | Read:1022 | Comments:0 | Tags:Data loss Patching vulnerability wordfence Wordpress

You DID change your password after that data breach, didn’t you?

byPaul DucklinUntil a few years ago, received wisdom for passwords included advice to change them all on a regular and frequent basis, just because you could.The laudable idea was that this reduced the length of time you’d be exposed if your password were breached, and you’d therefore “obviously” be safer as a reult.Ironically, this b
Publish At:2020-06-04 13:15 | Read:1044 | Comments:0 | Tags:Data loss data breach passwords