At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data A “substitute breach notice” posted June 3 revealed details of t

The FBI has released a public service announcement regarding the ever-present threat of Business Email Compromise (BEC). This comes hot on the heels of an earlier release from the Las Vegas FBI department in April. Losses continue to mount, and we’re currently facing a scam racking up domestic and international losses of $43 billion. What is Busines

p>Yesterday I received an SMS from “TestNTrace”, with the message resembling an official NHS communication: The text reads as follows: NHS: You’ve been in close contact with a person who has contracted the Omicron variant. Please order a test kit via: [URL redacted] Well, that’s an alarming thing to wake up to. However, not everything is as it f

p>Dozens of apps were removed from the Google Play Store after they were found to be harvesting the data of device owners. The code in question—a software development kit (SDK)—was used inside apps which were downloaded over 10 million times. What happened? A wide range of Android apps were found to have this particular SDK lurking. There’s no obvious

We’ve received an interesting spam email which (deliberately or not) could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow. Unusual sign-in activity detected? The email’s subject line, “Microsoft account unusual sign-in activi

Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.Accordi

Players of smash hit gaming title FIFA 22 have become the target of a wave of attacks focused on account compromise. Up to 50 “high profile” accounts were hijacked by what may have been the same group. FIFA titles are, traditionally, a big draw for scammers and phishers. This is because many of these titles have players that invest heavily in microtransac

For many years, email scams have circulated suggesting that some remote hacker has installed software on your computer, and has been monitoring your activity, some of which may shame you. In exchange for not exposing you, they ask for payment; some of them say they have photos and videos of you – because the hacker has control of your computer’

The DigiNotar attack in 2011 set itself apart because it was an attack on the cybersecurity industry itself. Most attacks are on a single company. But this one shook trust in cybersecurity tools and how users decide whom to trust online. After covering this industry for years, I’ve seen firsthand how cyber attacks don’t happen in a vacuum. Inste

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack

It’s not every day you receive a big money offer from someone claiming to sit in political asylum, but here we are. The following missive landed in our spam traps at the weekend. The mail claims to be from the daughter of no less than the late Colonel Gaddafi. Ayesha Gaddafi promises you untold riches if you help her find a home for $27.5 million. The

The Krita digital painting application is currently being targeted by ransomware authors. Available on Steam and other platforms, it’s a powerful tool with a very cheap purchase price and great reviews. A perfect bit of bait to start reeling in potential victims, in other words. How does the scam work? Ransomware scammers send out mails to artists. Tho

They say there’s two sides to every story. Depending on your point of view, you may have heard a recent story that’s either about overreaching law enforcement and protestors exposed by organisations happy to hand over revealing data despite saying they won’t. Or: BREAKING: legitimate business complies with legitimate law enforcement reques

Email has become commonplace: you can get free email accounts from numerous services, but, as it is often said, if it’s free, then you’re the product. You may have read that, for example, Google has allowed other companies scan mail in Gmail accounts, scraping data for marketers. While the tools used to scan email may simply have been looking t

A new Apple update is released for a zero-day vulnerability exploited in the wild, we discuss how vulnerability brokers buy and sell computer bugs, and we look at three free secure email services.(When we recorded the podcast, only some had been released, but shortly after the recording, Apple released the remaining updates.)Speculation that yesterday’s iOS