Facebook on Thursday announced that it took legal action against two individuals for scraping data from its website.In a lawsuit filed in Portugal, Facebook Inc. and Facebook Ireland seek permanent injunction against the two for violation of the social media platform’s terms of service and Portugal’s Database Protection Law.The social media giant says that t

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering.   While employees clicking on phishing links still presents a

In a previous blog, I discussed securing AWS management configurations by combating six common threats with a focus on using both the Center for Internet Security (CIS) Amazon Web Services Foundations benchmark policy along with general security best practices.Now I’d like to do the same thing for Microsoft Azure. I had the privilege of being involved in the

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities.SAP also published a total of 7 other updates for previously released security notes on this month’s Patch Day, for a total of 17 Notes. Five of these carry the highest severity rating of Hot News.Dealing with multiple vulnerabili

NVIDIA this week announced the release of software updates for its GPU display drivers and vGPU software, with fixes for a total of 16 vulnerabilities.A total of six security flaws were patched in the NVIDIA GPU display driver, all of them affecting the kernel mode layer. Three of the bugs impact Windows only, one affects only Linux systems, and two impact b

The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued an alert to warn financial institutions of fraud and cyberattacks related to COVID-19 vaccines.As vaccination against the COVID-19 coronavirus is kicking off worldwide, fraudsters and other types of threat actors are attempting to capitalize on the situati

We are in the middle of the holiday season, and many of you are probably still expecting packages to be delivered. Whether you are waiting for a parcel from abroad fighting its way through the Covid-19 incapacitated supply chain, or you are getting some last-minute shopping from Target, the likelihood of expecting something via mail is high in this pandemic-

Fraud and bot-detection specialists White Ops has been acquired by the Goldman Sachs merchant banking division in partnership with investment firms ClearSky Security and NightDragon.Financial terms of the acquisition were not disclosed.White Ops, known for its fraud-detection technology that protects businesses and online platforms from bots and automat

GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber sec

byPaul DucklinHow do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Rachel Tobac, CEO of SocialProof SecurityJoin us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along th

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims.While these types of operations typically impact non-enterprise users, some people could open the malicious websites or emails associated with these schemes from work devices, whic

byPaul DucklinThanks to Naked Security reader M Carter for their help with this article.Last week, we warned of a Facebook Messenger scam that used a bogus video to lure you onto a phoney Facebook login page.In that scam, the crooks were using stolen Messenger passwords to phish for yet more Messenger passwords by sending messages that genuinely seemed to co

As we all know, 2020 was an exceptional year. No one expected the global turmoil we have seen, but this hasn’t stopped people from working with computers. If anything, the fact that so many people work from home means that they need to have extra protection from malware, vulnerabilities, and other security threats. These threats can be classified in se

byPaul DucklinHere’s our latest Naked Security Live talk, discussing IM scams and how to avoid them, as well as giving you some pointers on how to think like a scammer and thereby stay one step ahead.Don’t forget that receiving a message from a friend’s account doesn’t always mean your friend actually sent the message – if their