Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been […]
Mar 09, 2023Ravie LakshmananThreat Intelligence / Malware Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on […]
A new plug-in, created by Microsoft and MITRE, integrates various open-source software tools to aid cybersecurity professionals in bolstering their defenses against attacks on machine learning (ML) systems. The Arsenal tool implements tactics and techniques defined in the MITRE ATLAS framework and has been collaboratively built off of Microsoft’s Counterfit as an automated adversarial attack […]
Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement Friday said requirements had been met for handing over Joseph […]
The birth of ENIAC. A “sophisticated attack” (someone got phished). A cryptographic hack enabled by a security warning. Valentine’s Day Patch Tuesday. Apple closes spyware-sized 0-day hole. DOUG. Patching bugs, hacking Reddit, and the early days of computing. All that, and more, on the Naked Security podcast. [MUSICAL MODEM] Welcome to the podcast, everybody. I am […]
NATO’s Special Operations Headquarters and Strategic Airlift Capability — both working to deliver humanitarian aid to victims of the recent Turkish-Syrian earthquake — were among NATO organizations disrupted by a weekend cyberattack. Russian-based Killnet threat group has claimed responsibility for launching distributed denial-of-service (DDoS) attacks against NATO, according to reports. “We are carrying out strikes […]
A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. “PixPirate belongs to the newest generation of Android […]
As our latest APT Activity Report makes abundantly clear, the threat of cyberespionage and stealthy attacks remains very real The threat of cyberespionage and stealthy cyberattacks remains very real, and the data from ESET’s T3 2022 APT Activity Report released this week backs this up. In this video, Tony shares some of the key takeaways […]
GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers have also managed to grab an encryption key for a portion of the encrypted backups. What happened? In early December, LastPass and […]
Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload. The three Python packages, ‘colorslib’, ‘httpslib’ and ‘libhttps’ were uploaded to PyPI (Python Package Index) on January 7 and January 12. All three packages were published by the same author from […]