Entries in NakedSecurity (44)

Wednesday
Nov062019

Business Email Compromise (BEC) scams

DateWednesday, November 6, 2019 at 4:44AM

They come in many forms, but they are getting more and more sophisticated and taking companies and individuals for larger amounts of money. Naked Security wrote a report yesterday about the City of Ocala, Florida that wrote out a check after it received fraudulent new payment information that was processed into their system. The scammers used all of the right processes and until the Construction Company called the city about the payment.

Naked Security has a great posting on the many ways that this is happening and what to look for to protect yourself and your organization from this happening to you: Click Here

AuthorBob Appleby | CommentPost a Comment |
in , , , ,
Tuesday
Nov052019

NFC being on is not always a good thing...

DateTuesday, November 5, 2019 at 10:58AM

Google has patched a bug that let a hacker, and this is key, that is physically close to your phone to send malware to your phone using NFC (Near Field Communication) functions.

Take a look at this report from Sophos's Naked Security Blog that spells out the vulnerability: Click Here

What to do?

  • You can turn off permissions for the NFC app to install unknown applications, which will prevent the NFC app from trying to install an APK.
  • You can also turn off Android Beam in the NFC and Payment area of your Android device’s settings, while still leaving NFC on for contactless payments.
  • Finally, you can install the fix that Google released last month, patching the flaw.

AuthorBob Appleby | CommentPost a Comment |
in , , , , , ,
Tuesday
Oct292019

Adobe Crative Cloud customer database breached

DateTuesday, October 29, 2019 at 8:37AM

Naked Security reported on this breach that exposed 7.5 million Adobe customers revealing the following information:

  • Account creation date
  • Adobe products used
  • Subscription status
  • Whether the user is an Adobe employee
  • Member IDs
  • Country
  • Time since last login
  • Payment status

See full details here: https://nakedsecurity.sophos.com/2019/10/28/adobe-database-exposes-7-5-million-creative-cloud-users/

 

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Friday
Nov302018

Naked Security Post: Huge Marriott breach puts 500 million victims at risk

DateFriday, November 30, 2018 at 11:51AM

by 

Marriott has today revealed that its Starwood guest reservation database has been subject to unauthorised access “since 2014”. The scope of the data breach is huge, covering nearly five years and approximately 500 million guests.

The company has created a website to deal with the breach at info.starwoodhotels.com (note that at the time of writing it redirects to answers.kroll.com).

Who’s affected?

The company warns that if you made a reservation at one of its Starwood brands in the last five years then you are at risk:

If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved.

According to Marriott, its Starwood brands include: Starwood branded timeshare properties, W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.

What data is at risk?

It seems that different guests may be subject to different levels of exposure, according to how much data they shared. Until you have successfully confirmed your level of exposure with Marriott, you should assume the worst.

Information put at risk by the breach includes “some combination of” name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, communication preferences, payment card numbers and payment card expiration dates.

Although payment card numbers were encrypted, thieves may have stolen the information required to decrypt them.

What happened?

Marriott has not revealed what events or security failures occurred (it may not yet know), but it has released some details about how it discovered the breach.

The company says that on 8 September 2018 it was alerted to an unauthorised attempt to access the Starwood guest reservation database. Security experts called in to deal with the incident revealed that unauthorised access to the Starwood network started as far back as 2014, two years prior to Marriott’s acquisition of Starwood.

On 19 November 2018, Marriott learned that a recent attempt to encrypt and exfiltrate data from the network had included data from the Starwood guest reservation database.

As you can see from what Marriott has revealed so far, it can be difficult for everyone concerned to tell the difference between data that has been put at risk and data that has actually been stolen.

Until they can confirm otherwise, victims would be prudent to assume they amount to the same thing.

AuthorBob Appleby | CommentPost a Comment |
in , , , ,
Wednesday
Aug162017

Naked Security: Fake News is Real

DateWednesday, August 16, 2017 at 2:14PM

Bot armies of fake followers are the footsoldiers of fake news

16 AUG 2017                                                                                                                                by Taylor Amerding

Interesting Article describing how Fake News is being distributed to make it look like the Real Thing! Makes sense that you would want the widest distribution that you can achieve. This report discusses an Indiana University research report that confirms it.

And now comes a team of researchers from Indiana University who say they have the data to confirm it. In a paper titled “The Spread of Fake News by Social Bots,” they reported that an analysis of 14m social media messages regarding 400,000 claims on Twitter during and following the 2016 US presidential campaign and election provided, “evidence that social bots play a key role in the spread of fake news. Accounts that actively spread misinformation are significantly more likely to be bots”.

Click on the link above to learn more…

AuthorBob Appleby | CommentPost a Comment |
in , ,
Monday
Aug142017

Naked Security: Thousands of Android-spying apps in the wild: what to do about SonicSpy

DateMonday, August 14, 2017 at 3:31PM

By Bill Brenner, nakedsecurity.sophos.com

Well we always knew that Android was a security nightmare but SophosLabs has found three cases of SonicSpy-infused apps in Google Play:

Researchers from SophosLabs and elsewhere have found three cases of SonicSpy-infused apps in Google Play: Soniac, Hulk Messenger, and Troy Chat – messaging apps that hide their spying functionality and await orders from command-and-control servers.

Google booted the apps from its store after they were discovered. Researcher Chen Yu said the Google Play versions had “tiny installation numbers and existed for a very short time”. Though three were found on Google Play, SophosLabs has counted 3,240 SonicSpy apps in the wild. Some reports place the number at 4,000.

According to multiple reports, a single bad actor – probably based in Iraq – has released these apps into the wild since February.

To read more of this article: click here

AuthorBob Appleby | CommentPost a Comment |
in , , , ,
Tuesday
Aug082017

Naked Security: Cyberattacks on GPS leave ships sailing in dangerous waters

DateTuesday, August 8, 2017 at 6:18PM

This one is scary. Ship running blind out on the open oceans.Take a look at this article that is discussing the potential of this being and issue and what governments are doing to get in front of the issue.

What has brought this to the forefront of thought has been a flurry of GPS jamming incidents. Hopefully, this will help to initiate a more conscious effort to come up with some of the alternatives that have been available for years.

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
Jul272017

NakedSecurity:Privacy dust-up as Roomba maker mulls selling maps of users’ homes

DateThursday, July 27, 2017 at 9:36AM

Another example of how embracing technology and automation can come back and bite you! The more technology that has reach back to the manufacturer you have in your home, the more data that they will be able to acquire about your habits, likes and dislikes and your infrastructure. So… you can either continue to acquire the products that seem to make your life easier and/or more enjoyable or you can run back to your cave and pull the rock back in front of your door. Is there a happy medium? I don’t think so! I look at the number of services and devices that I use and it has become enormous.

Take a look at this article to give you another insight into what companies like iRobot have about you and your environment and how it could be used as a commodity sale to other companies.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
Jul212017

Naked Security Post: Watch out for the Android malware that snoops on your phone

DateFriday, July 21, 2017 at 3:51PM

Android has a long history of being the one of the most hacked and infected phone devices and so if this is what your phone is running you may want to look at this article. Don’t forget that Sophos has a free anti-malware package available for both ios and android devices. For other free Sophos Tools take a look here.

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
Jul132017

Naked Security Posts

DateThursday, July 13, 2017 at 5:03PM

News in brief: dark web sites attacked; radio station pwnd; Russian hacker jailed for nine years

Your daily round-up of some of the other stories in the news

Mark your calendar for the net neutrality Day of Action

Tomorrow - July 12 - is the Internet-Wide Day of Action, with big online names from Kickstarter and Vimeo to Reddit and Spotify banding together to express their objection to overturning rules that guarantee net neutrality

Two-factor via your mobile phone – should you stop using it?

Although SIM cards themselves are very secure, it's annoyingly easy for a crook to get hold of one for your number

Your gadget could save your life: smart device phones police

We write a lot about the privacy issues of connected things in your home - but one device might have saved lives

Russians told to log in to Pornhub using verified social media accounts

Russians need a passport to get a SIM card, a cell number to get a VK account, and the VK account to log into Pornhub. What's behind this new requirement?

News in brief: probe in Jupiter fly-by; footage of politician ‘not illegal’; Trump sued over Twitter block

Your daily round-up of some of the other stories in the news

Social engineering – explored and explained by our experts [VIDEO]

Join Sophos experts James Burchell and Greg Iddon as they explore, explain - and help you to fight back against - social engineering.

Researchers find chinks in the armour of satellite phone calls

Could the proof of concept the researchers describe be used to eavesdrop on actual satellite phone calls? It depends ...

How app developers are gaming Google Play to boost their rankings

Our researchers spotted some app developers who were gaming the Google Play store - here's what they uncovered in their investigation

So long, Windows Phone – it was nice knowing you

The end of support for Windows Phone 8.1 is pretty much the death knell for a platform that never took off but which was widely liked - not least for its security

AuthorBob Appleby | CommentPost a Comment |
in , ,
Tuesday
Jul112017

Naked Security Posts

DateTuesday, July 11, 2017 at 3:33PM

News in brief: NATO backs Kiev over cyber-attacks; China cracks down on VPNs; Somalia knocked offline

Your daily round-up of some of the other stories in the news

Tendulkar wants your number on Twitter, what do you do?

Indian cricket legend Sachin Tendulkar asked 17m Twitter followers to send him their friends' phone numbers - good intentions, bad idea!

FTC slaps $104m judgment on loan application firm

Blue Global wasn't a loan company, didn't safeguard data and sold leads to third parties for $200 each

Apps that are a matter of life, death and data win $75,000 prizes

Two start-ups have won a US government competition to design apps that help patients manage and control their data

When ex-workers attack (again): man used Trojan to cause havoc

Former staffer used a remote Trojan to trash client databases, steal credit cards and masquerade as another employee to make allegations about the company

More than 100m records potentially lost in huge telecoms breach

India's newest telecoms provider denies that subscriber records posted online were authentic, but users claim the data is real

Your gadget could save your life: smart speaker phones police

We write a lot about the privacy issues of smart speakers in your home - but one device might have saved lives in an alleged hostage situation

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
Jul062017

Naked Security Posts

DateThursday, July 6, 2017 at 9:41AM

Monday review – the hot 24 stories of the week

From the Petya outbreak and Gmail's promised to stop scanning to Snapchat sharing your location, and more!

Breach at US nuclear plants raises concerns in wake of Petya

With Chernobyl among those hit by Petya and the US breach, concerns are rising about the potential effect of weaponised exploits being used against nuclear energy infrastructure

News in brief: drone scare halts flights; laptop ban eased; Samsung to sell Galaxy Note 7

Your daily round-up of some of the other stories in the news

When is public information not public? When LinkedIn says so

A start-up is challenging LinkedIn on access to users' public profiles - how do you feel about your public data being used in this way?

Health trust rapped on illegal use of patient data in Google AI deal

A deal between a healthcare trust and Google's DeepMind project to be much smarter about diagnosis and prevention could have been a good thing - so what went wrong?

News in brief: China tightens Great Firewall; student charged over DDoS attacks; health data posted online

Your daily round-up of some of the other stories in the news

GDPR: who needs to hire a data protection officer?

The clock is ticking to GDPR - here's our guide to the role of a data protection officer and whether you need to hire one

How did some Ethereum users find themselves with empty wallets?

There's nothing you can do to protect yourself if domain admins haven't taken some necessary security steps

News in brief: cryptocurrency exchange hacked; laptop ban further eased; AA under fire over data breach

Your daily round-up of some of the other stories in the news

Bad things happen to good people – but you can help stop that

Who gets targeted by scammers, and how can we help them? We've got some tips to help you help others

AuthorBob Appleby | CommentPost a Comment |
in ,
Friday
Jun302017

Naked Security Posting

DateFriday, June 30, 2017 at 3:15PM

News in brief: PCs’ PCs still running XP; bug-hunters cashing in; airport security stepped up

Your daily round-up of some of the other stories in the news

Hacking nuclear submarines – how likely is the nightmare scenario?

Nuclear submarines run on Windows XP - but is that the ships' weakest point?

‘Risk’ shines uncompromising spotlight on Julian Assange

A new film about Wikileaks should please those who believe in its importance - but doesn't please the activist group's founder

CIA contractors fired for stealing from hacked IoT snack machines

Some things really, really shouldn't be turned into IoT devices - including vending machines

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
Jun292017

Naked Security Postings

DateThursday, June 29, 2017 at 10:53AM

Deconstructing Petya: how it spreads and how to fight back

It's been 24 hours since the outbreak first hit: here's what we know now about how Petya behaves

Anthem to pay record $115m to settle lawsuits over massive breach

Attackers grabbed data including names, birthdates, taxpayer IDs and more from Anthem patients - a toolkit for identity theft

New Petya ransomware: everything you wanted to know (but were afraid to ask)

Your questions about the new Petya ransomware answered - and your chance to ask us more.

From floppy disks to deep freeze: what’s the best way to store data?

Still got a Zip drive? What about a CD? Are you sure you'll be able to access the data stored on those? We take a look at what's being done to keep information safe for future generations

News in brief: Wimbledon adds AI; four arrested over support scams; Russia threatens to block Telegram

Your daily round-up of some of the other stories in the news

Beer + bitter former field engineer = hacked smart water meters

The story of Adam Flanagan, who's been jailed for hacking, is a reminder to companies to revoke access to networks when they sack a disgruntled employee

AuthorBob Appleby | CommentPost a Comment |
in , ,
Wednesday
Jun282017

Good News if you are using Sophos Endpoint Protection and/or Intercept X Security Products

DateWednesday, June 28, 2017 at 9:29PM

Sophos Stops Petya Ransomware

As with the recent WannaCry Ransomware attack, organizations around the world have again been affected by a new ransomware variant known as the Petya cyber-attack. We wanted to contact you to offer our advice and support.
Customers using Sophos Endpoint Protection are protected against all known variants of this ransomware. We first issued protection on June 27th at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants.
In addition, customers using Sophos Intercept X were proactively protected with no data encrypted from the moment this new ransomware variant appeared.
Find out more about Intercept X and how it can protect your customers from ransomware like Petya and Wanna:

Further Information

Sophos KB: New variant of Petya ransomware
NakedSecurity:  Deconstructing Petya: how it spreads and how to fight back

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Tuesday
Jun272017

Breaking news: here’s what we know about what could be the latest ‘Petya’ ransomware outbreak

DateTuesday, June 27, 2017 at 5:20PM

Naked Security just posted a breaking news item on their site that they will be updating as they hear back from Sophos Labs.

A significant ransomware attack is spreading across Europe, Russia, Ukraine and elsewhere. Sophos is investigating the attack and will continue to provide updates here throughout the day.

https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Sunday
Jun252017

Naked Security

DateSunday, June 25, 2017 at 8:56AM

News in brief: drone chiefs urge regulation; Microsoft drops SMB1; Virgin router warning

Your daily round-up of some of the other stories in the new

Russia ‘targeted 21 states’ during US election campaign, says official

Homeland Security official declines to reveal more to Senate hearing as details emerge of hacking attempts in Illinois and Arizona

Dating app boss sees ‘no problem’ on face-matching without consent

'When you have a bunch of single guys in the office, it goes in that direction', says Dating.AI founder as he dismisses concerns about scraping other dating apps for faces for users to match

Ransomware revisited – is it really the worst sort of malware? [Security SOS Week]

Join us for the last webinar in our Security SOS Week - we take a look at ransomware... and all the other malware nasties that roam the net.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Wednesday
Jun212017

Naked Security Posts Today

DateWednesday, June 21, 2017 at 11:14AM

New malware uses old trick – and is a reminder to disable UPnP

Hijacking UPnP is rare, but it's a straightforward trick that will be copied soon enough

Supreme Court: sex offenders can’t be banned from social media

Banning sex offenders from social media violates fundamental First Amendment rights, rules judge

AuthorBob Appleby | CommentPost a Comment |
in , ,
Monday
Jun192017

Naked Security Posts

DateMonday, June 19, 2017 at 9:13AM

image

Security SOS Week – learn from our top experts for free

Stay up to speed on the latest security topics by joining in the free Sophos Security SOS webinar series next week!

News in brief: Facebook moderators revealed to terrorists; WikiLeaks release Cherry Blossom; language-translating earpiece

Your daily round-up of some of the other stories in the news!

AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
Jun162017

Naked Security Posts

DateFriday, June 16, 2017 at 12:35PM
News in brief: Samsung customers exposed; emergency service drones; potatoes on the Moon?
Your daily round-up of some of the other stories in the news!
The Google Play adware apps that just won’t die
You can 'force stop' but the ads will just keep popping back up again
Your mouse knows when you are lying
Your mouse may be telling us more about you than you realise.
AuthorBob Appleby | CommentPost a Comment |
in , ,
Page 1 2 3 Next 20 Entries »