The Investigatory Powers Act allows the UK government and ISPs to violate the privacy of internet users through extremely invasive bulk data collection. This bulk surveillance records the websites visited by as many or as few people as authorities wish. This is mass surveillance of the UK's own people, as invasive as the NSA spying uncovered by Edward Snowden in 2013. The Act grants too much power without transparency to authorities, and will no doubt have a chilling effect on free internet use
.....Read More
Like(Although the MHTML attack described is more sophisticated than most invoice phishing schemes, it still relies on the user to download and open a Microsoft Office document with macros enabled. Even though the actual attack attempts to bypass many security mechanisms, it can still be prevented by following simple security guidelines. Never click on links or attachments in unsolicited messages. Do not allow macros to run on untrusted MS Office documents. At this time of year, be particularly wary
.....Read More
Airline loyalty programs and frequent flyer miles are a common target for cybercriminals, who can redeem them to get gift cards or make purchases at local retailers. Some points are also resold on the grey web to mileage brokers. I wrote an article examining airline miles being sold on the dark web in 2018: https://www.comparitech.
Prices averaged $0.015 per mile, much lower than the real-world market
.....Read More
Tensions between India and Pakistan have been around longer than the internet, and the conflict has now extended into cyberspace. It's interesting to watch state-sponsored hackers engage in the same social engineering tactics as common cybercriminals. The malware is just a modified version of the sort of spyware used by private eyes and jealous husbands. It is dangerous because it can steal messages and other content from end-to-end encrypted messaging apps like WhatsApp after the
Internet censorship has become a frequently used tool to silence dissent in times of political unrest. Blocking Facebook not only inhibits free speech and expression, it also impacts freedom of assembly by making it harder for protesters and other activists to organize. Time and time again, we see oppressive regimes block access to parts or all of the internet when they distrust or fear the people whom they govern. Democracy cannot exist in a place where free speech is censored, and this coup
.....Read More
It's easy to get caught up in schadenfreude whenever anything bad happens to the KKK, but I would caution against treating these hackers as heroes. Even though I strongly disagree with pretty much everything the KKK does and stands for, I don't think outing members through use of force so they can be named and shamed is the right way to go about it. No matter what nonsense you believe in, everyone deserves privacy and safe spaces. Aside from the hack presumably being illegal, it also invites
.....Read More
The big question in my mind is, who done it? Given this was an attack on a government security system and hackers inspected source code, it does not appear to be your typical data thieves looking for low-hanging fruit. The attack could have well been state-sponsored.
All cyber-attacks are concerning, but those against cybersecurity companies are particularly worrying. This attack will no doubt damage Stormshield's reputation and future prospects, but time will tell if the French government
.....Read More
It looks like Foxtons could be held liable for negligence if it failed to inform customers that their data had been compromised. When it comes to stolen data, absence of evidence is not evidence of absence. We should always assume and prepare for the worst if it can't be determined whether data was actually exfiltrated. Whether an oversight or neglect, Foxton's certainly could have taken a more cautious, transparent approach.
The fact that Agent Tesla made up 20 percent of malicious email attachments detected by Sophos shows how popular the strain of malware has become. Hopefully, Microsoft will release a patch soon that prevents unauthorized changes to the AMSI. Be sure to keep your Windows devices up to date. Until then, never open links or attachments in unsolicited emails. Scan attachments if possible and always verify the sender's identity before opening. Consider opening attachments in a sandboxed environment.
.....Read More
Although it's not ideal for a cybercriminal to have your phone number, you can take a few simple precautions to prevent it from being used against you. The phone numbers will most likely be used for scams and phishing. So long as you don't click on links or attachments sent from strangers, and don't respond to unsolicited requests for information, then you should be fine. Phone numbers are not particularly private pieces of information, so even though you might get a few more scam messages and
.....Read More