The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. Nobel is an annual prize awarded to people whose work in physics, chemistry, physiology, medicine, literature, and peace, has been exceptional and is deemed particularly beneficial to humanity. At present, there is no information on who could be behind this cyberattack, but there are several potential candidates. READ MORE...
Ozzy Osbourne and his famously enterprising wife and manager Sharon decided to launch a new non-fungible token (NFT) collection called CryptoBatz, but the rollout was clouded by scammers who used an abandoned vanity Discord URL to drain users' crypto wallets out of at least $150,000 worth of Ethereum. But a tweak to the CryptoBatz vanity URL by the company behind the project, Sutter Systems, mistakenly left the old URL active, along with old tweets referencing the abandoned URL. READ MORE...
QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said in a statement issued today. READ MORE...
Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates. As a non-profit certificate authority run by Internet Security Research Group (ISRG), Let's Encrypt provides X.509 certificates for Transport Layer Security encryption at no cost. READ MORE...
Many countries have taxation forms with names that have entered the general vocabulary, notably the abbreviations of documents that employers are obliged to provide to their staff to show how much money they were paid - and, most importantly, how much tax was already witheld and paid in on the employee's behalf. Here at Naked Security, we know the names of these forms, amongst numerous others, because they often show up in tax scam emails, presumably to give those messages an air of realism. READ MORE...
Linux users on Tuesday got a major dose of bad news-a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. READ MORE...
Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website. The malware was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant resources and expertise. READ MORE...
The WordPress content management system (CMS) is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It's a critical security vulnerability that could allow remote code execution (RCE) and full site takeovers. The second problem concerns a classic supply-chain attack, in which cybercriminals compromised 40 themes and 53 plugins in order to inject them with a webshell. READ MORE...