Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks —and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian...…Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks —and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian...WW…

Though ransomware has been around for years, it poses an ever-increasing threat to , , and basically . But along with the in these attacks, there's another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.Released on Thursday, the , which were detected using Microsoft Defender on mobile, look at a variant of a known Android ransomware family that has added some clever tricks. That includes a new...…Though ransomware has been around for years, it poses an ever-increasing threat to , , and basically . But along with the in these attacks, there's another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.Released on Thursday, the , which were detected using Microsoft Defender on mobile, look at a variant of a known Android ransomware family that has added some clever tricks. That includes a new...WW…

In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.In a talk at...…In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.In a talk at...WW…

Smart-assistant devices have had their share of privacy missteps, but they're generally considered . New research into vulnerabilities in Amazon's Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can.Findings published on Thursday by the security firm Check Point reveal that Alexa's Web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability...…Smart-assistant devices have had their share of privacy missteps, but they're generally considered . New research into vulnerabilities in Amazon's Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can.Findings published on Thursday by the security firm Check Point reveal that Alexa's Web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability...WW…

Apple was set to announce a slew of , a leak appeared from an unexpected quarter. The notorious ransomware gang REvil said they had from Apple supplier Quanta Computer about unreleased products, and that they would sell the data to the highest bidder if they didn’t get a $50 million payment. As proof, they released a cache of documents about upcoming, unreleased MacBook Pros. They've since added iMac schematics to the pile. The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware....…Apple was set to announce a slew of , a leak appeared from an unexpected quarter. The notorious ransomware gang REvil said they had from Apple supplier Quanta Computer about unreleased products, and that they would sell the data to the highest bidder if they didn’t get a $50 million payment. As proof, they released a cache of documents about upcoming, unreleased MacBook Pros. They've since added iMac schematics to the pile. The connection to Apple and dramatic timing generated buzz about the attack. But it also reflects the confluence of a number of disturbing trends in ransomware....WW…

the Gaza Strip and West Bank has ramped up in recent years as rival Palestinian political parties with each other, the Israeli-Palestinian , and Palestinian hackers increasingly establish themselves . Now, Facebook has uncovered two digital espionage campaigns out of Palestine, active in 2019 and 2020, that exploited a range of devices and platforms, including unique spyware that targeted iOS.The groups, which appear to be unconnected, seem to have been at cross-purposes. But both used social media platforms like Facebook as jumping off points to connect with targets and launch social...…the Gaza Strip and West Bank has ramped up in recent years as rival Palestinian political parties with each other, the Israeli-Palestinian , and Palestinian hackers increasingly establish themselves . Now, Facebook has uncovered two digital espionage campaigns out of Palestine, active in 2019 and 2020, that exploited a range of devices and platforms, including unique spyware that targeted iOS.The groups, which appear to be unconnected, seem to have been at cross-purposes. But both used social media platforms like Facebook as jumping off points to connect with targets and launch social...WW…

administration moves on an ever-growing list of policy initiatives, the White House issued sanctions this week for a slate of Russian misdeeds, including interference in the 2020 election, the poisoning of dissident Aleksey Navalny, and the that swept United States government agencies and many private-sector companies. The retaliatory move is , though, because it comprised the sort of espionage operation that would typically fall within geopolitical norms. Elsewhere in the US government, the Justice Department this week to halt a Chinese hacking spree by authorizing the FBI to obtain a...…administration moves on an ever-growing list of policy initiatives, the White House issued sanctions this week for a slate of Russian misdeeds, including interference in the 2020 election, the poisoning of dissident Aleksey Navalny, and the that swept United States government agencies and many private-sector companies. The retaliatory move is , though, because it comprised the sort of espionage operation that would typically fall within geopolitical norms. Elsewhere in the US government, the Justice Department this week to halt a Chinese hacking spree by authorizing the FBI to obtain a...WW…

Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.Dubbed , the newly disclosed flaws are in four ubiquitous...…Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.Dubbed , the newly disclosed flaws are in four ubiquitous...WW…

email addresses, and phone numbers of over online for nearly a week. It took days for Facebook to finally the root cause, an issue the company says it fixed in 2019. But now researchers are saying Facebook knew about similar vulnerabilities for years before that, and it could have made a far greater effort to prevent the mass scraping in the first place.At issue is Facebook's “content importer,” a feature that combs a user's address book to find people they know who also use Facebook. Many social networks and communication apps offer some version of this as a sort of social lubricant. But...…email addresses, and phone numbers of over online for nearly a week. It took days for Facebook to finally the root cause, an issue the company says it fixed in 2019. But now researchers are saying Facebook knew about similar vulnerabilities for years before that, and it could have made a far greater effort to prevent the mass scraping in the first place.At issue is Facebook's “content importer,” a feature that combs a user's address book to find people they know who also use Facebook. Many social networks and communication apps offer some version of this as a sort of social lubricant. But...WW…

John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom.In fairness, it was Rita Strand's idea. Then 58, she had signed on as chief financial officer of Black Hills the previous year after three...…John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom.In fairness, it was Rita Strand's idea. Then 58, she had signed on as chief financial officer of Black Hills the previous year after three...WW…