Skip to content

What to know and what to do – Naked Security

PurFoods, a US food delivery company trading as Mom’s Meals, recently disclosed a cyberintrusion that occurred from January 16 to February 22, 2023. The company reported that the cyberattack involved the encryption of certain files in their network and could not rule out the possibility of data exfiltration. While it remains uncertain how many people… 

Crimeware server used by NetWalker ransomware seized and shut down – Naked Security

The US Department of Justice (DOJ) has seized the web domain LolekHosted.net, which was allegedly involved in various illegal activities. The DOJ also charged a Polish man named Artur Karol Grabowski in connection with running the service, but his current whereabouts are unknown. The website now displays a warning notice to visitors. LolekHosted.net is considered… 

SEC demands four-day disclosure limit for cybersecurity breaches – Naked Security

Last week, the US Securities and Exchange Commission (SEC) announced new rules regarding cybersecurity breach disclosures for individuals and companies under its regulatory authority. The SEC was established during the Great Depression in the 1930s to prevent unregulated speculation that led to the infamous Wall Street crash of 1929. Its mission is to protect investors,… 

Interested in $10,000,000? Ready to turn in the Clop ransomware crew? – Naked Security

The latest cybercrime exploits attributed to the Clop ransomware crew have taken a new approach that deviates from traditional ransomware attacks. While conventional attacks involve scrambling files and demanding a large sum of money for a decryption key, the Clop gang has evolved to take copies of vital files and use them as leverage. Scrambling… 

“The Ransomware Documentary” – brand new video series from Sophos starting now! – Naked Security

Sophos has recently released a three-part documentary series called “Think You Know Ransomware?” that explores the realities of ransomware, revealing the far-reaching consequences for both businesses and society at large. The series includes over 100 hours of interviews with cybercriminals, cybersecurity experts, industry analysts, and policy makers to provide a full 360-degree perspective. Episode 1,… 

The how, the why, and what to do… – Naked Security

Last week, Progress Software Corporation, a company that sells software and services for user interface development, devops, and file management, among others, alerted its customers about a critical vulnerability in its MOVEit Transfer and related MOVEit Cloud products. MOVEit Transfer is a system that allows teams, departments, companies, or supply chains to store and share… 

16th century crypto skullduggery – Naked Security

The Naked Security podcast, hosted by Doug Aamoth and Paul Ducklin, covers a range of topics related to cybersecurity, including password manager cracks, login bugs, and historical examples of security breaches. In a recent episode, the hosts discussed a ransomware attack against a technology company in Oxfordshire, England, which involved a man-in-the-middle attack by a… 

The MitM attack that really had a Man in the Middle – Naked Security

After five years of investigation, Ashley Liles, a former sysadmin at a business in Oxford, England, has been convicted of a Man-in-the-Middle (MitM) cybercrime. MitM attacks depend on someone or something intercepting messages sent to a recipient and modifying them to deceive the receiver, and these types of attacks are usually performed by machines. Liles,… 

US offers $10m bounty for Russian ransomware suspect outed in indictment – Naked Security

is a HTML tag used for creating a division or section in a web page. In recent news, Russian national Mikhail Pavlovich Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been accused of conspiring to transmit ransom demands, damaging protected computers, and carrying out ransomware attacks. Matveev has been linked to three specific… 

Whodunnit? Cybercrook gets 6 years for ransoming his own employer – Naked Security

In December 2020, a cyberextortion case unfolded in a typical fashion, with an unknown attacker breaking into a network via an unknown security hole, acquiring sysadmin powers, stealing confidential data, and covering their tracks. However, the situation took an unexpected turn when the attacker demanded 50 Bitcoins (then worth about $2,000,000) to hush things up…