News
Security policy and user awareness
-
July 13, 2023
13
Jul'23
Microsoft issues new warning over Chinese cyber espionage
A newly uncovered Chinese espionage campaign exploited forged authentication tokens to access its victims’ email accounts, says Microsoft
-
July 13, 2023
13
Jul'23
One month after MOVEit: New vulnerabilities found as more victims are named
Five weeks after the mass MOVEit breach, new vulnerabilities in the file transfer tool are coming to light as the Clop cyber crime group continues to terrorise victims. But has the gang bitten off more than it can chew?
-
July 12, 2023
12
Jul'23
Cozy Bear lures victims with used BMW 5 Series
A recent Cozy Bear campaign saw the Russian APT group pivot to exploiting an advert for a used car as it targeted diplomatic missions in Kyiv
-
July 12, 2023
12
Jul'23
Microsoft users on high alert over dangerous RCE zero-day
A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet
-
July 11, 2023
11
Jul'23
EU formally grants data adequacy to US
The European Commission has formally granted the US data adequacy, allowing companies and organisations to freely transfer personal data across the Atlantic via the EU-US Data Privacy Framework. But privacy activist Max Schrems has already committed...
-
July 11, 2023
11
Jul'23
Malicious URL volumes soar as cyber criminals pull on Threads
Malicious actors have been quick to exploit the buzz around Meta’s newly launched Threads platform, with thousands of new suspicious domains registered exploiting its branding
-
July 11, 2023
11
Jul'23
Apple pushes Rapid Response patch to fix WebKit zero-day
Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser
-
July 07, 2023
07
Jul'23
Suspicious email reported every five seconds in UK
National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year
-
July 06, 2023
06
Jul'23
Meta’s Threads hits app stores, but no EU launch in sight
Meta’s Twitter competitor makes its debut and signs up millions of users in just 12 hours, but concerns over compliance with the EU’s Digital Markets Act have sunk a pan-European launch for now
-
June 27, 2023
27
Jun'23
3,600 potential cyber security experts apply to government scheme
The UK government’s Upskill in Cyber programme is reporting great success just a month after launch, with almost half of applicants women
-
June 23, 2023
23
Jun'23
ICO under fire for taking limited action over serious data breaches
The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk
-
June 23, 2023
23
Jun'23
Phishing and ransomware dominate Singapore’s cyber threat landscape
Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene
-
June 22, 2023
22
Jun'23
Lancaster University launches trailblazing cyber MBA
MBA programme at Lancaster University designed to deliver security leadership education to business leaders has received NCSC backing
-
June 21, 2023
21
Jun'23
Nearly quarter of a million malicious websites reported and removed through NCSC service
A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed
-
June 15, 2023
15
Jun'23
Exploitation of Barracuda ESG appliances linked to Chinese spies
Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor
-
June 15, 2023
15
Jun'23
NCSC warns over ‘enduring’ LockBit threat
Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory
-
June 15, 2023
15
Jun'23
Clop begins naming alleged MOVEit victims
Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack
-
June 14, 2023
14
Jun'23
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention
-
June 14, 2023
14
Jun'23
Clop’s MOVEit ransom deadline expires
A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today
-
June 13, 2023
13
Jun'23
(ISC)² and CIISec set out to make cyber language more inclusive
Newly published guide on appropriate use of language in cyber security aims to help make the profession more inclusive for all
-
June 12, 2023
12
Jun'23
Ofcom data stolen in MOVEit cyber attack
Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang
-
June 12, 2023
12
Jun'23
Progress Software releases patch for second MOVEit Transfer vulnerability
Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning
-
June 09, 2023
09
Jun'23
Extreme Networks emerges as victim of Clop MOVEit attack
Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack
-
June 09, 2023
09
Jun'23
Barracuda ESG users told to throw away their hardware
Owners of Barracuda Email Security Gateway appliances are being told that they will need to throw out and replace their kit after it emerged that a patch for a recently disclosed vulnerability had not done the job
-
June 09, 2023
09
Jun'23
UK and US move closer to transatlantic data bridge deal
The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic
-
June 08, 2023
08
Jun'23
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild
-
June 08, 2023
08
Jun'23
UK gets new rules to regulate crypto sector
The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions
-
June 08, 2023
08
Jun'23
Clop may have been sitting on MOVEit vulnerability for two years
The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years
-
June 08, 2023
08
Jun'23
Bishop Fox’s Vinnie Liu talks offensive security skills
There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies
-
June 07, 2023
07
Jun'23
Clop cyber gang claims MOVEit attack and starts harassing victims
The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked
-
June 06, 2023
06
Jun'23
Google launches hacker-backed SME security training scheme
Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles
-
June 06, 2023
06
Jun'23
Victims of MOVEit SQL injection zero-day mount up
The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast
-
June 06, 2023
06
Jun'23
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report
-
May 26, 2023
26
May'23
Cisco joins growing Manchester cyber security hub
Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills
-
May 25, 2023
25
May'23
Cabinet Office publishes response to data sharing for digital ID consultation
The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’
-
May 25, 2023
25
May'23
Alert over Chinese cyber campaign targeting critical networks
A Chinese threat actor known as Volt Typhoon has been observed infiltrating CNI networks in a cyber espionage campaign, according to intelligence
-
May 24, 2023
24
May'23
Kuwait bank introduces biometric payments card
Middle East bank launches payment cards with fingerprint sensor technology embedded
-
May 24, 2023
24
May'23
Two-thirds of all 2022 breaches resulted from spear phishing
Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences
-
May 15, 2023
15
May'23
MS macro-blocking has forced cyber criminals to innovate
One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate
-
May 12, 2023
12
May'23
Let’s put an end to secrecy and cover-ups in ransomware attacks
The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them
-
May 11, 2023
11
May'23
Australia to shore up cyber and digital capabilities in Budget 2023
Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget
-
May 10, 2023
10
May'23
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft
-
May 10, 2023
10
May'23
How datacentre operators can fend off cyber attacks
Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats
-
May 05, 2023
05
May'23
Capita pension clients told data may have leaked
Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation
-
May 04, 2023
04
May'23
Google debuts passwordless login options for users
Launch of Google’s passkey service hailed as a great leap forward for passwordless technology
-
May 03, 2023
03
May'23
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country
-
May 03, 2023
03
May'23
Government anti-fraud strategy targets the tech behind the scams
The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology
-
May 03, 2023
03
May'23
Mystery Apple security update sparks speculation
Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed
-
May 02, 2023
02
May'23
UK Cyber Security Council launches certification mapping tool
Cyber careers body aims to offer clarity for professionals seeking to advance through security certification
-
May 02, 2023
02
May'23
Researchers see surge in scam websites linked to coronation
Scammers and fraudsters continue to take advantage of large public events, with the coronation of King Charles III no exception