News

Hackers and cybercrime prevention

• August 04, 2021 04 Aug'21

  Six Isle of Wight schools hit by ransomware attack

  Authorities are still working to manage the fallout from the attack, which has already forced at least one school to delay the start of the new term in September

• August 04, 2021 04 Aug'21

  Initial access brokers unaffected by ransomware content bans

  Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021

• August 03, 2021 03 Aug'21

  UK MoD turns to hackers to help secure digital assets

  Hackers given direct access to internal Ministry of Defence systems to identify and report security vulnerabilities

• August 03, 2021 03 Aug'21

  New ransomware gang spins out of DarkSide

  The emergence of a ransomware gang known as BlackMatter raises questions that it could be a re-brand of REvil or DarkSide

• August 03, 2021 03 Aug'21

  Destruction and integrity cyber attacks on the rise

  Cyber security professionals have reported a sharp rise in debilitating attacks aimed at destroying or manipulating data

• August 03, 2021 03 Aug'21

  Ransomware attacks increase dramatically during 2021

  Dramatic increase in ransomware attacks globally during first half of 2021 driven by triple extortion technique, and is only set to expand further

• August 02, 2021 02 Aug'21

  Government publishes second version of digital identity trust framework

  The second iteration of the framework, still in alpha version, sets out how organisations can become certified digital identity service providers

• July 29, 2021 29 Jul'21

  Technical hiccups force Babuk ransomware gang to change tactics

  The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee

• July 29, 2021 29 Jul'21

  Investigatory Powers Tribunal finds UK spy agencies unlawfully collected personal data

  Campaign groups Privacy International and Liberty are gearing up to bring further legal action after a court found that UK spy agencies unlawfully collected phone and internet records

• July 28, 2021 28 Jul'21

  Top vulnerabilities target perimeter devices

  The most frequently exploited CVEs of the year so far are to be found in perimeter and network access devices, according to a joint advisory from the NCSC and partners

• July 28, 2021 28 Jul'21

  COP26 cyber resource hub launched for Glasgow businesses

  New digital information hub for Glasgow business to help organisations keep secure both physically and online ahead of major climate change summit

• July 27, 2021 27 Jul'21

  US lawmakers call for probe into ‘arrogant’ spyware firm

  US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal

• July 27, 2021 27 Jul'21

  TikTok sets up cyber security hub in Dublin

  Dublin-based cyber centre will oversee the security of TikTok’s users across Europe

• July 27, 2021 27 Jul'21

  How IBM is solving the data privacy problem

  IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy

• July 26, 2021 26 Jul'21

  Malicious actors turn to obscure programming languages

  Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences

• July 26, 2021 26 Jul'21

  No More Ransom initiative saves £850m over five years

  Initiative’s free ransomware decryption tools have been used by more than six million people since 2016

• July 25, 2021 25 Jul'21

  Tokyo 2020 hit by data breach

  The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large

• July 25, 2021 25 Jul'21

  OAIC: Uber failed to protect personal data of Australians

  Uber did not take reasonable steps to protect Australians’ personal information from unauthorised access, says Australia’s national privacy watchdog

• July 23, 2021 23 Jul'21

  Kaseya obtains universal ransomware decryptor

  Kaseya says it obtained a ransomware decryptor key from a trusted third party, but there is no word on whether a ransom was paid

• July 22, 2021 22 Jul'21

  Respect in Security challenges abuse and harassment in cyber

  With around a third of cyber pros saying they have personally experienced harassment at work or online, a new initiative is urging organisations to pledge their support to help free the community from the scourge of abuse. We met its founders

• July 21, 2021 21 Jul'21

  France’s Macron among alleged Pegasus targets

  Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware

• July 20, 2021 20 Jul'21

  NCSC’s Cameron urges deeper cyber alliance-building

  Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration

• July 19, 2021 19 Jul'21

  UK, US confirm Chinese state backed MS Exchange Server attacks

  UK and US governments, alongside the EU and Nato, have formally attributed the March 2021 Microsoft Exchange Server attacks to Chinese state-backed actors

• July 19, 2021 19 Jul'21

  Pegasus mobile RAT abused to monitor journalists and activists

  Israel-based surveillance specialist NSO Group is facing renewed pressure after it emerged its Pegasus mobile surveillance tool may be being widely abused by repressive regimes

• July 16, 2021 16 Jul'21

  Legacy SonicWall kit exploited in ransom campaign

  Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign

• July 15, 2021 15 Jul'21

  Macquarie Data Centres to build Sydney North facility

  Macquarie Data Centres’ latest 32MW facility will come with a cyber security centre that monitors and manages cyber security events

• July 15, 2021 15 Jul'21

  Lawyers take EncroChat hacking operation to French supreme court

  Lawyers head to French supreme court after appeals court finds EnroChat inception legal under French law

• July 15, 2021 15 Jul'21

  Singapore to invest S$50m in ‘digital trust’ capabilities

  The Singapore government is pumping in S$50m to bolster research in technologies that will foster digital trust in areas such as privacy protection and identity management

• July 14, 2021 14 Jul'21

  REvil ransomware crew drops offline, reasons murky

  The REvil ransomware operation appears to have gone dark, but claims about its demise are almost certainly exaggerated

• July 14, 2021 14 Jul'21

  Multiple Microsoft bugs being actively exploited

  Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited

• July 13, 2021 13 Jul'21

  Modipwn vulnerability puts millions of building systems at risk

  Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover

• July 13, 2021 13 Jul'21

  Met Police seize £180m worth of Bitcoin

  The largest ever seizure of cryptocurrency in the UK comes just weeks after a previous multi-million pound confiscation, as law enforcement clamps down on money laundering

• July 13, 2021 13 Jul'21

  Dutch prosecutor ordered to give evidence on EncroChat hack

  Netherlands court rules that a public prosecutor should give evidence about the role of the Dutch in the EncroChat cryptophone hack which has led to arrests of organised gangs worldwide

• July 12, 2021 12 Jul'21

  Kaseya VSA services coming online after week-long outage

  Kaseya has successfully deployed a patch to its ransomware-hit VSA product as per a revised schedule, and customers are beginning to come back online

• July 12, 2021 12 Jul'21

  NSW department of education hit by cyber attack

  Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday

• July 11, 2021 11 Jul'21

  Ransomware and botnets among top cyber threats in Singapore

  The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic

• July 09, 2021 09 Jul'21

  Ransomware gangs seek people skills for negotiations

  The process of negotiating a ransomware payment is delicate, hence cyber criminal organisations are prepared to offer good terms to those with the right skillsets

• July 09, 2021 09 Jul'21

  Met Police should release information on British WikiLeaks journalists passed to US, tribunal told

  The Metropolitan Police should release correspondence with the US Department of Justice about three UK based WikiLeaks journalists, despite national security claims, a tribunal heard

• July 08, 2021 08 Jul'21

  Kaseya apologises for extended downtime after ransom attack

  CEO of Kaseya apologises after pushing back the restoration of the firm’s VSA service following a REvil ransomware attack

• July 08, 2021 08 Jul'21

  PrintNightmare haunts Microsoft as patch may miss mark

  Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied

• July 07, 2021 07 Jul'21

  US government given permission to appeal UK’s decision to not extradite Julian Assange

  US offers assurances that Assange could serve time in his home country of Australia if convicted

• July 07, 2021 07 Jul'21

  How the UK Cyber Security Council plans to professionalise security

  As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is

• July 07, 2021 07 Jul'21

  Opportunists seen targeting Kaseya REvil victims

  Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident

• July 06, 2021 06 Jul'21

  About 60 Kaseya customers hit by REvil

  Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend

• July 06, 2021 06 Jul'21

  Cyber insurance costs up by a third

  The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance

• July 06, 2021 06 Jul'21

  BA reaches settlement in data breach group action

  A group action against BA following its 2018 data breach has been successfully settled

• July 05, 2021 05 Jul'21

  REvil crew wants $70m in Kaseya ransomware heist

  Two days after one of the largest ransomware attacks in history by the REvil/Sodinokibi gang, the security community is assessing its next moves, while over 1,000 victims remain in limbo

• July 03, 2021 03 Jul'21

  Berlin court finds EncroChat intercept evidence cannot be used in criminal trials

  In a major setback for police hacking operations, Berlin’s regional court has decided that intercepted data from the EncroChat phone network should not be used in criminal prosecutions

• July 02, 2021 02 Jul'21

  Should I be worried about PrintNightmare?

  The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?

• July 02, 2021 02 Jul'21

  Cyber attackers up the ante on embattled IT teams

  Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

• July 01, 2021 01 Jul'21

  NCSC joins US authorities to expose Russian brute force campaign

  A joint attribution by the British and American authorities accuses Russia’s GRU intelligence services of conducting a campaign of brute force attacks on enterprise and cloud environments

• July 01, 2021 01 Jul'21

  US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool

  Newly launched service will help US organisations understand how prepared they are to deal with a ransomware attack

• July 01, 2021 01 Jul'21

  Cyber espionage campaign targeted central Asian states

  The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT

• July 01, 2021 01 Jul'21

  NHS IT fraudster Barry Stannard sentenced to five years in prison

  Stannard used his position as head of unified communications at an Essex NHS Trust to cheat the taxpayer of more than £800,000

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 30, 2021 30 Jun'21

  Half of mobile phones sold in the UK at risk of security issues

  Lengthy mobile phone contracts leave buyers at risk of their devices losing support for security updates

• June 30, 2021 30 Jun'21

  REvil affiliates offer hefty ransom discounts, data reveals

  REvil or Sodinokibi ransomware activity is higher than ever, but its success appears to be relative, with some affiliates prepared to dramatically cut their prices

• June 30, 2021 30 Jun'21

  LinkedIn denies exposure of 700 million user records is a data breach

  Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach

• June 30, 2021 30 Jun'21

  Cops seize criminal VPN used by ransomware gangs

  A coordinated sting has ended the operations of the DoubleVPN service, the owners of which are accused of harbouring cyber criminal activity

• June 29, 2021 29 Jun'21

  New Nobelium attacks a reminder to attend to cyber basics

  A new campaign from the same threat group that broke into SolarWinds serves as a reminder that cyber crime gangs will try to exploit any avenue they can, even if technically unsophisticated

• June 29, 2021 29 Jun'21

  UK Cyber Security Council launches inaugural initiatives

  Security association seeks to determine terms of reference for committees to oversee standards and ethics, and qualifications and careers in the cyber sector

• June 29, 2021 29 Jun'21

  Video game industry under relentless cyber attacks

  Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns

• June 28, 2021 28 Jun'21

  Insurers unprepared for challenges of underwriting ransomware

  RUSI think tank calls for an industry-wide reset amid intense challenges for providers of cyber security insurance

• June 28, 2021 28 Jun'21

  UK’s FCA bans crypto exchange Binance as crackdown spreads

  Ban on Binance Markets comes amid a wider global crackdown on the largely unregulated global market for cryptocurrencies and related assets.

• June 28, 2021 28 Jun'21

  HMRC-branded phishing scams surge despite protections

  The number of HMRC-branded phishing scams surged 87% in the past 12 months, according to latest revealed figures

• June 28, 2021 28 Jun'21

  Lazada rolls out public bug bounty programme

  Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty

• June 25, 2021 25 Jun'21

  NCSC CEO: UK-Ireland collaboration crucial to stop cyber threats

  Speaking at a conference in Dublin, NCSC Lindy Cameron is highlighting the importance of continued collaboration between the UK and Ireland to protect shared interests and counter security threats

• June 25, 2021 25 Jun'21

  Anglesey schools offline after cyber attack

  Isle of Anglesey County Council is investigating a cyber attack that has forced it to shut down systems at all five secondary schools on the island

• June 25, 2021 25 Jun'21

  CMA to probe Amazon and Google over fake reviews

  The CMA has opened an investigation into Amazon and Google over possible breaches of consumer protection law

• June 24, 2021 24 Jun'21

  NCSC recognises cyber degree apprenticeships for the first time

  Addition of new cyber courses to National Cyber Security Centre’s accredited list will supposedly help students make better choices and help universities get more funding

• June 24, 2021 24 Jun'21

  Revealed: Crypto platform’s role in Cl0p ransomware raid

  Crypto infrastructure provider Binance provided assistance to law enforcement after finding its exchange was being used by cyber criminals to launder their ransomware profits

• June 24, 2021 24 Jun'21

  (ISC)² makes ransomware education course free through 31 July

  Cyber security association is making its Professional Development Institute course on ransomware free to the general public until the end of July

• June 24, 2021 24 Jun'21

  Controversial cyber tycoon John McAfee dead at 75

  Founder of the eponymous cyber security firm has committed suicide in a Spanish prison

• June 24, 2021 24 Jun'21

  EncroChat investigators had access to decryption ‘master key’, claim lawyers

  Defence lawyers claim that French investigators compromised the encryption of EncroChat and were able to decrypt messages from servers in a French datacentre

• June 24, 2021 24 Jun'21

  Make ransomware payments illegal, say 79% of cyber pros

  Report produced for MSSP Talion claims overwhelming support for the criminalisation of ransomware payments

• June 23, 2021 23 Jun'21

  City of York picks Barracuda Networks for data protection

  York Council needed to refresh its backup service to bring new security protections after it went ‘all-in’ on Microsoft Office 365

• June 23, 2021 23 Jun'21

  European Union to set up new cyber response unit

  Proposed Joint Cyber Unit will tackle a rising number of serious incidents impacting public services, businesses and citizens of the EU

• June 23, 2021 23 Jun'21

  UK councils reported over 700 data breaches to ICO in 2020

  Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year

• June 23, 2021 23 Jun'21

  Openness can protect Dutch companies against ransomware

  Dutch businesses that suffer ransomware attacks need to be more open about it, if this growing problem is to be brought under control

• June 22, 2021 22 Jun'21

  SonicWall sees 226.3 million ransomware attack attempts this year

  SonicWall detected 226.3 million attempted ransomware attacks between January and May 2021, more than double the number seen in the same period last year

• June 22, 2021 22 Jun'21

  Innova and RISE drive node development in Sweden

  Swedish cyber security project, National Node, opens its doors to the country’s security firms

• June 22, 2021 22 Jun'21

  UK SMEs lack capacity to fend off cyber attacks

  Three-quarters of UK SME leaders would not have sufficient capacity or expertise to deal with a cyber attack, according to a report

• June 21, 2021 21 Jun'21

  Parliamentary devices left in taxis, buses, trains and pubs

  Nearly 100 devices belonging to parliamentary staffers, including MPs and peers, were lost or stolen over the course of 2019 and 2020

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 18, 2021 18 Jun'21

  Carnival Cruises hit by fourth cyber incident in a year

  Latest data breach at Covid-hit cruise line comes hot on the heels of two recent ransomware attacks and a spring 2020 breach

• June 17, 2021 17 Jun'21

  Cyber crooks target Amazon Prime users ahead of retail bonanza

  A surge in malicious domain registrations ahead of Amazon Prime Day indicates cyber criminals have set their sights on exploiting vulnerable shoppers

• June 17, 2021 17 Jun'21

  UnitingCare Queensland restores IT systems after cyber attack

  Australian healthcare service provider has restored key corporate systems and integrations between applications following a cyber attack earlier this year

• June 17, 2021 17 Jun'21

  Biden tackles Putin on ransomware at Geneva summit

  Discussions between Joe Biden and Vladimir Putin on cyber crime appear to have been somewhat positive, but the path ahead remains unclear

• June 16, 2021 16 Jun'21

  Cl0p ransomware gang clapped in irons, assets seized

  Ukrainian police report they have taken down the Cl0p, aka Clop, ransomware operation following a lengthy investigation

• June 16, 2021 16 Jun'21

  Organisations cannot rely on cyber insurance to cover losses

  Ransomware attacks have become a big driver of cyber insurance claims, but insurance must not be relied upon as a failsafe, says a report

• June 15, 2021 15 Jun'21

  NHS Test and Trace picks Risk Ledger to secure supply chain

  Risk Ledger’s technology promises ‘unparalleled’ visibility into NHS Test and Trace’s supply chain

• June 15, 2021 15 Jun'21

  Ransomware most insidious cyber threat facing UK

  NCSC CEO urges organisations to do more to prepare for ransomware attacks

• June 15, 2021 15 Jun'21

  The Security Interviews: How to build a government model to ‘hack for good’

  Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’

• June 14, 2021 14 Jun'21

  G7 commits to action on ransomware, digital privacy

  The G7 urges Russia to do more to hold criminal ransomware gangs operating from within its borders to account as it commits to more action on the issue

• June 11, 2021 11 Jun'21

  UK promises tougher line on cyber crime

  Speaking ahead of the G7 Summit, foreign secretary Dominic Raab says the UK is ready to take on cyber criminals and other malicious actors wherever they may be

• June 10, 2021 10 Jun'21

  Risk data shows UK energy sector most vulnerable to cyber attack

  New report compiled by insurance firm Hiscox reveals the state of cyber preparedness in the UK and beyond

• June 10, 2021 10 Jun'21

  Australian organisations face heightened cyber attacks

  Nearly three in four Australian organisations experienced cyber attacks that largely resulted from a growing remote workforce in 2020

• June 09, 2021 09 Jun'21

  Unit 42 warns of emergent Prometheus ransomware

  Palo Alto’s Unit 42 shares intel on the emergent Prometheus ransomware gang, with apparent links to the Thanos crew

• June 09, 2021 09 Jun'21

  RSA spins out fraud and risk unit as Outseer

  RSA Security is transitioning its fraud and risk intelligence work into a new business to be called Outseer

• June 09, 2021 09 Jun'21

  Colonial Pipeline ransom seizure is a win, but don’t relax yet

  The security community is enthusiastic about the US authorities’ recovery of a significant part of the Colonial Pipeline ransomware payment, but this positivity should perhaps be somewhat tempered