News

Hackers and cybercrime prevention

• March 16, 2023 16 Mar'23

  Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

  A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly

• March 15, 2023 15 Mar'23

  Chinese Silkloader cyber attack tool falls into Russian hands

  A loader tool used by Chinese cyber criminals seems to have been enthusiastically taken up in recent weeks by Russian ransomware operators

• March 15, 2023 15 Mar'23

  Microsoft patches Outlook zero-day for March Patch Tuesday

  A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update

• March 14, 2023 14 Mar'23

  NatWest introduces limits on crypto trading to prevent fraud

  UK bank says its retail customers will benefit from daily and monthly limits on the amount they can pay into cryptocurrency exchanges

• March 14, 2023 14 Mar'23

  NCSC warns over AI language models but rejects cyber alarmism

  The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic

• March 13, 2023 13 Mar'23

  MI5 to oversee new National Protective Security Authority

  The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets

• March 08, 2023 08 Mar'23

  How ForgeRock is tackling identity management

  ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy

• March 07, 2023 07 Mar'23

  Nine in 10 enterprises fell victim to successful phishing in 2022

  Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale

• March 07, 2023 07 Mar'23

  Dutch hospitals underestimate impact of cyber attack

  IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals

• March 07, 2023 07 Mar'23

  APAC IT leaders bullish on tech spending

  Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas

• March 02, 2023 02 Mar'23

  WH Smith staff data accessed in cyber attack

  The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing

• March 02, 2023 02 Mar'23

  Salt Labs identifies OAuth security flaw within Booking.com

  Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild

• March 01, 2023 01 Mar'23

  Data breaches in Australia on the rise, says OAIC

  Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner

• February 28, 2023 28 Feb'23

  LastPass attack saw employee’s home computer hacked

  The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package

• February 27, 2023 27 Feb'23

  How Dell is future-proofing its business

  Dell Technologies is building a more resilient supply chain, investing in growth areas like edge and multicloud, and responding to shifts in consumption models to position itself for long-term growth

• February 24, 2023 24 Feb'23

  Royal Mail stands firm as LockBit leaks data and renews ransom demand

  The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail’s systems, but the postal service is not entertaining the possibility of giving in

• February 23, 2023 23 Feb'23

  WithSecure proposes ‘undo’ button for ransomware

  WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening

• February 23, 2023 23 Feb'23

  ANZ CIOs flag priorities amid inflation concerns

  CIOs in Australia and New Zealand are concerned about inflation and plan to adjust their technology priorities to optimise resources and combat cyber threats

• February 22, 2023 22 Feb'23

  UK forces lead live-fire cyber war exercise

  The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces

• February 22, 2023 22 Feb'23

  Researchers find new bug ‘class’ in Apple devices

  A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix

• February 22, 2023 22 Feb'23

  Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

  Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result

• February 21, 2023 21 Feb'23

  Royal Mail resumes full export service after cyber attack

  Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business

• February 21, 2023 21 Feb'23

  US government Strike Force aims to prevent adversaries from accessing disruptive tech

  The US Strike Force law enforcement initiative will target rogue nation-states that pose a national security threat

• February 20, 2023 20 Feb'23

  Singapore organisations struggle to operationalise threat intelligence

  Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges

• February 20, 2023 20 Feb'23

  Twitter 2FA changes bring more risks than benefits

  Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic

• February 16, 2023 16 Feb'23

  Financial advisory firm Succession Wealth probes cyber attack

  Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February

• February 15, 2023 15 Feb'23

  Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

  Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off

• February 15, 2023 15 Feb'23

  Royal Mail refused to pay £66m LockBit ransom demand, logs reveal

  Leaked chat logs reveal Royal Mail has supposedly refused to pay a £66m ransom demand from the LockBit ransomware gang

• February 14, 2023 14 Feb'23

  Vidar, nJRAT re-emerge as prominent malware threats in January

  Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry

• February 14, 2023 14 Feb'23

  UK authorities clamp down on illegal crypto ATMs

  The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs

• February 14, 2023 14 Feb'23

  Researcher exposes crypto scam network exploiting YouTube

  A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found

• February 13, 2023 13 Feb'23

  Russian spear phishing campaign escalates efforts toward critical UK, US and European targets

  Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations

• February 13, 2023 13 Feb'23

  Security buyers lack insight into threats, attackers, report finds

  The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report

• February 13, 2023 13 Feb'23

  Killnet DDoS attacks disrupt Nato websites

  A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable

• February 10, 2023 10 Feb'23

  Social media platform Reddit breached in phishing attack

  An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack

• February 09, 2023 09 Feb'23

  UK imposes sanctions on Conti ransomware gang leaders

  Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK

• February 09, 2023 09 Feb'23

  Banking regulatory body wants a ‘tripwire’ to flag APP fraud

  Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money

• February 09, 2023 09 Feb'23

  How Check Point is keeping pace with the cyber security landscape

  Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security

• February 08, 2023 08 Feb'23

  Russian hacking group Seaborgium targets SNP MP Stewart McDonald

  Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack

• February 08, 2023 08 Feb'23

  Prolific social media fraudster jailed for three years

  Ramzan Abubakarov of Hendon will serve three-year prison sentence after using Telegram to coordinate series of frauds which netted almost £2m

• February 08, 2023 08 Feb'23

  Campaigners lament lack of movement on Computer Misuse Act reform

  Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed

• February 07, 2023 07 Feb'23

  LockBit cartel finally claims Royal Mail ransomware attack

  The LockBit ransomware gang claims it has stolen sensitive data from Royal Mail and will leak it later this week if its demands go unmet

• February 07, 2023 07 Feb'23

  APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

  MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest

• February 06, 2023 06 Feb'23

  Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

  Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app

• February 06, 2023 06 Feb'23

  Online banks still riddled with cyber security flaws, report says

  Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.

• February 06, 2023 06 Feb'23

  Estonian anti-money laundering platform used to fight APP fraud

  A real-time data-sharing platform originally built to identify money laundering is also being applied to the fight against authorised push payment fraud

• February 06, 2023 06 Feb'23

  Post Office branches struggling after Royal Mail cyber attack

  Royal Mail has restored almost all of its international services to some extent, but remains unable to accept parcels bought over the counter in a Post Office branch

• February 06, 2023 06 Feb'23

  Executive interview, Eric Muntz, Mailchimp

  We speak to Intuit Mailchimp’s former CTO about how the company manages IT engineering and supports different ways of working

• February 06, 2023 06 Feb'23

  Ransomware operator turns their fire on two-year-old VMware bug

  A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware

• February 05, 2023 05 Feb'23

  Australian organisations underinvesting in cyber security

  Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches