News
Hackers and cybercrime prevention
-
February 25, 2022
25
Feb'22
Darktrace buys attack surface management firm Cybersprint
Emergent AI cyber specialist Darktrace is to pay £39.7m for Netherlands-based Cybersprint
-
February 24, 2022
24
Feb'22
Researchers link Dridex botnet to emergent Entropy ransomware
A little-known new ransomware called Entropy contains significant code similarities to the general purpose Dridex botnet, suggesting some kind of link between the two
-
February 24, 2022
24
Feb'22
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021
-
February 24, 2022
24
Feb'22
New wave of cyber attacks on Ukraine preceded Russian invasion
A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion
-
February 24, 2022
24
Feb'22
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building
-
February 24, 2022
24
Feb'22
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk
-
February 23, 2022
23
Feb'22
Salesforce pays out over £2m in bug bounties
Salesforce says it received more than 4,000 vulnerability reports in 2021 alone as it delivers a rare public update on its bug bounty programme
-
February 23, 2022
23
Feb'22
DCMS launches free cyber skills platform for kids
Government introduces free online cyber skills training for schoolchildren to encourage them into cyber security roles in the future and help address the skills gap
-
February 23, 2022
23
Feb'22
Backups ‘no longer effective’ for stopping ransomware attacks
Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques
-
February 23, 2022
23
Feb'22
No imminent cyber threat to UK from Russia
Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain
-
February 23, 2022
23
Feb'22
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region
-
February 23, 2022
23
Feb'22
Tech acquisition to be major priority for UK police
Policing minister cites technology as major focus for future of UK police, in comments made ahead of the publication of the Strategic Review of Policing in England and Wales
-
February 22, 2022
22
Feb'22
UK organisations swift to chide phishing victims
While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated
-
February 21, 2022
21
Feb'22
UK joins US in pinning Ukraine DDoS attacks on Russia
A series of DDoS attacks on Ukrainian defence and banking organisations last week is now being firmly attributed to Russian action
-
February 18, 2022
18
Feb'22
Lawyers say ‘unprecedented’ secrecy deprived EncroChat defendants of fair trials
Lawyers from seven countries say it is impossible for their clients to challenge the accuracy, authenticity, reliability and legality of the evidence against them
-
February 18, 2022
18
Feb'22
UK organisations untroubled by Trickbot surge
A surge in Trickbot infections is targeting some of the world’s most prominent brands, but UK organisations seem thankfully unaffected
-
February 17, 2022
17
Feb'22
Red Cross cyber attack the work of nation-state actors
The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state
-
February 16, 2022
16
Feb'22
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment
-
February 16, 2022
16
Feb'22
DDoS attacks hit Ukrainian defence ministry and banks
A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region
-
February 16, 2022
16
Feb'22
BlackCat ransomware gang claims responsibility for Swissport attack
Ransomware gang is trying to offload 1.6TB of data stolen from aviation services firm
-
February 16, 2022
16
Feb'22
Retrospect Backup refines anomaly detection in ransomware battle
StorCentric backup software brand allows customer fine-tuning of anomaly detection in struggle against ransomware, and adds immutable copies via object locking in Azure
-
February 15, 2022
15
Feb'22
Parasol data breach: Frustrated IT contractors dig into the dark web in search of their data
The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for ...
-
February 15, 2022
15
Feb'22
TA2451 targets aviation and transport sector with tailored lures
Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors
-
February 15, 2022
15
Feb'22
China emerges as leader in vulnerability exploitation
Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs
-
February 11, 2022
11
Feb'22
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy
-
February 11, 2022
11
Feb'22
Why security professionals should pay attention to what Russia is doing
Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to
-
February 11, 2022
11
Feb'22
Hackney Council could be forced to answer questions about IT security training after Psya ransomware
Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic
-
February 10, 2022
10
Feb'22
How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe
Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network
-
February 09, 2022
09
Feb'22
Linux-based clouds an open door for attackers, says VMware
Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware
-
February 09, 2022
09
Feb'22
Ransomware ever more sophisticated and impactful, warns NCSC
UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs
-
February 09, 2022
09
Feb'22
Tech companies risk being compelled by law to protect children, says online safety expert
John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act
-
February 08, 2022
08
Feb'22
DPD delivers swift fix for serious API flaw
API vulnerability potentially left PII on DPD Group’s customers dangerously exposed, but was rapidly fixed on disclosure
-
February 08, 2022
08
Feb'22
Microsoft to start blocking macros to thwart malware
Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security
-
February 08, 2022
08
Feb'22
The Security Interviews: Building the UK’s future cyber ecosystem
As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions
-
February 07, 2022
07
Feb'22
Airport services firm thwarts attempted ransomware heist
Aviation services provider Swissport says its systems are mostly back up and running after a ransomware attack
-
February 04, 2022
04
Feb'22
Cyber attacks on European oil facilities spreading
Following a cyber attack on distribution facilities in Germany, more incidents have been reported in Belgium and the Netherlands, but it is too early to necessarily draw a link between them
-
February 04, 2022
04
Feb'22
Check Point looks to plug ASEAN’s cyber security gap
Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors
-
February 03, 2022
03
Feb'22
BlackCat crew supposedly behind OilTanking ransomware heist
Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group
-
February 03, 2022
03
Feb'22
Brookson and Parasol cyber attacks: Contractor complaints about delayed payments continue
Several weeks on from the suspected ransomware attack that blighted two of the umbrella industry’s biggest players, contractors are still chasing their missing money
-
February 03, 2022
03
Feb'22
Crisp supply shortage looms after KP Snacks hit by ransomware
Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks
-
February 03, 2022
03
Feb'22
French Supreme Court raises constitutional questions over EncroChat hacking secrecy
Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution
-
February 02, 2022
02
Feb'22
Reforms needed to tackle economic crime, says Treasury Committee
The Treasury Committee is disappointed at progress towards tackling economic crime and fraud in both the online and offline worlds, and is calling for more action
-
February 02, 2022
02
Feb'22
British Council data exposed by third-party cyber failure
The British Council entrusted confidential data on its students to a third-party and was let down
-
February 01, 2022
01
Feb'22
German fuel supplier taken offline in cyber attack
Cyber attack against Germany’s Oiltanking, a major fuel logistics company, affects 13 distribution terminals across Germany, in an incident with echoes of last year’s hit on Colonial Pipeline
-
February 01, 2022
01
Feb'22
Over one-fifth of ransomware attacks target financial sector
Newly published data reveals a significant uptick in cyber attacks against the financial services sector during the third quarter of 2021
-
January 28, 2022
28
Jan'22
Korean researchers invent silk-based security device
Experts from the Gwangju Institute of Science have built a digital security device based on natural silk fibres that they claim is practically unbreachable
-
January 27, 2022
27
Jan'22
CISOs must get out in front of Ukraine cyber crisis, says NCSC
The National Cyber Security Centre is urging UK organisations to take steps to bolster their cyber security resilience in response to the ongoing Ukraine crisis
-
January 27, 2022
27
Jan'22
DCMS taps Arqit for 5G project to provide Open RAN security by default
Quantum platform-as-a-service provider joins government’s programme to drive diversity in comms technology supply with the aim of integrating a novel quantum encryption service to enable security by default
-
January 27, 2022
27
Jan'22
Novel phishing campaign highlights need for MFA, says Microsoft
Microsoft details a new multi-stage phishing campaign that only affects victims without multifactor authentication in place
-
January 27, 2022
27
Jan'22
Nightmare Log4Shell scenario averted by prompt, professional action
Prompt and professional community response to the Log4Shell disclosure means the dangerous and widespread vulnerability has not been exploited to the extent many had feared