News

Hackers and cybercrime prevention

September 07, 2022 07 Sep'22
Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor
September 07, 2022 07 Sep'22
Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals
September 06, 2022 06 Sep'22
Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution
September 06, 2022 06 Sep'22
Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services

September 06, 2022 06 Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
September 05, 2022 05 Sep'22
Russian-speaking cyber criminals feel economic pinch

Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant
September 05, 2022 05 Sep'22
How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident
September 01, 2022 01 Sep'22
Space nerds beware: James Webb images used to spread malware

Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware
September 01, 2022 01 Sep'22
Local authorities experience 10,000 attempted cyber attacks every day

Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker
September 01, 2022 01 Sep'22
Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at a time of heavy government investment

September 01, 2022 01 Sep'22
New (ISC)² cyber careers schemes go live

(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide
August 31, 2022 31 Aug'22
Google debuts open source bug bounty programme

Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
August 31, 2022 31 Aug'22
Norway has NOK200m plan to bolster cyber defences

Norway is investing heavily in its cyber defences amid heightened threat from Russia
August 31, 2022 31 Aug'22
NHS staff fall further behind amid ransomware attack

While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover
August 31, 2022 31 Aug'22
Four years into GDPR, Norway hopes for safer data transfer to US

Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority
August 30, 2022 30 Aug'22
IAM house Okta confirms 0ktapus/Scatter Swine attack

Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard
August 30, 2022 30 Aug'22
LastPass breach limited in scale and well-managed, say experts

A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
August 25, 2022 25 Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack

Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
August 25, 2022 25 Aug'22
Adaptive RedAlert, Monster ransomwares go cross-platform

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time
August 25, 2022 25 Aug'22
Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
August 25, 2022 25 Aug'22
LockBit 3.0 cements dominance of ransomware ecosystem

Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame
August 24, 2022 24 Aug'22
Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
August 19, 2022 19 Aug'22
Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
August 19, 2022 19 Aug'22
Apple patches two zero-days in macOs, iOS

Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
August 18, 2022 18 Aug'22
Amazon Ring vulnerability could have been used to spy on users

A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it
August 18, 2022 18 Aug'22
Ukraine war drives DDoS attack volumes ever higher

There has been a boom in distributed denial-of-service attacks in the first six months of 2022, according to a report, with Russia’s war on Ukraine helping to drive activity
August 16, 2022 16 Aug'22
Cyber security accelerator launches in Greater Manchester

Accelerator will add to Manchester’s growing cyber security ecosystem, which already includes several tech unicorns, arms companies and the offices of GCHQ
August 16, 2022 16 Aug'22
South Staffs Water is victim of botched Clop attack

South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault
August 15, 2022 15 Aug'22
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London
August 15, 2022 15 Aug'22
Report reveals consensus around Computer Misuse Act reform

A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform
August 12, 2022 12 Aug'22
Cyber criminal forum targets only Russia

The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind
August 12, 2022 12 Aug'22
Microsoft doles out $13.7m in bug bounties

Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
August 12, 2022 12 Aug'22
How critical infrastructure operators can secure OT data

Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats
August 11, 2022 11 Aug'22
Cisco averts cyber disaster after successful phishing attack

A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage
August 11, 2022 11 Aug'22
NHS may take a month to recover from supply chain attack

Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations
August 10, 2022 10 Aug'22
‘Coopetition’ a growing trend among ransomware gangs

Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time
August 08, 2022 08 Aug'22
NHS recovering key services after attack on supplier

Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service
August 05, 2022 05 Aug'22
Reliance on PSN may have exacerbated cyber attack impact

As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks
August 04, 2022 04 Aug'22
UK has biggest card fraud problem in Europe

Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe
August 04, 2022 04 Aug'22
SBRC to administer NCSC training across Scotland

The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations
August 04, 2022 04 Aug'22
Financial services regulator opens digital delivery centre in Leeds

The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds
August 04, 2022 04 Aug'22
Spyware activity particularly impactful in July

After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report
August 03, 2022 03 Aug'22
DrayTek patches SOHO router bug that left thousands exposed

Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers
July 29, 2022 29 Jul'22
Austrian data firm accused of selling malware, conducting cyber attacks

Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks
July 28, 2022 28 Jul'22
Ex-youth footballers kick-start cyber careers

New programme aims to find fresh careers for former youth footballers in cyber security
July 28, 2022 28 Jul'22
H0lyGh0st ransomware gang faces challenges, but still a threat

Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat
July 28, 2022 28 Jul'22
NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses
July 28, 2022 28 Jul'22
Cyber criminals pivot away from macros as Microsoft changes bite

As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect
July 27, 2022 27 Jul'22
Consumers left out of pocket as security costs soar

As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people
July 27, 2022 27 Jul'22
US doubles bounty on Lazarus cyber crime group to $10m

US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group