News

Hackers and cybercrime prevention

• April 13, 2022 13 Apr'22

  WatchGuard firewall users urged to patch Cyclops Blink vulnerability

  The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities

• April 13, 2022 13 Apr'22

  Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack

  Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 12, 2022 12 Apr'22

  Multiple arrests made in RaidForums takedown

  A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police

• April 12, 2022 12 Apr'22

  Sandworm rolls out Industroyer2 malware against Ukraine

  A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT

• April 11, 2022 11 Apr'22

  Singapore to start licensing cyber security service providers

  Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards

• April 11, 2022 11 Apr'22

  Open source CMS platform Directus patches XSS bug

  A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data

• April 11, 2022 11 Apr'22

  Raspberry Pi Foundation ditches default username policy

  Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices

• April 11, 2022 11 Apr'22

  Nordic countries discuss joint cyber defence capability

  Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia

• April 08, 2022 08 Apr'22

  EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional

  Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court

• April 08, 2022 08 Apr'22

  Ukrainian cyber criminal gets five years in jail

  A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence

• April 07, 2022 07 Apr'22

  US shuts down Russia’s Cyclops Blink botnet operation

  Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’

• April 06, 2022 06 Apr'22

  Apple criticised over unpatched CVEs in Catalina, Big Sur

  Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions

• April 06, 2022 06 Apr'22

  Denonia malware may be first to target AWS Lambda

  The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind

• April 06, 2022 06 Apr'22

  Hydra takedown merely shifts cyber criminal problem elsewhere

  The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals

• April 05, 2022 05 Apr'22

  Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

  France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution

• April 05, 2022 05 Apr'22

  Discount retailer The Works hit by cyber attack

  A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature

• April 05, 2022 05 Apr'22

  Triple-threat Borat malware no joke for victims

  Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros

• April 05, 2022 05 Apr'22

  IBM z16 tackles financial fraud and quantum hacks

  New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection

• April 04, 2022 04 Apr'22

  How remote browser isolation can mitigate cyber threats

  Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device

• April 01, 2022 01 Apr'22

  Two teenagers charged with Lapsus$ cyber attacks

  City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree

• April 01, 2022 01 Apr'22

  Four moves to ‘checkmate’ critical assets thanks to lax cloud security

  Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report

• April 01, 2022 01 Apr'22

  Apple drops emergency patches for two zero-days

  Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild

• March 31, 2022 31 Mar'22

  Global upheaval shows cyber security isn’t good enough, says GCHQ director

  Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech

• March 31, 2022 31 Mar'22

  Bank fraud prevention scheme blocked £60m in fraud last year

  Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented

• March 31, 2022 31 Mar'22

  Lapsus$ cyber crime spree continues despite arrests

  The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos

• March 31, 2022 31 Mar'22

  Spring4Shell zero-day sprung on security teams

  Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?

• March 30, 2022 30 Mar'22

  One-third of UK firms suffer a cyber attack every week

  New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors

• March 30, 2022 30 Mar'22

  Australia to spend A$9.9bn on intelligence and cyber capabilities

  The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate

• March 29, 2022 29 Mar'22

  Wave of Log4j-linked attacks targeting VMware Horizon

  Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell

• March 29, 2022 29 Mar'22

  FCA reports 52% jump in security incidents

  The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware

• March 29, 2022 29 Mar'22

  Singapore rolls out cyber security certification scheme

  Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices

• March 25, 2022 25 Mar'22

  European Commission proposes new cyber security regulations

  New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas

• March 25, 2022 25 Mar'22

  London police arrest seven in connection to Lapsus$

  Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks

• March 24, 2022 24 Mar'22

  Anonymous claims it has hacked the Central Bank of Russia

  Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state

• March 24, 2022 24 Mar'22

  Ransomware demands and payments increase with use of leak sites

  Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims

• March 24, 2022 24 Mar'22

  How India organisations can mitigate cyber threats

  Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks

• March 22, 2022 22 Mar'22

  Biden issues warning about Russian cyber attacks

  President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia

• March 22, 2022 22 Mar'22

  Details of Conti ransomware affiliate released

  Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise

• March 18, 2022 18 Mar'22

  Dark web littered with Ukraine crypto scammers

  Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine

• March 18, 2022 18 Mar'22

  Ukrainian cyber defences prove resilient

  Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks

• March 17, 2022 17 Mar'22

  NCSC catches 10 million phishes

  Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign

• March 17, 2022 17 Mar'22

  Alarm raised over ‘trickster’ LokiLocker ransomware

  The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers

• March 17, 2022 17 Mar'22

  FCSA takes steps to help umbrella company members protect themselves better from cyber attacks

  After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better

• March 16, 2022 16 Mar'22

  Biden signs ransomware reporting mandate into law

  CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours

• March 16, 2022 16 Mar'22

  Two men convicted after using EncroChat cryptophones to plot killing

  Evidence from the encrypted phone network EncroChat led to the conviction of two men for conspiracy to murder

• March 16, 2022 16 Mar'22

  CaddyWiper is fourth new malware linked to Ukraine war

  ESET’s cyber security analysts have identified yet another destructive wiper malware being used against targets in Ukraine

• March 15, 2022 15 Mar'22

  Supreme Court refuses Julian Assange extradition appeal

  The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals

• March 11, 2022 11 Mar'22

  Kaspersky forced to deny source code leak

  Kaspersky says an alleged leak of its source code was in fact material anyone could have gleaned from its public servers

• March 11, 2022 11 Mar'22

  Police EncroChat cryptophone hacking implant did not work properly and frequently failed

  Surveillance operation against EncroChat encrypted phone network had repeated technical failures