News
Hackers and cybercrime prevention
-
July 26, 2020
26
Jul'20
Australia issues new cloud computing guidelines
The new guidance, which comes after the expiry of the government’s cloud services certification programme, will help to bolster Australia’s cyber security resilience
-
July 24, 2020
24
Jul'20
Garmin outage prompts ransomware attack speculation
Details are thin on the ground following a major service outage at Garmin, prompting industry speculation that the firm has fallen victim to a ransomware attack
-
July 24, 2020
24
Jul'20
Investment in neurodiverse talent a win-win for security
Current careers guidance and recruitment processes for security jobs are not working for people with ADHD, autism, dyslexia and dyspraxia, but the problem is fixable with a little attention to detail
-
July 24, 2020
24
Jul'20
A question of trust: University and supplier on the hook for data breach
Data on students at the University of York was stolen in a ransomware attack on a supplier two months ago, and the response of both parties raises serious questions
-
July 22, 2020
22
Jul'20
NCSC reveals scale of cyber attacks on UK sports industry
The UK’s sports industry is under near constant cyber attack, according to new statistics from the National Cyber Security Centre
-
July 22, 2020
22
Jul'20
No let-up in cyber attacks as lockdown eases
Cyber attacks are up by one-third as the coalescence of cyber activity and nation state-linked threats around the pandemic bears fruit for bad actors
-
July 22, 2020
22
Jul'20
US charges Chinese nationals with Covid-19 research hacking
The two hackers allegedly worked with the Chinese Ministry of State Security, targeting intellectual property and confidential business information
-
July 21, 2020
21
Jul'20
Coronavirus: Government drags its feet on online misinformation
Online misinformation about Covid-19 continues to spread unchecked, according to a DCMS committee report which has accused the government of dragging its feet over online harms
-
July 21, 2020
21
Jul'20
Russia Report reveals long-running cyber warfare campaign against UK
Russia has been hacking the UK for years and the British government has also known about it for years, according to the Intelligence and Security Committee’s report
-
July 21, 2020
21
Jul'20
Australian industry panel calls for ‘clear consequences’ of cyber attacks
A government-appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy
-
July 17, 2020
17
Jul'20
Twitter hack fallout: Investigators on trail of cyber criminals
Investigators are hunting the cyber criminals who broke into Twitter’s systems to hijack prominent accounts, amid concerns that more attacks may come
-
July 16, 2020
16
Jul'20
Russian state hackers attacking Covid-19 researchers
Kremlin-linked APT29 group, also known as Cozy Bear, is conducting a campaign against Covid-19 researchers around the world
-
July 16, 2020
16
Jul'20
Bazar malware may be new tool in Trickbot arsenal
Cybereason’s Nocturnus research team uncovers new Bazar malware, which shares some similarities with other varieties
-
July 16, 2020
16
Jul'20
Cryptocurrency scammers attack Twitter in insider breach
Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam
-
July 16, 2020
16
Jul'20
Coronavirus shines spotlight on cyber security
Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic
-
July 15, 2020
15
Jul'20
Government proposes IoT security enforcement body
The government is today publishing new proposals concerning planned legislation that will protect users of smart IoT devices from cyber criminals
-
July 15, 2020
15
Jul'20
Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update
The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update
-
July 15, 2020
15
Jul'20
Video providers slammed by credential stuffing attacks
Attacks on the media sector are spiking as cyber criminals try to gain access to valuable consumer accounts
-
July 14, 2020
14
Jul'20
Check Point unearths critical SigRed bug in Windows DNS
SigRed vulnerability is highly dangerous, but is being fixed as part of the July 2020 Patch Tuesday update
-
July 14, 2020
14
Jul'20
Recon vulnerability puts thousands of SAP customers at risk
Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems
-
July 14, 2020
14
Jul'20
‘Name-and-shame’ ransomware attacks increasing in prevalence
Since emerging at the tail-end of 2019, double extortion, or exfiltration and encryption, ransomware attacks have become highly popular, and now account for a significant number of incidents, according to Emsisoft research
-
July 14, 2020
14
Jul'20
Australian enterprises facing more cyber attacks
The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country
-
July 13, 2020
13
Jul'20
NCSC launches pen testing service for remote workers
An expansion to the successful Exercise in a Box toolkit will enable SMEs to probe the cyber security defences of remote workers
-
July 13, 2020
13
Jul'20
Zoom zero-day a reminder to stop using Windows 7
Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems
-
July 09, 2020
09
Jul'20
HSBC customers targeted in new smishing scam
SMS phishing scam is targeting HSBC customers in the UK to trick them into handing over their bank account details
-
July 09, 2020
09
Jul'20
Clearview AI faces ICO investigation over facial recognition
Controversial company that scraped data from the public internet to build its facial recognition algorithm faces a joint UK-Australian investigation into its practices
-
July 09, 2020
09
Jul'20
More Joker malware apps chucked off Google Play Store
Infamous Joker billing fraud malware continues to sneak past Google’s security controls
-
July 09, 2020
09
Jul'20
Pubs and restaurants failing on cyber fraud protection
Virtually all of the UK’s most popular restaurant and pub brands are failing to proactively block fraudulent emails from reaching their targets
-
July 08, 2020
08
Jul'20
Use of spyware apps linked to domestic abuse soars in lockdown
The rise in domestic violence during the pandemic has been linked to increase use of stalkerware apps by abusers
-
July 08, 2020
08
Jul'20
Cosmic Lynx cyber crime group takes BEC to new heights
Newly identified Russian threat group targets large organisations with increasingly dangerous business email compromise attacks
-
July 08, 2020
08
Jul'20
Over 15 billion credentials for sale on dark web
Research by Digital Shadows reveals the scale of the security threat facing consumers as it uncovers 15 billion usernames and passwords stolen in more than 100,000 different data breaches
-
July 08, 2020
08
Jul'20
Security funding soars despite Covid-19 slump, but problems lie ahead
The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going
-
July 07, 2020
07
Jul'20
Cyber4Summer scheme to divert young people from cyber crime
Cyber4Summer platform will offer 100 different tracks covering a range of security skills to divert them from falling into a life of cyber crime
-
July 07, 2020
07
Jul'20
MSP Xchanging attacked in ransomware incident
Specialist managed services provider is restoring customer access to systems after an unspecified ransomware incident
-
July 06, 2020
06
Jul'20
Lorca scale-ups bring diverse security to the fore
London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort
-
July 06, 2020
06
Jul'20
North Korea behind spate of Magecart attacks
The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec
-
July 02, 2020
02
Jul'20
Cops take out encrypted comms to disrupt organised crime
The UK’s National Crime Agency, alongside other law enforcement agencies in France and the Netherlands, have busted illicit arms and drugs rings after disabling an encrypted comms platform
-
July 02, 2020
02
Jul'20
Locked-down teens flock to NCSC CyberFirst training scheme
A record number of 14 to 17-year-olds have signed up to the National Cyber Security Centre’s CyberFirst summer school
-
July 02, 2020
02
Jul'20
Sodinokibi gang begins dark web celebrity data auctions
Group claims to be auctioning confidential legal data on pop stars Mariah Carey, Nicki Minaj and basketball player LeBron James
-
July 01, 2020
01
Jul'20
UK’s unsung cyber security heroes sought
Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards
-
July 01, 2020
01
Jul'20
Remote workers more aware of security, but still flout the rules
Almost three-quarters of remote workers reckon they have gained in cyber security awareness during lockdown, but don’t seem to be especially bothered about keeping themselves safe
-
July 01, 2020
01
Jul'20
Mysterious EvilQuest macOS ransomware spreads through torrents
A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly
-
July 01, 2020
01
Jul'20
FCA estimates about 2.6 million Brits have bought cryptocurrency
UK financial services regulator says there has been a significant increase in ownership of cryptocurrencies in the UK
-
July 01, 2020
01
Jul'20
FakeSpy Android malware targets Royal Mail app users
The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous
-
June 30, 2020
30
Jun'20
Australia to invest a record A$1.35bn in cyber security
The Australian government is making its largest ever investment in cyber security over the next decade to identify cyber threats, disrupt foreign cyber criminals and build new capabilities
-
June 30, 2020
30
Jun'20
ReversingLabs makes over 100 Yara rules publicly available
Threat intelligence specialist is making its IP available on GitHub to support malware hunters in their work
-
June 30, 2020
30
Jun'20
BNP Paribas uses biometrics to increase contactless payment limit
French bank BNP Paribas is enabling customers to make higher value contactless payments through fingerprint-recognition technology
-
June 30, 2020
30
Jun'20
The Security Interviews: What CISOs can learn from Covid-19
Mike Lloyd, CTO at Redseal, holds 21 cyber security patents and a PhD in stochastic epidemic modelling from Heriot-Watt University in Edinburgh, so is probably the man to talk to when it comes to cyber security in the world of Covid-19
-
June 30, 2020
30
Jun'20
Complex security estates hinder incident response
The more disparate security tools in use in an organisation, the harder it becomes to mount an effective incident response
-
June 29, 2020
29
Jun'20
Lawyers learn of fresh US allegations against WikiLeaks founder Julian Assange from press reports
The US has filed an updated indictment against Julian Assange alleging that he conspired with hacking groups to obtain information for WikiLeaks. Defence and prosecution lawyers learned about it from press reports
-
June 29, 2020
29
Jun'20
Phishing back in vogue as ransomware vector
Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared
-
June 29, 2020
29
Jun'20
Evil Corp’s latest ransomware project spreading fast
A new ransomware strain dubbed WastedLocker is spreading rapidly and targeting major corporations
-
June 29, 2020
29
Jun'20
GCHQ launches Manchester accelerator programme to help firms leverage tech for citizen well-being
Innovation Co-Lab will mentor companies to grow, prevent crime and improve online safety
-
June 29, 2020
29
Jun'20
Making the case for cloud-based security
Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale
-
June 29, 2020
29
Jun'20
Out of date security laws leave UK plc at risk during pandemic
The CyberUp coalition has written to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws
-
June 26, 2020
26
Jun'20
Coronavirus: Cyber crime landscape evolving as lockdown eases
As some countries begin to gradually ease Covid-19 lockdown measures, cyber criminals’ tactics are changing, but the pandemic remains a tempting lure
-
June 24, 2020
24
Jun'20
NCSC catches a million phishes in its nets
The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize
-
June 23, 2020
23
Jun'20
Neurodiversity on the rise among career hackers
More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd
-
June 23, 2020
23
Jun'20
Twitter contacts business users over data exposure
Issue relates to how web browsers cached confidential data entered in Twitter’s ads and analytics services, but is unlikely to have resulted in compromise
-
June 23, 2020
23
Jun'20
Flash-based MacOS malware hides in plain sight
By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences
-
June 23, 2020
23
Jun'20
Concern over digital risk falls dramatically during pandemic
Brits are understandably more worried about the NHS than personal cyber security
-
June 21, 2020
21
Jun'20
APAC still hotbed for cyber attacks
Individuals and organisations in APAC are encountering malware more frequently than the rest of the world, study finds
-
June 19, 2020
19
Jun'20
Online shopping fraud hits £16m during lockdown
A quarter of victims were aged between 18 and 26, says Action Fraud
-
June 19, 2020
19
Jun'20
Australian prime minister confirms country is suffering repeated nation-state cyber attacks
Concern over critical national infrastructure as cyber attackers repeatedly try to gain access to network of organisations operating in multiple sectors
-
June 18, 2020
18
Jun'20
Cisco patches dangerous Webex vulnerability
CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service
-
June 18, 2020
18
Jun'20
Check Point uncovers targeted Microsoft Office 365 phishing campaign
Organised criminal campaign exploited Adobe, Oxford University and Samsung web domains to trick users into giving up their passwords
-
June 18, 2020
18
Jun'20
Zoom U-turns on end-to-end encryption
Embattled video-conferencing provider Zoom backtracks on previous refusals to provide end-to-end encryption to free users
-
June 17, 2020
17
Jun'20
Cosmetics company Avon offline after cyber attack
Representatives left unable to place orders after company’s back-end systems went offline over a week ago
-
June 16, 2020
16
Jun'20
Activists call on Zoom to implement encryption for all
A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users
-
June 15, 2020
15
Jun'20
Banking trojans roar back to prominence in May
Check Point sees an upswing in malicious activity around a number of classic banking trojan malware variants
-
June 15, 2020
15
Jun'20
NatWest develops behavioural biometrics as additional authentication
Bank is working with Visa to develop behavioural biometrics technology as an extra layer of invisible authentication
-
June 15, 2020
15
Jun'20
Accessories store Claire’s hit by Magecart credit card fraudsters
Attackers gained access to retailer’s website as long ago as March
-
June 12, 2020
12
Jun'20
NHS email service users ensnared in phishing attack
More than 100 accounts on the NHSmail service were affected by attack, but health service says no patient data was accessed
-
June 12, 2020
12
Jun'20
Fake contact-tracing apps delivering banking trojans
Spoof government coronavirus apps are popping up all over the world, says the Anomali Threat Research team
-
June 12, 2020
12
Jun'20
100,000 cheap wireless cameras vulnerable to hacking
Active devices built by Chinese firm HiChip have been sold in the UK as webcams and connected baby monitors
-
June 12, 2020
12
Jun'20
UN secretary general calls for global digital cooperation
Antonio Guterres launches roadmap for digital cooperation and calls for world leaders to come together to “connect, respect and protect people in the digital age”
-
June 12, 2020
12
Jun'20
Twitter kills thousands of misinformation accounts
The accounts were linked to the governments of China, Russia and Turkey, and engaged in systematic operations against pro-democracy activists, political opponents and dissidents
-
June 11, 2020
11
Jun'20
Coronavirus: Bungled British response leads to rise in security risks
Covid-19 cyber security threats are evolving over the course of the pandemic, becoming more targeted to virus hotspots such as the UK
-
June 10, 2020
10
Jun'20
Decade-old vulnerability among 129 Patch Tuesday fixes
A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks
-
June 10, 2020
10
Jun'20
Unsecured Elasticsearch server breached in eight hours flat
Comparitech’s Bob Diachenko wanted to find out how long it would take for hackers to find and attack an unsecured, public internet-facing database, so he set up a honeypot
-
June 10, 2020
10
Jun'20
Nasty surprises lurking in furloughed employees’ inboxes
Research conducted by KnowBe4 points to a looming email security problem as furloughed employees head back to work
-
June 10, 2020
10
Jun'20
How Australian firms can defend against supply chain attacks
Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm
-
June 09, 2020
09
Jun'20
Honda investigates suspected Snake ransomware attack
Attack disrupts global operations at carmaker, with assembly lines falling silent and sales suspended
-
June 09, 2020
09
Jun'20
Poorly-secured AWS buckets used to launch Magecart attacks
Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data
-
June 08, 2020
08
Jun'20
What it takes to get DevSecOps right
DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools
-
June 05, 2020
05
Jun'20
Police chiefs working with Public Health England on contact-tracing security
Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme
-
June 05, 2020
05
Jun'20
Ministry of Defence forms new cyber security regiment
The 13th Signal Regiment brings together personnel from across the armed forces to provide specialist security services
-
June 04, 2020
04
Jun'20
Black Lives Matter activists targeted by cyber attacks
Civil liberties organisations are being targeted by far-right trolls as protests over the murder of George Floyd spread worldwide
-
June 04, 2020
04
Jun'20
Coronavirus: Cyber criminals target laid-off workers
Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic
-
June 03, 2020
03
Jun'20
Sodinokibi data auctions highlight changing criminal tactics
The operators of the Sodinokibi ransomware strain are auctioning off swathes of stolen data in an apparent bid to raise cash. What is motivating this new tactic?
-
June 03, 2020
03
Jun'20
Security procurement framework goes live for NHS and public sector
Cyber Security Services Framework, developed by NHS Shared Business Services, has formally launched
-
June 03, 2020
03
Jun'20
Infosec 2020: Covid-19 an opportunity to change security thinking
The annual Infosecurity Europe is being held virtually this year, and speakers at an online panel session have been considering the impact of the pandemic on security awareness
-
June 02, 2020
02
Jun'20
VMware vulnerability leaves private clouds open to takeover
Ethical hackers from Citadelo uncovered a vulnerability in VMware Cloud Director that left private cloud owners open to takeover
-
June 01, 2020
01
Jun'20
Privacy campaigners call for radical changes to contact-tracing app
Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether
-
June 01, 2020
01
Jun'20
WikiLeaks founder Julian Assange misses court hearing due to respiratory problems
The WikiLeaks founder is expected to call 21 witnesses during a three-week extradition hearing in September
-
June 01, 2020
01
Jun'20
How managed threat hunting helps bust malicious insiders
Managed threat hunting services can help take some of the pressure off security operations centres and help ensure potential breaches don’t escalate into something far worse. We explore one such case with a happy ending
-
May 29, 2020
29
May'20
Government launches IoT security funding round
A £400,000 funding pot is on offer for innovators to design schemes that boost internet-of-things security
-
May 29, 2020
29
May'20
Test and Trace has not passed data protection impact assessment
Public Health England failed to complete the required impact assessment before launching the Covid-19 Test and Trace programme
-
May 29, 2020
29
May'20
How Sega Europe slashed incident response times using cloud SIEM
Gaming company’s SOC radically improves its operational efficiency with Sumo Logic’s cloud SIEM service
-
May 29, 2020
29
May'20
Singapore’s contact-tracing app tops privacy study
Singapore’s TraceTogether is least intrusive in terms of privacy communications compared with similar apps in the region, study finds