News

Hackers and cybercrime prevention

• December 10, 2024 10 Dec'24

  Dangerous CLFS and LDAP flaws stand out on Patch Tuesday

  Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol

• December 10, 2024 10 Dec'24

  iOS vuln leaves user data dangerously exposed

  Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates

• December 10, 2024 10 Dec'24

  Top IT predictions in APAC in 2025

  Enterprises across the Asia-Pacific region are expected to focus on securing their AI workloads, invest in energy efficient infrastructure and rethink their platform strategy, among other tech trends in the new year

• December 09, 2024 09 Dec'24

  Bahrain faces legal action after planting Pegasus spyware on UK blogger

  A court has given the go-ahead to UK-based blogger Yusuf Al-Jamri to seek damages from the Kingdom of Bahrain after it deployed spyware from Israel’s NSO Group to hack his phone

• December 06, 2024 06 Dec'24

  TfL cyber attack cost over £30m to date

  TfL provides more detail on the financial impact of the September 2024 cyber attack that crippled several of its online systems

• December 05, 2024 05 Dec'24

  Government agencies urged to use encrypted messaging after Chinese Salt Typhoon hack

  Chinese hacking of US telecom networks raises questions about the exploitation by hostile hacking groups of government backdoors to provide lawful access to telecoms services

• December 04, 2024 04 Dec'24

  Shared digital gateway was source of three NHS ransomware attacks

  Alder Hey children’s hospital confirms ransomware operators accessed its systems through a shared digital gateway, but is standing firm in the face of the gang’s demands

• December 04, 2024 04 Dec'24

  NCA takes out network that laundered ransomware payments

  NCA-led Operation Destabilise disrupts Russian crime networks that funded the drugs and firearms trade in the UK, helped Russian oligarchs duck sanctions, and laundered money stolen from the NHS and others by ransomware gangs

• December 04, 2024 04 Dec'24

  Nordics move to deepen cyber security cooperation

  Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks

• December 03, 2024 03 Dec'24

  US updates telco security guidance after mass Chinese hack

  Following the widespread Salt Typhoon hacks of US telecoms operators including AT&T and Verizon, CISA and partner agencies have launched refreshed security guidance for network engineers and defenders alike

• December 02, 2024 02 Dec'24

  APAC businesses face cyber onslaught

  The Asia-Pacific region is a cyber security hotspot, enduring significantly more cyber attacks than the global average, with AI-powered threats and skills shortages exacerbating the problem

• December 02, 2024 02 Dec'24

  NCSC boss calls for ‘sustained vigilance’ in an aggressive world

  NCSC CEO Richard Horne is to echo wider warnings about the growing number and severity of cyber threats facing the UK as he launches the security body’s eighth annual report

• November 29, 2024 29 Nov'24

  Second Merseyside hospital hit by cyber attack

  Hot on the heels of a major cyber attack at a nearby NHS trust, one of Europe’s biggest and busiest children’s hospitals is reportedly scrambling to deal with ransomware gang

• November 28, 2024 28 Nov'24

  Energy sector’s digital shift opens door to cyber threats

  The transition to renewable energy and the increasing integration of IT and OT systems in the energy sector are creating new cyber security challenges

• November 27, 2024 27 Nov'24

  Scientists demonstrate Pixelator deepfake image verification tool

  With the age of deepfake imagery upon us, a team led by York St John University researchers has created a tool to help people ‘navigate the fine line between reality and fabrication’

• November 27, 2024 27 Nov'24

  Further disruption expected after latest NHS cyber attack

  IT and security teams at Wirral University Teaching Hospitals NHS Trust continue to work around the clock following a major cyber incident, with services disrupted and no timeline for resolution

• November 26, 2024 26 Nov'24

  Sellafield operator opens dedicated cyber centre

  The UK’s Nuclear Decommissioning Authority has opened a cyber security centre spanning its activities across the nuclear sector

• November 26, 2024 26 Nov'24

  Blue Yonder ransomware attack breaks systems at UK retailers

  UK supermarkets continue to deal with the impact of a ransomware attack on the systems of supply chain software supplier Blue Yonder, which is disrupting multiple aspects of their businesses including deliveries and staff management

• November 26, 2024 26 Nov'24

  Russian threat actors poised to cripple power grid, UK warns

  UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’

• November 25, 2024 25 Nov'24

  Microsoft calls on Trump to ‘push harder’ on cyber threats

  Microsoft’s Brad Smith urges president-elect Donald Trump to keep the faith when it comes to fighting back against hostile cyber actors from China, Iran and Russia

• November 25, 2024 25 Nov'24

  Geopolitical strife drives increased ransomware activity

  The lines between financially motivated cyber criminals and nation state APTs are rapidly blurring, as geopolitical influences weigh heavily on the threat landscape, according to data from NCC

• November 21, 2024 21 Nov'24

  BianLian cyber gang drops encryption-based ransomware

  The Australian and American cyber authorities have published updated intelligence on the BianLian ransomware gang, which has undergone a rapid evolution in tactics

• November 21, 2024 21 Nov'24

  Microsoft slaps down Egyptian-run rent-a-phish operation

  Microsoft’s Digital Crimes Unit has conducted a successful takedown of almost 250 malicious websites used in the cyber criminal ONNX phishing-as-a-service operation

• November 21, 2024 21 Nov'24

  Brit charged in US over Scattered Spider cyber attacks

  A UK national named as Tyler Robert Buchanan has been charged in the US over his alleged involvement in cyber attacks perpetrated by the Scattered Spider gang

• November 20, 2024 20 Nov'24

  Apple addresses two iPhone, Mac zero-days

  Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks

• November 19, 2024 19 Nov'24

  AI readiness stalls in APAC

  Despite significant investment in AI, only 15% of organisations in Asia-Pacific are ready to deploy the technology today, according to Cisco’s latest regional AI readiness survey

• November 18, 2024 18 Nov'24

  UK consumers losing more than ever to holiday scams

  Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign

• November 14, 2024 14 Nov'24

  Williams Racing F1 team supports kids cyber campaign

  A multi-region campaign will teach pre-teen children cyber security basics – with a little help from Formula 1 star Alex Albon

• November 14, 2024 14 Nov'24

  Ping CEO on ForgeRock integration and future of identity

  Ping Identity CEO Andre Durand discusses the company’s unified roadmap, commitment to customer stability and growth plans in the evolving identity landscape following the merger with ForgeRock

• November 13, 2024 13 Nov'24

  China’s Volt Typhoon rebuilds botnet in wake of takedown

  Nine months after its malicious botnet comprising legacy routers was disrupted by the Americans, Chinese APT Volt Typhoon is rebuilding and presents as persistent a threat as ever

• November 13, 2024 13 Nov'24

  Ex-boxer fights US government over legality of Sky ECC cryptophone intercepts

  Lawyers for former heavyweight boxer Goran Gogic argue that US prosecutors’ reliance on messages obtained by a European police hacking operation into the SKY ECC encrypted phone network breaches the US constitution

• November 12, 2024 12 Nov'24

  Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

  High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update

• November 12, 2024 12 Nov'24

  Zero-day exploits increasingly sought out by attackers

  Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023

• November 12, 2024 12 Nov'24

  More data stolen in 2023 MOVEit attacks comes to light

  Over a year since the infamous MOVEit Transfer cyber attacks affected thousands of organisations, more new victims have come to light after an anonymous threat actor leaked their data on the dark web

• November 12, 2024 12 Nov'24

  Police cloud project raises data protection concerns despite legal reforms

  Ongoing data protection issues with the use of hyperscale public cloud infrastructure by UK police could complicate the ambitions of nine forces to move their common records management system into the cloud

• November 12, 2024 12 Nov'24

  How quantum computing could reshape financial services

  Experts at the Singapore FinTech Festival predict quantum computing will improve risk management, investment strategies and fraud detection in the financial sector, while also posing new challenges for data security

• November 08, 2024 08 Nov'24

  ESET shines light on cyber criminal RedLine empire

  ESET publishes fresh data on the inner workings of the RedLine Stealer malware empire, which was taken down at the end of October

• November 07, 2024 07 Nov'24

  AI a force multiplier for the bad guys, say cyber pros

  CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders

• November 01, 2024 01 Nov'24

  CISA looks to global collaboration as fraught US election begins

  The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats

• October 30, 2024 30 Oct'24

  RedLine, Meta malwares meet their demise at hands of Dutch cops

  A multinational action led by authorities in the Netherlands has resulted in the takedown of the notorious RedLine and Meta infostealer malwares

• October 25, 2024 25 Oct'24

  Dutch critical infrastructure at risk despite high leadership confidence

  Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise

• October 23, 2024 23 Oct'24

  Government hails Cyber Essentials success

  Scheme to help keep organisations’ IT safe and secure has given businesses more confidence they won’t fall victim to a cyber attack

• October 23, 2024 23 Oct'24

  Democracy campaigner to sue Saudi Arabia over Pegasus and QuaDream spyware in UK court

  Pro-democracy campaigner Yahya Assiri given permission to file legal action in London court against Saudi Arabia over its use of Israeli spyware

• October 22, 2024 22 Oct'24

  Danish government reboots cyber security council amid AI expansion

  Denmark’s government relaunches digital security initiative to protect business sectors and society at large

• October 21, 2024 21 Oct'24

  Can AI be secure? Experts discuss emerging threats and AI safety

  International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence

• October 17, 2024 17 Oct'24

  NCSC chief warns of gap in cyber threats and defence capabilities

  The UK and its allies must take collective action to improve their cyber resilience and repel the increasing volume of severe cyber attacks, says NCSC chief

• October 17, 2024 17 Oct'24

  EU cyber security bill NIS2 hits compliance deadline

  The EU’s NIS2 bill will harmonise how companies and member states approach cyber security, but its success will depend on how well it is implemented and enforced

• October 15, 2024 15 Oct'24

  NCSC expands school cyber service to academies and private schools

  The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK

• October 10, 2024 10 Oct'24

  NCSC issues fresh alert over wave of Cozy Bear activity

  The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks

• October 10, 2024 10 Oct'24

  Government launches cyber standard for local authorities

  Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks