News

Security policy and user awareness

• January 18, 2023 18 Jan'23

  Ukraine CERT leaders touch down in London for talks

  The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience

• January 18, 2023 18 Jan'23

  Oracle and CBI: companies cautious, selective in 2023 IT, business investment

  Oracle and the CBI are seeing much the same picture of cautious technology investment of UK businesses in 2023, in the context of long Covid and the energy price inflation crisis

• January 17, 2023 17 Jan'23

  Cloudflare urged to clamp down on pirates, counterfeiters

  A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods

• January 17, 2023 17 Jan'23

  Royal Mail promises ‘workarounds’ to restore services after ransomware attack

  Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future

• January 16, 2023 16 Jan'23

  The Security Interviews: Protecting your digital self

  Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation?

• January 12, 2023 12 Jan'23

  Guardian confirms Christmas 2022 cyber attack was ransomware

  Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack

• January 11, 2023 11 Jan'23

  Should we be worried about malicious use of AI language models?

  WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?

• January 11, 2023 11 Jan'23

  Microsoft fixes EoP zero-day on January Patch Tuesday

  On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns

• January 08, 2023 08 Jan'23

  Vulnerable organisations to get free Cyber Essentials support

  Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre

• January 06, 2023 06 Jan'23

  Russia’s Turla falls back on old malware C2 domains to avoid detection

  Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals

• January 06, 2023 06 Jan'23

  Vice Society cyber gang targeted multiple UK schools

  The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK

• January 05, 2023 05 Jan'23

  Cyber gang abused free trials to exploit public cloud CPU resources

  A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying

• January 05, 2023 05 Jan'23

  Warning over ransomware attacks spreading via Fortinet kit

  Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web

• December 22, 2022 22 Dec'22

  NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

  The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 22, 2022 22 Dec'22

  Top 10 cyber crime stories of 2022

  Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents

• December 16, 2022 16 Dec'22

  Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

  National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time

• December 16, 2022 16 Dec'22

  UK unis implement new IP traffic policies to combat ransomware

  Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature

• December 15, 2022 15 Dec'22

  Lego fixes dangerous API vulnerability in BrickLink service

  The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas

• December 14, 2022 14 Dec'22

  Private health provider data could be shared with NHS England

  Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal

• December 14, 2022 14 Dec'22

  Advanced Azov data wiper likely to become active threat

  Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily

• December 14, 2022 14 Dec'22

  NHS gets new guidance on public benefits of data sharing

  NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care

• December 14, 2022 14 Dec'22

  Ethical hackers flex their muscles in 2022

  Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021

• December 14, 2022 14 Dec'22

  Microsoft fixes two zero-days in final Patch Tuesday of 2022

  December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over

• December 13, 2022 13 Dec'22

  The nature of the CISO role will be in flux in 2023

  As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 13, 2022 13 Dec'22

  More Uber data exposed in possible supply chain attack

  A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack

• December 11, 2022 11 Dec'22

  How Zscaler is cracking APAC’s cloud security market

  Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better

• December 09, 2022 09 Dec'22

  CIISec, DCMS to fund vocational cyber courses for A-level students

  The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers

• December 09, 2022 09 Dec'22

  Iranian APT seen exploiting GitHub repository as C2 mechanism

  A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware

• December 08, 2022 08 Dec'22

  Consumers to get new protections against dodgy apps

  Government’s new code of practice will impose new privacy and security measures on app store operators and developers

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• December 07, 2022 07 Dec'22

  Rackspace email outage confirmed as ransomware attack

  An ongoing outage affecting Rackspace email customers is the result of a ransomware attack

• December 07, 2022 07 Dec'22

  Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

  Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November

• December 06, 2022 06 Dec'22

  Don’t become an unwitting tool in Russia’s cyber war

  Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?

• December 05, 2022 05 Dec'22

  Fake investment ads persist on Meta’s social networks

  Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them

• December 05, 2022 05 Dec'22

  French cyber consultancy Hackuity sets up UK operation

  Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base

• December 02, 2022 02 Dec'22

  Twitter ‘replacement’ Hive Social shuts off service in privacy alert

  Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers

• December 01, 2022 01 Dec'22

  MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

  Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

• November 30, 2022 30 Nov'22

  South Staffs Water customer data leaked after ransomware attack

  Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack

• November 30, 2022 30 Nov'22

  Latest LockBit ransomware versions have wormable capabilities

  Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter

• November 30, 2022 30 Nov'22

  NIS regulations to be extended to cover MSPs

  The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope

• November 29, 2022 29 Nov'22

  Cyber criminals exploiting naked TikTok ‘challenge’

  Malware operators lured targets by promising them they would be able to view nude videos of TikTok users

• November 27, 2022 27 Nov'22

  Plexal inducts six into cyber leadership scheme

  Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  UK police arrest 120 in largest-ever cyber fraud crackdown

  The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 22, 2022 22 Nov'22

  Ducktail spins new tales to hijack Facebook Business accounts

  The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts