News

Security policy and user awareness

• February 10, 2021 10 Feb'21

  Sim-swapping crooks targeted celebrities, influencers

  Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims

• February 09, 2021 09 Feb'21

  Data breaches are a ticking timebomb for consumers

  Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure

• February 09, 2021 09 Feb'21

  ‘Batman Begins’ cyber attack is a warning to CNI providers

  A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services

• February 09, 2021 09 Feb'21

  NHS reports fewer phishing emails in 2020

  The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020

• February 08, 2021 08 Feb'21

  UK Cyber Security Council to take charge of skills strategy

  New government-backed body will be set up to boost careers opportunities and professional standards in the cyber security sector

• February 08, 2021 08 Feb'21

  Too few UK organisations offering cyber training for remote work

  Nearly a year into the pandemic, a study reveals a concerning tendency for organisations not to bother offering security training for remote workers

• February 05, 2021 05 Feb'21

  EncroChat: Appeal court finds ‘digital phone tapping’ admissible in criminal trials

  Appeal Court decides EncroChat-encrypted phone records can be used in criminal trials. Critics say the decision means phone tapping no longer has a ‘clear meaning in the digital age’

• February 05, 2021 05 Feb'21

  Google Chrome update to patch serious zero-day

  A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible

• February 05, 2021 05 Feb'21

  Financial regulatory body bombarded with malicious emails

  New disclosures reveal the FCA’s systems bounced almost a quarter of a million malicious emails in a three-month period

• February 05, 2021 05 Feb'21

  Security firm Stormshield loses source code in cyber attack

  Source code from two products developed by French cyber security firm was compromised in a December 2020 incident

• February 04, 2021 04 Feb'21

  SolarWinds chases multiple leads in breach investigation

  Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised

• February 04, 2021 04 Feb'21

  Fraud and cyber crime still vastly under-reported

  The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate

• February 03, 2021 03 Feb'21

  Crypto malware targets Kubernetes clusters, say researchers

  Newly identified Hildegaard malware targets Kubernetes clusters and seems to herald a new campaign from the TeamTNT gang

• February 03, 2021 03 Feb'21

  ‘Classic’ Cerber ransomware targets health sector in high volumes

  Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• February 02, 2021 02 Feb'21

  Agent Tesla trojan finds new ways to sneak past defences

  Updated versions of Agent Tesla Rat include new techniques that fiddle with code to disable endpoint protection tools on target systems

• February 01, 2021 01 Feb'21

  Serco confirms Babuk ransomware attack

  Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal

• February 01, 2021 01 Feb'21

  CISOs invisible to their organisations, says BT report

  Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard

• January 29, 2021 29 Jan'21

  Biometrics ethics group addresses public-private use of facial recognition

  Home Office’s Biometrics and Forensics Ethics Group releases briefing note on the use of live facial recognition in public–private collaborations following a year-long investigation

• January 29, 2021 29 Jan'21

  Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

  Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee

• January 29, 2021 29 Jan'21

  Human factor dominates Australia’s latest data breach numbers

  The number of data breaches resulting from human error increased by 18% in the second half of 2020, according to Australian government’s latest notifiable data breaches report

• January 28, 2021 28 Jan'21

  Apprenticeships may be a solution to cyber skills shortage, say insiders

  Cyber security professionals are open to new approaches to finding sorely needed talent, according to a poll

• January 28, 2021 28 Jan'21

  End of Emotet: A blow to cyber crime, but don’t drop your guard

  The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact

• January 27, 2021 27 Jan'21

  Pandemic response has improved privacy posture, says Cisco

  Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report

• January 27, 2021 27 Jan'21

  Emotet botnet goes offline as cops seize servers

  The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement

• January 27, 2021 27 Jan'21

  Grindr complaint results in €9.6m GDPR fine

  Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices

• January 27, 2021 27 Jan'21

  Emergency Apple updates patch exploited zero-days

  Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately

• January 26, 2021 26 Jan'21

  Conservatives broke data law to racially profile millions

  The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard

• January 26, 2021 26 Jan'21

  North Korean state attacks legitimate security researchers

  Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group

• January 26, 2021 26 Jan'21

  ICO extends commissioner Denham’s term of office

  Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor

• January 26, 2021 26 Jan'21

  Cyber fraud a national security issue, says Rusi report

  A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud

• January 22, 2021 22 Jan'21

  ICO resumes adtech investigation

  The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe

• January 22, 2021 22 Jan'21

  Sepa data leaks as agency resists ransom demands

  The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Gamarue malware found on government-issued school laptops

  Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia

• January 21, 2021 21 Jan'21

  Two-thirds of CISOs say they’ll be cyber attack victims this year

  Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Should I be worried about MFA-bypassing pass-the-cookie attacks?

  Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations?

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals

• January 19, 2021 19 Jan'21

  UK fraud agency deploys ArcGIS dashboard for data sharing

  The National Fraud Intelligence Bureau says it has achieved improved transparency with the public, as well as saving 3,500 staff hours and £100,000

• January 19, 2021 19 Jan'21

  Click fraud levels reach new heights in pandemic

  Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike

• January 19, 2021 19 Jan'21

  Criminals fiddled stolen Covid-19 vaccine data to damage trust

  Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA

• January 18, 2021 18 Jan'21

  MoD reports 18% rise in data loss incidents

  The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO

• January 18, 2021 18 Jan'21

  Australians lost A$176m to scams in 2020

  Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering

• January 17, 2021 17 Jan'21

  NCSC CyberFirst Girls 2021 contest kicks off

  UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic

• January 15, 2021 15 Jan'21

  US cyber security agencies get $9bn in Biden plan

  New funding proposals come as US government reels from the impact of the December 2020 SolarWinds attack

• January 14, 2021 14 Jan'21

  Unforeseen consequences of new technologies put UK at risk

  Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems

• January 14, 2021 14 Jan'21

  APAC firms grapple with cyber security amid pandemic

  Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work

• January 13, 2021 13 Jan'21

  World’s largest dark web market disrupted in major police operation

  Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender