News
Security policy and user awareness
-
September 18, 2024
18
Sep'24
NCSC exposes Chinese company running malicious Mirai botnet
The NCSC and its Five Eyes allies have published details of the activities of a China-based cyber security company that is operating a Mirai IoT botnet in the service of government-backed intrusions
-
September 13, 2024
13
Sep'24
Cyber workforce must almost double to meet global talent need
Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses
-
September 11, 2024
11
Sep'24
How Sonar is elevating code quality in the age of AI
Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market
-
September 11, 2024
11
Sep'24
ICO and NCA sign MoU to provide joint support for cyber crime victims
UK data protection watchdog joins forces with law enforcement agency to provide more support for organisations that fall victim to cyber crime and ransomware attacks
-
September 10, 2024
10
Sep'24
JFrog and GitHub unveil open source security integrations
Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform
-
September 05, 2024
05
Sep'24
NCSC and allies call out Russia's Unit 29155 over cyber warfare
The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155
-
September 05, 2024
05
Sep'24
Fog ransomware crew evolving into wide-ranging threat
The emergent Fog ransomware gang appears to be changing up its victimology in search of more cash-rich victims
-
September 05, 2024
05
Sep'24
Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation
Thomas Herdman, who faces charges in France over his involvement in distributing Sky ECC encrypted phones, was arrested by French police despite agreeing to cooperate with US law enforcement
-
September 04, 2024
04
Sep'24
Fraud and scam complaints hit highest ever level in UK
The Financial Ombudsman Service says it recorded almost 9,000 complaints about fraud and scams from April to June, the most ever recorded
-
August 29, 2024
29
Aug'24
Check Point secured for annual Security Serious cyber awards
The annual Security Serious Unsung Heroes awards, recognising the champions of the UK cyber security industry, are back once again, with a new headline sponsor joining the party
-
August 29, 2024
29
Aug'24
Iranian APT caught acting as access broker for ransomware crews
Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits
-
August 28, 2024
28
Aug'24
Iranian APT Peach Sandstorm teases new Tickler malware
Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack sequence
-
August 28, 2024
28
Aug'24
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner
-
August 22, 2024
22
Aug'24
New Qilin tactics a ‘bonus multiplier’ for ransomware chaos
Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line.
-
August 21, 2024
21
Aug'24
Pakistani national arrested over Southport ‘cyber terrorism’
Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack
-
August 20, 2024
20
Aug'24
Phishing links becoming bigger threat than email attachments
Phishing techniques are evolving away from malicious email attachments, according to a report
-
August 19, 2024
19
Aug'24
Challenges of deploying PQC globally
Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy
-
August 16, 2024
16
Aug'24
Thousands of NetSuite customers accidentally exposing their data
Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say
-
August 14, 2024
14
Aug'24
August Patch Tuesday proves busy with six zero-days to fix
Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update
-
August 08, 2024
08
Aug'24
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA
-
August 08, 2024
08
Aug'24
US lawmakers seek to brand ransomware gangs as terrorists
Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers
-
August 06, 2024
06
Aug'24
Advanced faces fine over LockBit attack that crippled NHS 111
Advanced Software faces a multimillion pound fine for a series of failings which directly led to a 2022 LockBit ransomware attack that disrupted NHS and social care services across the UK
-
August 06, 2024
06
Aug'24
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies
-
August 05, 2024
05
Aug'24
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824
-
August 05, 2024
05
Aug'24
World’s largest companies at near-universal risk of supply chain breach
Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats
-
August 05, 2024
05
Aug'24
Russia’s luxury car phish continues to prove effective
Government organisations and other bodies operating in Ukraine continue to be targeted by a relatively unsophisticated phishing campaign that has proven so effective for Russia’s cyber spooks that there are now multiple agencies involved
-
August 01, 2024
01
Aug'24
Police hunt scammers after takedown of Russian Coms fraud platform
The National Crime Agency has arrested four people after taking down a phone number spoofing platform used by criminals to defraud hundreds of thousands of people in the UK with more arrests to follow
-
August 01, 2024
01
Aug'24
Banks, telcos call for more data sharing to fight fraud
A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud
-
July 31, 2024
31
Jul'24
Campaigners call for evidence to reform UK cyber laws
The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work
-
July 29, 2024
29
Jul'24
Scam CrowdStrike domains growing in volume
Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out
-
July 29, 2024
29
Jul'24
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week
-
July 25, 2024
25
Jul'24
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets
-
July 24, 2024
24
Jul'24
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms
-
July 23, 2024
23
Jul'24
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident
-
July 23, 2024
23
Jul'24
Chrome cookies reprieved amid Google Privacy Sandbox changes
Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users
-
July 22, 2024
22
Jul'24
NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest
-
July 22, 2024
22
Jul'24
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow
-
July 18, 2024
18
Jul'24
Growth in nude image sharing heightens cyber abuse risk
The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky
-
July 17, 2024
17
Jul'24
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting
-
July 17, 2024
17
Jul'24
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements
-
July 16, 2024
16
Jul'24
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre
-
July 12, 2024
12
Jul'24
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment
-
July 12, 2024
12
Jul'24
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report
-
July 11, 2024
11
Jul'24
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain
-
July 11, 2024
11
Jul'24
Inside Israel’s cyber security operations
An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure
-
July 09, 2024
09
Jul'24
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention
-
July 09, 2024
09
Jul'24
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert
-
July 09, 2024
09
Jul'24
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties
-
July 08, 2024
08
Jul'24
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning
-
July 03, 2024
03
Jul'24
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes