Hackers and cybercrime prevention

Irish health service hit by major ransomware attack

IT systems in hospitals across Ireland have been switched off following a significant ransomware attack Continue Reading

Dutch police used deep learning model to predict threats to life

Dutch police developed a deep learning model in their EncroChat investigation to predict which messages contain serious threats to life Continue Reading

The shape of fraud and cyber crime: 10 things we learned from 2020

While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises Continue Reading

Publishing exploit code does more harm than good, says report

Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading

Biden beefs up public-private security cooperation

Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing Continue Reading

Refuge launches tech safety site for domestic abuse victims

Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse Continue Reading

Verizon DBIR underscores year of unprecedented cyber challenge

Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt Continue Reading

Inside DarkSide: Researchers share intel on break-out cyber gang

Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means Continue Reading

CyberUK 2021: NCSC encourages startups to invest in cyber

National Cyber Security Centre is launching bespoke cyber security guidance aimed at the UK’s valuable startup community Continue Reading

UK to fund national cyber teams in Global South

Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity Continue Reading

Microsoft fixes four critical bugs on lighter Patch Tuesday

Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away Continue Reading

The Security Interviews: Why helpful bots could hurt vaccine roll-outs

Earlier this year, spikes in traffic to websites containing information about Covid-19 vaccines were attributed by Imperva to automated bots scraping data. Why is that a problem? Continue Reading

UK Plc invited to sign up for Early Warning of cyber incidents

The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages Continue Reading

NCSC cyber guidance targets cloud and home working

The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware Continue Reading

Collaboration key to success of UK’s Cyber Security Council

The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading

Government to reform Computer Misuse Act

Home secretary Priti Patel will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world Continue Reading

SolarWinds CEO calls for collective action against state attacks

SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states Continue Reading

Swedish court finds ambiguities in hacked EncroChat cryptophone evidence

Defence lawyer claims evidence obtained by hacking the EncroChat encrypted phone network has ‘no legal’ value following Swedish appeal court ruling Continue Reading

Colonial Pipeline ransomware attack has grave consequences

The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide Continue Reading

NCSC Active Cyber Defence blocks surge of pandemic scams

The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic Continue Reading

How do I get my users to pay attention to security training?

As cyber security risks grow daily, businesses must educate staff about these through cyber awareness training. But how can they ensure this is taken seriously by employees? Continue Reading

NCSC, CISA publish new information on Russia’s Cozy Bear

New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics Continue Reading

NCSC publishes smart city security guidelines

Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects Continue Reading

Cyber accreditation to improve legal standing of security pros

Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve Continue Reading

Securing the UK's emerging smart cities

UK councils have a huge opportunity to improve services through the use of smart city technologies - but they must avoid the cyber security risks, says the government's digital minister Continue Reading

Reddit enlists HackerOne to run public bug bounty programme

Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading

Ransomware, supply chain attacks show no sign of abating

Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors Continue Reading

Government urged to add scam protections to Online Safety Bill

Group of organisations calls for the government to use the Online Safety Bill to protect people from cyber scams Continue Reading

Google to introduce mandatory MFA for users

In future, holders of Google accounts will have no option but to use multifactor authentication if they want to use the firm’s services Continue Reading

HSBC blocks £249m in UK fraud with voice biometrics

HSBC voice recognition technology has reduced telephone banking fraud as demand for the channel increases Continue Reading

Sophos: How timely intervention stopped a ProxyLogon attack

A recent incident at an undisclosed customer sheds new light on how malicious actors exploit unpatched Microsoft Exchange servers Continue Reading

New standard to simplify IoT device onboarding

Fido Alliance’s device onboarding protocol will automate the process of connecting internet-of-things devices to device management platforms while improving security Continue Reading

EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat Continue Reading

Northern Ireland pilots security training plan for 16-25s

Pilot scheme in Northern Ireland aims to widen access to cyber security careers Continue Reading

How to tackle intellectual property crime

Crimes against intellectual property are big business for organised crime groups, commercial competitors and foreign states alike. In the first of a series of legal columns, David Cowan offers a practical approach Continue Reading

Covid-19 security challenges leave bank customers at risk

Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud Continue Reading

Recruiters can’t afford to hold out for cyber ‘unicorns’

The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading

Office 365 compromise likely led to Merseyrail ransomware attack

Compromise of Merseyrail employee data seems to have begun after a key email account was hacked Continue Reading

Total cost of ransomware attack heading towards $2m

Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances Continue Reading

Why we need to reset the debate on end-to-end encryption to protect children

Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent Continue Reading

Apple OS updates patch multiple security holes

The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible Continue Reading

North London school wins NCSC girls’ cyber challenge

Highgate School in North London is the winner of this year’s CyberFirst Girls security competition Continue Reading

UnitingCare Queensland hit by cyber attack

Healthcare service provider UnitingCare Queensland was reportedly hit by a ransomware attack that crippled several IT systems Continue Reading

How Toffs is seizing Asia’s CDN market

Toffs Technologies is eyeing second- and third-tier cities in Asia as it bolsters its infrastructure and experiments with the use of home networks as content delivery networks Continue Reading

GCHQ: Cyber investment a guarantor of UK’s global status

GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future Continue Reading

Researchers shed more light on APT29 activity during SolarWinds attack

RiskIQ’s Atlas threat intel team uncovers new patterns and threat infrastructure used in the SolarWind’s attacks Continue Reading

ToxicEye malware exploits Telegram messaging service

The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye Continue Reading

NCSC offers teachers free cyber security training

The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack Continue Reading

SonicWall Email Security zero-days need urgent patch

Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response Continue Reading

Time is running out to probe networks for Emotet

Security teams will lose an unprecedented opportunity to gain valuable intelligence to enhance their defences when Emotet is finally ‘executed’ in a few days’ time Continue Reading

UK’s proposed IoT cyber security law gathers momentum

New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security Continue Reading

Chinese APT exploits critical CVE in Pulse Secure VPN

A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today Continue Reading

Codecov supply chain attack has echoes of SolarWinds

Supply chain attack on code auditing service may have compromised the likes of HPE and IBM Continue Reading

Singapore’s ViewQwest debuts security service

ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats Continue Reading

Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

Facebook faces growing government pressure to abandon its plans to offer users end-to-end encryption to secure the privacy of their messages as the NSPCC raises concerns about child protection Continue Reading

The Secret IR Insider’s Diary – from Sunburst to DarkSide

From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way Continue Reading

Finnish government strengthens country’s IT network security

Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading

Biden sanctions Russia over SolarWinds cyber attacks

US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies Continue Reading

University of Hertfordshire is latest academic cyber attack victim

Multiple systems are offline at the University of Hertfordshire following a cyber attack Continue Reading

Microsoft is most impersonated brand in phishing attempts

Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts Continue Reading

FBI accesses ProxyLogon target servers to disrupt cyber criminals

US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation Continue Reading

NSA unearths more MS Exchange vulnerabilities

Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency Continue Reading

MP told to ditch official email over hacking fears

MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked Continue Reading

Covid-19 left people feeling vulnerable to cyber crime

Around 15 million people in the UK experienced cybercrime in the past 12 months, with a cumulative 64 million hours wasted dealing with the fallout Continue Reading

Millions of devices at risk from NAME:WRECK DNS bugs

Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk Continue Reading

EncroChat lawyers raise questions over use of PII secrecy orders on UK decryption capabilities

Lawyers claim that public interest immunity certificates may have been used to withhold information on UK intelligence agencies’ ability to decrypt encrypted communications Continue Reading

Vaccine passports and travel plans race up Covid threat charts

With lockdown restrictions easing in the UK, cyber criminals are tailoring their phishing lures to new areas of interest Continue Reading

Why some jobseekers have turned to cyber crime during the pandemic

Research shows that many people have been seeking cyber crime-related work on the dark web, but why? Continue Reading

Executive interview: Unleashing blockchain’s potential

Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology Continue Reading

Egypt, Italy and US most affected in Facebook leak

Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading

NCSC: Using your pet’s name as a password is very stupid

If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading

Cring ransomware hits ICS through two-year-old bug

A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware Continue Reading

Nation-state cyber attacks double in three years

Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project Continue Reading

Facebook ducks calls to apologise over huge data leak

Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading

Unpatched SAP applications are target-rich ground for hackers

Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities Continue Reading

Facebook data leak could be outside scope of GDPR

Regulators may be unable to do much about leaked data on 533 million Facebook users, as it seems to have been stolen before GDPR came into force Continue Reading

EncroChat hearings delayed as lawyers seek disclosure on police hacking

Court hearings precipitated by police cracking the EncroChat secure mobile phone network have been delayed after defence lawyers request further disclosures on police decryption capabilities Continue Reading

How to build a honeypot to increase network security

Create a honeypot that will trap attackers and monitor their activities to enhance your organization's network security. This step-by-step guide takes you through the process. Continue Reading

NHS is apparently closing security skills gap

By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before Continue Reading

Security Think Tank: Evolving threats, tech, leaves CNI exposed

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Ransomware attack on London schools highlights warnings

Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector Continue Reading

New cyberthreats remind us of the need for hyper-vigilance

This is a guest post by Kerry Singleton, managing director for cyber security at Cisco Asia-Pacific, Japan and China In recent weeks, we’ve seen a number of significant cybersecurity threats ... Continue Reading

The Security Interviews: How to secure an F1 team in a pandemic

A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data Continue Reading

UK courts face evidence ‘black hole’ over police EncroChat mass hacking

French investigators have refused to disclose how they downloaded millions of messages from a supposedly secure cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence Continue Reading

Cyber attack takes Channel Nine off-air

The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio Continue Reading

Retailer FatFace pays $2m ransom to Conti cyber criminals

Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate Continue Reading

Leading Israeli IoT firm lands in US as worldwide malware attacks surge

With US end-user internet of things devices expected to grow to $1.6tn by 2025 and with more than 5.4 billion IoT connected devices in North America alone, tech firms and the black hat community are weighing up the potential Continue Reading

‘Major’ security flaw detected in 5G core network slicing design

Mobile security specialist details potentially revenue-threatening vulnerabilities with key element of next-generation networks and reveals plans to work with industry to provide mitigation prior to widespread deployments Continue Reading

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber Continue Reading

Facebook disrupts Chinese espionage operation

Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority Continue Reading

More than £34.5m stolen in pandemic scams over past year

City of London Police and National Cyber Security Centre report large uptick in threats and crime related to Covid-19 over the past year, in some cases directed specifically at health organisations Continue Reading

Oil giant Shell hit through Accellion FTA breach

Energy firm discloses cyber attack through Accellion File Transfer Appliance Continue Reading

Apparent drop in cyber incidents highlights underlying problems

UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report Continue Reading

UK faces significant cyber talent shortfall

Cyber security sector is struggling to attract the talented workforce it needs Continue Reading

Cyber criminals forging Covid-19 vaccine certificates

Vaccine passports and certificates are gaining mainstream traction, which means cyber criminals are also on the bandwagon Continue Reading

How to choose the right email security service for your organisation

With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider Continue Reading

NCSC beefs up support for education sector after spate of attacks

Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks Continue Reading

Security Think Tank: Attacks on CNI – an evolving frontier in warfare

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Would the UK really nuke a cyber attacker?

In this week’s Computer Weekly, did the UK’s defence and security review really suggest a nuclear response to a cyber attack? Data visualisation has been widely used to explain the Covid-19 pandemic, but not always that effectively. And jewellery retailer Pandora explains how it kept the personal touch as customers went online. Read the issue now. Continue Reading