Hackers and cybercrime prevention

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading

Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading

Judge to give verdict on Julian Assange’s extradition after Christmas

Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US Continue Reading

WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan Continue Reading

Blackbaud admits hackers stole banking details, passwords

Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought Continue Reading

‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors Continue Reading

Julian Assange would be held with convicted terrorist Abu Hamza in supermax prison, court hears

WikiLeaks founder Julian Assange would be held alongside convicted terrorist Abu Hamza in a supermax federal prison in Colorado, isolated from other prisoners, if he is extradited to the US, Old Bailey told Continue Reading

Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading

NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading

NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading

Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware Continue Reading

Julian Assange would be held in ‘solitary confinement’ in US jail

WikiLeaks founder would be held in a cell the size of a parking space for 22 or 23 hours a day without contact with other inmates before trial Continue Reading

Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Forensic expert questions US claims that Julian Assange conspired to crack military password

Forensic computer expert Patrick Eller told the Old Bailey that US allegations that WikiLeaks founder Julian Assange attempted to decrypt a password to help former soldier Chelsea Manning leak sensitive government documents anonymously do not fit with the evidence Continue Reading

Covid-19 has changed how we think about cyber security forever

Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading

‘Not unjust’ to extradite WilkiLeaks founder Julian Assange, court hears

Nigel Blackwood, NHS consultant psychiatrist, told the Old Bailey court that WikiLeaks founder Julian Assange had ‘moderate depression’ and autistic traits, but said they did not prevent his extradition Continue Reading

Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading

Top five ways backup can protect against ransomware

Ransomware threatens to put your data beyond reach, so the best way to prepare is to have good-quality data you can restore from backup. We look at the key things to consider Continue Reading

Race to patch as Microsoft confirms Zerologon attacks in the wild

Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading

WikiLeaks founder Julian Assange has Asperger syndrome and depression, court hears

Julian Assange is on the autistic spectrum and has a history of depression that would put him at risk of suicide if he is extradited to a US prison, psychiatrists tell the court Continue Reading

Public admires security professionals, but doesn’t want their jobs

(ISC)² research finds attitudes towards security roles are increasingly positive, but not many people fancy joining the fight against cyber crime Continue Reading

Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading

US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading

Activision shoots down data breach claims

Gaming company denies there has been any data breach after up to 500,000 accounts appeared to have been compromised, but evidence mounts that credential stuffing attacks are to blame Continue Reading

Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading

WikiLeaks published unredacted cables after password was disclosed in book

WikiLeaks published a cache of unredacted government cables after the publication of a book containing the password led to their publication on other parts of the internet, court told Continue Reading

Trump implicated in plans to prosecute Assange over war leaks

US journalist and Trump supporter, Cassandra Fairbanks, said she was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning Continue Reading

WikiLeaks cables showed US interfered in German torture investigation

Khalid El-Masri, a German citizen who was kidnapped and tortured by the CIA in a case of mistaken identity, told a court that disclosures by WikiLeaks showed that the US had intervened in a German judicial investigation into his treatment Continue Reading

WikiLeaks video ‘electrified’ public to civilian war deaths, court hears

New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths Continue Reading

Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit

Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security Continue Reading

Outgoing NCSC CEO: Ransomware threat kept us up at night

Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK Continue Reading

Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump Continue Reading

German authorities probe ransomware hospital death

Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient Continue Reading

Rampant Kitten spent six years hacking Iranian dissidents

Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists Continue Reading

Maze ransomware borrows Ragnar Locker tactics to sneak past defences

New research from the Sophos threat response team has found the Maze ransomware gang has adopted techniques pioneered by the cyber criminals behind Ragnar Locker Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

Seven charged in connection with Chinese state-backed cyber attacks

Attacks by APT41, or Wicked Panda, targeted hundreds of organisations, including the UK government Continue Reading

Assange revelations among most important in US history, says Daniel Ellsberg

Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading

Julian Assange held back 15,000 documents to prevent harm to US government

Investigative journalist John Goetz said today that WikiLeaks held back publication of thousands of documents that could harm individuals Continue Reading

Retailers urged to get to grips with Magento as attacks spike

A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento Continue Reading

Banks report surge in impersonation scams

Fraudsters are using the Covid-19 crisis to trick people into transferring money to them Continue Reading

Lorca security scaleups to get Splunk data expertise

Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading

Western Australia government goes all-in on Microsoft

State agencies in Western Australia will be able to tap Azure cloud services and cloud applications through a new Microsoft agreement Continue Reading

MEPs denied access as observers to Julian Assange extradition hearing

MEPs and NGOs say they have been denied access to observe extradition proceedings against WikiLeaks founder in Central Criminal Court Continue Reading

Julian Assange faces solitary confinement if extradited, court hears

WikiLeaks founder Julian Assange will be held under special administrative measures if extradited to the US, said Eric Lewis, a US legal expert, effectively placing him in solitary confinement Continue Reading

CW Europe: IT expertise in banks’ boardrooms reduces risk, says European regulator

Banks have for many years been underpinned by vast IT operations, but in the age of digital banking the IT is now front, centre and back of operations. It is therefore surprising that there are relatively few IT professionals sitting on the boards of Europe’s big banks. Read the issue now. Continue Reading

Travel industry websites are laughably insecure, claims Which?

The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading

Zoom adds two-factor authentication for all users

Latest enhancements to Zoom security make it easier for organisations to protect users and prevent breaches and unauthorised meeting access Continue Reading

Russian interference in US elections ramps up on schedule

With the critical US 2020 presidential election looming, Russian-state backed hackers are once again after organisations directly involved in political elections, launching thousands of targeted attacks Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Lorca security scaleups hit funding milestone

£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target Continue Reading

Datacentre firm Equinix investigating ransomware attack

A number of internal systems at cloud and datacentre firm Equinix have been affected by a ransomware attack Continue Reading

Government launches £500k healthcare security plan

A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic Continue Reading

Assange prosecution would put journalists around the world at risk

Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes WikiLeaks founder Julian Assange, every reporter who receives a secret document will be criminalised Continue Reading

Branch-based anti-fraud scheme to be expanded to online banking

A successful branch-based anti-fraud scheme will be expanded by banks to include online and telephone banking Continue Reading

September’s Patch Tuesday heavy on RCE vulnerabilities

Microsoft’s September update contains patches for 129 common vulnerabilities and exposures, including a high number of remote code execution issues Continue Reading

US conspiracy charges against WikiLeaks founder Julian Assange ‘politically motivated’

US journalism historian and investigative journalist Mark Feldstein tells a UK court that use of the Espionage Act against Assange will have wide implications for the press Continue Reading

Julian Assange warned against interrupting witnesses in extradition hearing

On the second day of his extradition hearing at the Old Bailey, judge informs the WikiLeaks founder he could be removed and potentially banned from court for interrupting witnesses Continue Reading

Court rejects request to exclude ‘11th hour’ US evidence against WikiLeaks founder Julian Assange

Lawyers for Julian Assange say the US has introduced an 11th hour indictment against the WikiLeaks founder that provides additional grounds for his extradition Continue Reading

Why predictive threat intelligence is key

Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading

Lockdown sees increase in girls applying for GCHQ cyber courses

The shift to online learning saw an increase in participants for its CyberFirst cyber security training programme, GCHQ found Continue Reading

Phishing scam targets Lloyds Bank customers

Bank customers warned of emails and SMS messages that direct them to a fraudulent site and then request account log-in details Continue Reading

Only 10% of tech talent have cyber skills to fill skills gap

The UK has a growing need for cyber skills as a result of the pandemic, but few IT professionals have the skills firms actually need Continue Reading

One actor behind Magecart skimmer kit

RiskIQ has identified that variations in software tools used for Magecart ecommerce site attacks are based on kits from the same group Continue Reading

UK businesses hardest hit financially by fallout from cyber attacks, research shows

Latest edition of Hiscox’s annual cyber readiness report suggests UK businesses are among those worst affected by the financial fallout from cyber attacks Continue Reading

Northumbria University suffers major disruption after cyber attack

Some exams cancelled as university appoints external specialists to investigate incident Continue Reading

Norway’s corporates want government to support ‘herd immunity’ to cyber attack

Leading business organisations in Norway call on government to play a more active role in improving and coordinating the country’s cyber defences Continue Reading

New Zealand activates security services as DDoS outage enters fourth day

New Zealand government calls in its national cyber security agencies to help investigate a continuing cyber attack on the country’s financial systems Continue Reading

Machine learning wards off threats at TV studio Bunim Murray

TV studio behind reality hits including The Real World and Keeping Up With The Kardashians turned to Darktrace’s Antigena email protection service to keep its people safe from Covid-19 threats Continue Reading

Benefit fraud: Underground trade in stolen identities revealed

A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading

DDoS downs New Zealand stock exchange for third day

Distributed denial of service attack from overseas has left stock exchange offline for days Continue Reading

Double extortion ransomware attacks and how to stop them

As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks Continue Reading

Avaddon ransomware operators having a go at double extortion

The operators of the Avaddon ransomware seem to be tooling up to leak the data of their victims in addition to holding it to ransom, Cofense researchers confirm Continue Reading

North Korea’s Lazarus targets cryptocurrency vertical

APT group behind the infamous WannaCry incident is targeting cryptocurrency operators, according to new research Continue Reading

Getting physical with datacentre security

Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre Continue Reading

Australian regulator sues RI Advice for cyber security lapses

The Australian Securities and Investments Commission is suing RI Advice for cyber security breaches at the financial firm’s authorised representatives Continue Reading

Social media data leak highlights murky world of data scraping

A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading

HMRC investigates over 10,000 Covid-19 phishing reports

HM Revenue & Customs received thousands of reports of coronavirus phishing scams exploiting its name during April, May and June Continue Reading

Marriott slapped with class action lawsuit over 2018 breach

Group action brings together millions of victims who stayed at the Starwood hotel chain over a four-year period Continue Reading

Carnival cruise lines hit by ransomware, customer data stolen

Cruise ship operator is likely to be the victim of a major data breach after customer information is apparently stolen in a ransomware attack Continue Reading

US decision to file new charges against Julian Assange ‘astonishing and potentially abusive’

Lawyer for WikiLeaks founder slams US decision to serve a second indictment at the 11th hour alleging that Assange conspired with hackers, as a potential abuse of process Continue Reading

Russia’s Fancy Bear targets Linux environments with Drovorub malware

The Russian intelligence-linked Fancy Bear group is deploying a new malware called Drovorub against Linux environments as part of a cyber espionage operation, according to US warnings Continue Reading

Ed Sheeran is not promoting investment opportunities, says NCSC

The National Cyber Security Centre has issued a new warning after uncovering a series of online scams promoting fraudulent celebrity-endorsed investment opportunities Continue Reading

CW Benelux: Security system concerns at Schiphol Airport

A report has revealed problems with critical security systems at Amsterdam’s Schiphol Airport. Also read why the Netherlands’ digital sector is yearning for attention from the government, and how data weaknesses persist despite Dutch companies investing heavily to comply with GDPR. Continue Reading

APAC consumers do not feel responsible for data security

Just one in four consumers believe they should protect their own data, underscoring the tightrope between security and convenience that organisations have been walking on Continue Reading

How Dharma ransomware became an effective services business

New research looks under the bonnet of a Dharma ransomware attack, with the ransomware's ease of use being particularly dangerous for small to medium-sized enterprises Continue Reading

Microsoft patches two zero-days with active exploits

Microsoft drops another major Patch Tuesday update, including fixes for two zero-day exploits that are already being exploited by cyber criminals Continue Reading

Security training body Sans Institute hit by data breach

Around 28,000 items of personally identifiable data were lost in a phishing attack on Sans, proving that even the professionals can be caught out Continue Reading

NHS hit by thousands of malicious emails at height of pandemic

The NHS received nearly 30,000 malicious emails at the height of the Covid-19 pandemic in March and April Continue Reading

Citrix users urged to patch five XenMobile CVEs

Patches are available for CVEs 2020-8208 through 8212 and should be installed as soon as possible Continue Reading

Why data exports from the EU will be challenging without Privacy Shield

Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers   Continue Reading

Coronavirus: Phishing lures pivot to exploit vaccine hopes

Phishing emails are increasingly luring in victims with subject lines relating to the development of a vaccine for Covid-19 Continue Reading

Retailer Monsoon allegedly exposing data via Pulse Connect server

A researcher has found a critically insecure Pulse Connect Secure VPN version belonging to UK retailer Monsoon Accessorize, but claims the firm is ignoring his disclosures Continue Reading

Security teams struggle to keep pace with cloud threats

Security professionals face challenges in keeping pace with cloud deployments and migrations, and the additional security threats they open up Continue Reading

4 tips for proper cyber hygiene during the remote workforce era

IT services firms have a responsibility to secure their clients' remote workforces. Here are four tips for maintaining cyber hygiene in the cloud, using AWS as an example. Continue Reading

Virgin Media customers targeted in Twitter phish

Customers seeking help from the ISP are being targeted by a scam Twitter account Continue Reading

Capital One hit with $80m fine by US regulators over 2019 data breach

US regulator imposes fine over data breach that affected 106 million Capital One customers in the US and Canada Continue Reading

Australia updates cyber security strategy but offers little new

The nation’s latest cyber security strategy includes centralised management of networks and a voluntary code of practice for deploying internet-connected devices, among other areas Continue Reading