• Yale Faces Additional Lawsuit After 2011 Breach

    Yale Faces Additional Lawsuit After 2011 BreachDespite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra.Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and both email and home addresses of students was stored on a Yale database. A routine review of its servers
  • Fin Firms: Look to Mobile, Social for Comms Risks

    Fin Firms: Look to Mobile, Social for Comms RisksA survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh.Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey Report. The survey looked at current trends in
  • Evidence suggests crown prince ordered Khashoggi killing, says ex-MI6 chief

    Sir John Sawers says theory that rogue Saudi military officers were responsible is ‘blatant fiction’A former head of MI6 has said all the evidence suggests Saudi Arabia’s Crown Prince Mohammed bin Salman was behind the death of the journalist Jamal Khashoggi, and that the theory that rogue elements in the Saudi military were responsible was “blatant fiction”.Sir John Sawers told the BBC his assessment was based on conversations with senior Whitehall sources and his
  • Flaw in Libssh Grants Admin Control to Servers

    Flaw in Libssh Grants Admin Control to ServersSecurity researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server state.”In the security advisory for CVE-2018-10933, Winter-Smith summarized,
  • Advertisement

  • US Voter Leak Hits Tea Party Organization

    US Voter Leak Hits Tea Party OrganizationThe personal details of over half a million American voters has been leaked after yet another cloud database misconfiguration, this time by a right-wing fundraising organization.Researchers at UpGuard found a publicly readable Amazon S3 storage bucket at the end of August, belonging to the Tea Party Patriots Citizen Fund (TPPCF).The TPPCF is what’s known as a “super PAC” — a political action committee which can raise unlimited fund
  • Experts Question 'Official' Drop in Cybercrime

    Experts Question 'Official' Drop in CybercrimeThe latest Office of National Statistics (ONS) report on UK cybercrime reveals “computer misuse” has fallen 30% over the past year, but the body itself has cautioned against drawing too many conclusions from the figures.The stats, covering the year ending June 2018, are a combination of estimates drawn from responses to new questions introduced to the Crime Survey for England and Wales (CSEW), plus offences referred to the National Fraud
  • Secret Comment Crew Code Spotted in New Attack

    Secret Comment Crew Code Spotted in New AttackResearchers have spotted the first stage of a new advanced persistent threat (APT) campaign targeting mainly South Korean victims and borrowing code from the notorious Chinese hacking group Comment Crew.Operation Oceansalt is the first time white hats have seen code associated with the group, also known as APT1, since it was outed in 2013. Crucially, that code was never made public, according to McAfee.The campaign uses spear phishing tactics to deli
  • Russia to Deliver First S-400 Missile Systems to India Within 2 Years

    The first deliveries of S-400 missile systems to India will take place within two years, Dmitry Shugaev, head of Russia’s Federal Service for Military Technical Cooperation, told reporters....
  • Advertisement

  • Tunisian fighter jet crashes into sea, pilot unharmed

    A Tunisian fighter jet crashed into the Mediterranean Sea during an exercise Wednesday but its pilot was unharmed, the defence ministry said. The F-5 jet disappeared from radar screens as it flew off...
  • GreyEnergy Potential Successor of BlackEnergy

    GreyEnergy Potential Successor of BlackEnergyGreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET.Back in December of 2015, when approximately 230,000 people suffered a blackout after the APT group BlackEnergy attacked a power grid in Ukraine, researchers at ESET reportedly detected another malware framework, which they dubbed GreyEnergy.Since then, the group has been attac
  • Consumers Forgive Post-Breach, Want Privacy Rules

    Consumers Forgive Post-Breach, Want Privacy RulesIn a recent survey of more than 1,000 consumers, nearly half of the respondents said that when a company immediately discloses a data breach, they are open to forgiving the brand.The Consumer Attitudes Toward Data Privacy and Security Survey, published by Janrain, showed that of the 1,079 participants, 42% are at least open to forgiving the brand, while only 7% of respondents said a breach is unforgivable. Many consumers might not shop elsewhere i
  • Amid Fears of Election Security, SEO Poisons URLs

    Amid Fears of Election Security, SEO Poisons URLsA recent poll from the University of Chicago Harris School of Public Policy and the Associated Press–NORC Center for Public Affairs Research found that a wide majority of Americans are concerned about election security ahead of next month's midterm elections.Though Republicans seem more confident in election security, a significant number of Americans across the aisle fear the potential of a hack on voter systems, with 58% of Democ
  • Advertisement

  • European Banks and Police Warn Consumers of Cyber Scams

    European Banks and Police Warn Consumers of Cyber ScamsEuropol and the European Banking Federation have launched a new campaign designed to raise public awareness of growing incidents of financial fraud and data theft, as part of European Cyber Security Month (ECMS).Over the coming week, law enforcers from 28 EU member states as well as Colombia, Liechtenstein, Norway, Switzerland and Ukraine will be joining forces with 24 national banking associations and others to warn consumers not to fall fo
  • Former Equifax Developer Sentenced for Insider Trading

    Former Equifax Developer Sentenced for Insider TradingA former software manager who helped to built a customer portal for Equifax following its catastrophic 2017 breach has been sentenced to eight months home confinement after pleading guilty to insider trading.Sudhakar Reddy Bonthu, 44, of Atlanta, was also fined $50,000 and ordered to forfeit $75,979, according to the Department of Justice.“Bonthu intentionally took advantage of information entrusted to him in order to make a quick profi
  • UK ISPs: Government Must Take Lead on Cybersecurity

    UK ISPs: Government Must Take Lead on Cybersecurity The UK’s ISPs have called on the government to streamline the number of regulatory bodies dealing with cybersecurity, improve cybercrime reporting processes and set minimum standards for the industry.The latest survey from the Internet Services Providers’ Association (ISPA) found that 88% suffer regular cyber-attacks: half of these on a daily basis.However, they’re responding appropriately. Cybersecurity is a high or very
  • Trevor Reaney appointed to the SIA

    From 7 November 2018 Trevor Reaney will become a Member of the SIA.
  • Launch Day Catastrophe for Donald Daters App Users

    Launch Day Catastrophe for Donald Daters App UsersSupporters of President Trump who want to date like-minded individuals had Emily Moreno, a former aide to Sen. Marco Rubio, to thank for creating the Donald Dater app, but their gratitude might have fallen flat after their information was leaked on the day the app was launched.According to Time, Monero confirmed the leak was discovered on October 15, 2018, by security researcher Elliot Alderson, who was able to download the entire datab
  • FBI Investigates Attack on Critical Water Utility

    FBI Investigates Attack on Critical Water UtilityAccording to a media release from Onslow Water and Sewer Authority (ONWASA) issued on October 15, 2018, a critical water utility in North Carolina was targeted in a cyber-attack. Federal and state officials are now working with the water utility as part of the investigation into the attack on some of its computer systems.“In the wake of the Hurricane Florence disaster...ONWASA’s internal computer system, including servers and personal
  • 9 in 10 Orgs Don't Have Desired Security Culture

    9 in 10 Orgs Don't Have Desired Security CultureIn a new survey on cybersecurity culture, 90% of the nearly 5,000 technology professionals who participated identified a gap in their existing culture and the cybersecurity culture they would like to have, according to ISACA and CMMI Institute.The Cybersecurity Culture Report revealed the results of more than 4,800 technology professionals surveyed about security awareness and behaviors in enterprises, particularly how awareness integrate
  • Global Cybersecurity Skills Gap Reaches Three Million

    Global Cybersecurity Skills Gap Reaches Three MillionOrganizations globally are suffering a crippling cybersecurity workforce “gap” of 2.9 million employees today, putting the majority at greater risk of attack, according to the latest estimates from (ISC)².The global certifications body has introduced a new gap analysis methodology, which explains why the figures are so much higher than the predicted 1.8 million industry shortfall by 2022, a spokesperson confirmed to Infos
  • NCSC Tackles 10 Attacks on Government Per Week

    NCSC Tackles 10 Attacks on Government Per WeekThe UK’s National Cyber Security Centre (NCSC) has blocked more than 10 cyber-attacks per week in its first two years of operation, blaming nation states for the majority of incidents.The government body was spun out of GCHQ in 2016 with a goal of making the UK one of the safest places to live and work online.Since then, it has dealt with 1100 attacks and helped central and local government become more resilient via its Active Cyber Defence (AC
  • Millions of US Voter Records for Sale

    Millions of US Voter Records for SaleAn estimated 35 million voter records from 19 states are up for sale on a dark web forum, in what may be an inside job ahead of the mid-terms.Anomali and Intel 471 researchers discovered a seller offering full names, phone numbers, physical addresses, voting history and other unspecified voting data.Some 23 million records are up for sale for just three states, although no record counts were provided for the remaining 16 states. The sales price for
  • Jailed preacher Anjem Choudary faces strict controls after release

    Restrictions on convicted Isis supporter cover using the internet and speaking in publicConvicted Isis supporter Anjem Choudary will be in effect banned from any public statements after his release from prison this week, as British authorities seek to stop him from inciting support for terrorism.British officials believe they have drafted conditions that will stop Choudary from repeating his method of drumming up support for extremism, which enabled him to escape prosecution for years even as hi
  • Bug in New iOS Lets Attacker Access iPhone Pics

    Bug in New iOS Lets Attacker Access iPhone PicsA new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher.While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an iPhone, an attacker could still access the photo albums and send selected pictures using Apple Messages even
  • Execs Fear Orgs Unprepared for Incident Response

    Execs Fear Orgs Unprepared for Incident ResponseExecutive-level security professionals fear their organizations are not well positioned to respond to a cyber-attack, according to the results of a new poll from Deloitte.In a poll of more than 3,150 security professionals across all industries and sectors taken during a webcast on cyber preparedness and war-gaming, survey respondents indicated that in large part, cybersecurity remains siloed. As a result, many employees across the organizations ar
  • 'Golden passports' threaten European security, warns EU commissioner

    Exclusive: ‘citizenship for sale’ under increasing scrutiny from governments and security agenciesEurope’s security is being put at risk by so-called “golden passport” schemes that have allowed states to sell citizenship or residency to potentially “dangerous” individuals, the EU justice commissioner has warned.Věra Jourová described the programmes as “problematic” and “unfair” – echoing the private concerns of E
  • Tech Support Scams Decline as Consumers Get Savvy

    Tech Support Scams Decline as Consumers Get SavvyGlobal exposure to and losses from tech support scams has dropped over the past two years as consumers become more savvy, although in the UK the number suffering financially increased slightly, according to Microsoft.The computing giant polled over 16,000 internet users in 16 countries worldwide to better understand how trends are evolving.The latest figures revealed that 63% of consumers experienced a tech support scam, down from 68% in 2016. Tho
  • Cybersecurity Salaries Rise 6% in One Year

    Cybersecurity Salaries Rise 6% in One YearSalaries for cybersecurity professionals have risen by 6% in one year, double the national average of 2.9%, according to Acumin Consulting’s latest annual Salary Survey.The firm analyzed 56 key cybersecurity positions across its database of end users, system integrators, consultancies and public sector divisions to provide a holistic view of salaries across organization type and role seniority.Acumin’s findings revealed that education and com
  • UK’s MoD Exposed in 37 Security Breaches: Report

    UK’s MoD Exposed in 37 Security Breaches: ReportThe UK’s Ministry of Defence (MoD) appears to have exposed highly sensitive data and systems to the risk of compromise after reports revealed 37 breaches of security protocol last year.The heavily redacted reports don’t indicate whether the security breaches led to sensitive military information falling into enemy hands, but their scale should be alarming.The cybersecurity slip-ups include sending sensitive information unprotected
  • UK Launches “World First” IoT Code of Practice

    UK Launches “World First” IoT Code of Practice The UK government claims to be leading the way with a newly released Code of Practice (CoP) designed to drive security-by-design in the manufacture of IoT products.Developed in partnership with the National Cyber Security Centre (NCSC), the ICO and others, the "world first" CoP aims to improve baseline security in the sector and ensure smart devices that process personal data are aligned with the GDPR.It’s focused initially on the
  • Endpoint Attacks Increase as Patching Slows

    Endpoint Attacks Increase as Patching SlowsWhile it’s no surprise that organizations are being compromised, a new study released by Ponemon Institute found that the rate at which organizations are compromised is quite alarming.The study, 2018 State of Endpoint Security Risk, found a 20% increase in the number of companies that have been compromised by attacks originating at their endpoints over the last 12 months.The Barkly-sponsored survey included 660 IT and security professionals. All p
  • #Cyberrecoded: Get the Certification that is Right for You

    #Cyberrecoded: Get the Certification that is Right for YouSpeaking at the Cyber Recoded conference in London, Steven Furnell, professor of cybersecurity at the University of Plymouth, discussed the quantity of certifications and the need to understand what is most suited for a person.Pointing to industry reports around the shortage of skilled people in the industry, Furnell said that this “means organizations are employing and wages are increasing significantly,” while the Natio
  • Let’s be clear: spy cops are the result of political choices – and that’s a danger | Jenny Jones

    It is time for parliament to define who is labelled a domestic extremist, as I was, so it’s not left to the police to decide aloneWhat becomes clear, from reading through the long list of national campaigns and local groups that undercover police spied upon, is that certain sections of the police see environmentalists, leftwingers and social justice campaigners as such a potential threat that scarce taxpayer resources and precious police time should be spent spying on them. Related: Police
  • Bezos defends Amazon effort for Pentagon cloud project

    SAN FRANCISCO: Amazon chief Jeff Bezos on Monday defended the company’s bid for a major Pentagon cloud computing contract, saying it was important to support US defense efforts even if...
  • The New Czech Jet Aircraft L-39NG Rolled Out from the Hangar

    The first L-39NG pre-series aircraft rolled out from the hangar at AERO Vodochody AEROSPACE, the leading Czech aerospace company. This significant milestone has been achieved in line with the L-39NG...
  • Dutch Army to Upgrade Armored Howitzer and CV90 Vehicles

    The heavy artillery Panzerhouwitser 2000NL self-propelled howitzer and the CV90 infantry combat vehicle are being taken care of. The so-called midlife updates (MLU) will keep these combat systems...
  • Octopus Targets Central Asian Diplomats

    Octopus Targets Central Asian Diplomats An attack aimed at Central Asian diplomatic organizations, dubbed the Octopus Trojan, is able to disguise itself as a popular online messenger, according to researchers at Kaspersky Lab.The Trojan, a malicious program for Windows, has possible links to DustSquad, a Russian-language cyber-espionage actor that focuses on Central Asian users that Kaspersky researchers have been monitoring for two years.Attackers successfully leveraged the news that
  • iPhone a Growing Target of Crypto-Mining Attacks

    iPhone a Growing Target of Crypto-Mining AttacksApple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September. In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to h
  • Attack Vectors Long Quiet Make Loud Q3 Comeback

    Attack Vectors Long Quiet Make Loud Q3 ComebackCyber-criminals eased into the year with a somewhat quiet first and second quarter, but according to a new report from Malwarebytes, attackers made some noise in Q3 2018.  In the Cybercrime, Tactics and Techniques Q3 2018, researchers found that business detections were up 55% compared to 4% for consumers, indicating that cybercriminals are targeting victims who promise a greater return on their investments.One notable shift in tactics was
  • #Cyberrecoded: Students Should Get Involved to Get Hired

    #Cyberrecoded: Students Should Get Involved to Get HiredBuild contacts, start or join a hacking society and follow security’s trends and news to get a good start in the industry.Speaking at the Cyber Recoded conference in London, a panel of graduates in their first jobs spoke on the 'Getting Past the Gatekeepers' panel about their experiences on getting the necessary experience that employers are looking for.The panelists, who came from a mixture of universities across the UK and from
  • Pentagon Staff Hit by Major Data Breach

    Pentagon Staff Hit by Major Data BreachThe US Department of Defense has suffered a major breach of employee’s personal and financial information, according to reports.An unnamed official told AP that the incident may have affected as many as 30,000 civilian and military personnel.A statement seen by the newswire confirmed that the incident had been discovered at the beginning of October, although it’s not clear when the breach took place.“The department is continuing to gather
  • WannaCry Cost NHS £92 Million

    WannaCry Cost NHS £92 MillionThe infamous WannaCry ransomware campaign of 2017 caused losses in the region of £92m for the NHS, the government has revealed.In a progress update titled Securing cyber resilience in health and care, the Department of Health and Social Care caveated the figures by saying they are only broad estimates.Broken down further, around £19m was lost directly as a result of access to info and systems being unavailable, leading to cancelled appoint
  • Facebook Breach Hit 30 Million

    Facebook Breach Hit 30 MillionA major breach announced by Facebook last month affected 20 million fewer customers than at first predicted, but for 14 million unlucky users hackers managed to access virtually all their profile info.The social network’s VP of product management, Guy Rosen, explained in an update on Friday that of the 50 million people whose access tokens were thought to be affected, 30 million actually had the tokens stolen.“For 15 million people, attack
  • MI5 believed black people posed security risk, papers reveal

    Exclusive: declassified files show spy chiefs actively discriminated in 1960sSenior MI5 officials believed black people could not be trusted in high-level spying roles as they could be a security risk, according to documents uncovered by an academic.Declassified files reveal black people were actively being discriminated against in Whitehall in the 1960s because of their race. Continue reading...
  • Extremist preacher Anjem Choudary to be freed on parole

    Leader of banned group al-Muhajiroun on automatic release after serving half of his five-and-a-half-year sentenceAnjem Choudary, the leader of the banned extremist group al-Muhajiroun, which has inspired a number of Britons to join Isis, is set to be released from prison this week.Choudary is one of about a dozen jailed radicals who are due out in the coming months, sparking concerns about the demands this will place on the police and the security services. Related: Deal to prosecute British Isi
  • Secret Amazon Data Center Gives Nod to Seinfeld

    Secret Amazon Data Center Gives Nod to SeinfeldOn October 11, 2018, WikiLeaks published AmazonAtlas, a 20-page document from late 2015 containing the addresses and operational details for more than 100 of Amazon’s data centers, one of which indicates an affinity for the comedy of Jerry Seinfeld.In addition to revealing the information about the data centers, located in 15 cities across nine countries, WikiLeaks also created a map showing the exact locations of the centers. A center in
  • No Cookies for CartThief, a New Magecart Variant

    No Cookies for CartThief, a New Magecart VariantA new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team.Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the malware’s behavior is similar to that of the current iteration of the Magecart malware.As soon as credit card information is entered into a checko
  • UK counter-terrorism plans cross line on human rights, say MPs

    Committee says parts of bill should be removed as they risk undermining free speechThe parliamentary human rights watchdog has said the government’s new counter-terrorism bill risks crosses the line on human rights and risks restricting free speech and curbing access to information.The cross-party joint committee on human rights said elements of the government’s proposals should be removed or clarified to remedy the “defects” it has identified. Continue reading...
  • Hackers Win Big by Gambling on Identity Spoofing

    Hackers Win Big by Gambling on Identity Spoofing In analyzing global cybercrime patterns ThreatMetrix found that identity spoofing, fueled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry.Additionally, the Q2 2018 Gaming & Gambling Report discovered that location (IP) spoofing attacks increased 257% year-over-year, making it the fastest growing attack vector in the space. Because more sophisticated location spoofing tools are available, frauds
  • UK Finance: New Tax Could Pay for Fraud Losses

    UK Finance: New Tax Could Pay for Fraud LossesTrade association UK Finance has called for a new tax on payments to create a fund that banks can use to compensate victims of fraud.CEO of the banking lobby, Stephen Jones, made the proposals before a Treasury Select Committee this week, reportedly claiming that a “tiny levy” on each payment could help to break the stand-off between financial institutions and other stakeholders over authorized push payment (APP) fraud.“Customers wi

Follow @Security_UKnws on Twitter!