• MI6 chief: Britons who joined Isis cannot be stopped from returning

    Comments come as Shamima Begum, who fled to Syria, appeals to be allowed homeBritons who went to join Islamic State are “potentially very dangerous” but cannot be stopped if they want to return to the UK, the head of MI6 has said.Speaking after pregnant London teenager Shamima Begum, who fled to Syria in 2015, appealed to be allowed to come home to have her baby, Alex Younger said the issue of returnees was an “extremely complex and dangerous problem”. Continue reading...
  • J.P. Morgan Launches First US Bank-Banked Crypto-Coin

    J.P. Morgan Launches First US Bank-Banked Crypto-CoinAs the value of Bitcoin and other cryptocurrencies continues to fluctuate while governments consider marketplace regulations, J.P. Morgan announced that is launching the first US bank-backed cryptocurrency, JPM Coin.“The JPM Coin is based on blockchain-based technology enabling the instantaneous transfer of payments between institutional accounts,” the press release stated. “Exchanging value, such as money, between
  • CISOs Hit the Bottle as Workplace Pressures Build

    CISOs Hit the Bottle as Workplace Pressures BuildUK and US CISOs are facing burnout as they struggle to cope with escalating cyber-threats, insufficient budgets and a lack of engagement from the board, according to Nominet.The DNS security provider commissioned Osterman Research to poll over 400 security bosses on both sides of the Atlantic for its report, Life Inside the Perimeter: Understanding the Modern CISO.It found that the stresses of the modern role are increasingly taking their toll on
  • GandCrab Ransomware Slingers Target MSPs

    GandCrab Ransomware Slingers Target MSPsA software company has been forced to remind customers to patch a two-year-old flaw in a third-party plug-in, after reports it is being exploited to infect scores of companies with GandCrab ransomware via their managed security provider (MSP).The issue relates to CVE-2017-18362, a flaw which affects the Connectwise Manage plug-in for the Kaseya VSA remote-monitoring tool. ConnectWise Manage is a professional services automation (PSA) product popular among
  • Advertisement

  • Two Groups Stole $1bn in Cryptocurrency

    Two Groups Stole $1bn in Cryptocurrency$1bn of the cryptocurrency stolen from exchanges last year was the work of two hacking groups, according to a report on cryptocurrency.Chainalysis, which tracks cryptocurrency movements for forensic investigations, revealed the figures in its Crypto Crime Report. Exchanges, where cryptocurrency owners routinely hold their funds, are the most lucrative target for hackers, the report said.The $1bn stolen by the two groups represented around 60% of all pu
  • Google Play App Suspensions Jump 66%

    Google Play App Suspensions Jump 66%Google has claimed it’s getting better at spotting bad apps on its Play Store marketplace, with the number of rejected submissions and suspensions both growing into the double digits last year.The Android platform has often been criticized by security experts for being more exposed to cyber-threats due to it being relatively open compared to Apple’s ecosystem.However, Google Play product manager, Andrew Ahn, claimed that thanks to new initiatives t
  • Love Bug Found in OkCupid Android App

    Love Bug Found in OkCupid Android AppOnly days after Infosecurity reported that OkCupid users said their accounts had been hacked, Checkmarx disclosed that the OkCupid Android App actually posed risks because of security failures in MagicLinks.It’s well known that malicious actors love to exploit a good holiday, which puts users at risk on Valentine’s Day. To identify any potential vulnerabilities, researchers dove into the popular Android dating app only to discover that attackers c
  • Only 28% of Advisories Help Mitigate Risks

    Only 28% of Advisories Help Mitigate Risks In its second annual review of vulnerabilities and threat group activity specific to industrial control systems (ICS), Dragos found that the majority of the public vulnerability advisories it tracked in 2018 were network exploitable.The Year in Review is comprised of three parts: The Industrial Controls System Vulnerabilities Report, ICS Activity Groups and the Threat Landscape Report and, new this year, Lessons Learned from Hunting and Responding to In
  • Advertisement

  • The Guardian view on Shamima Begum: return and face the consequences | Editorial

    The pregnant 19-year-old left the UK voluntarily, but is also a victim who should be helped to come backThe remarks made by the 19-year-old British Islamic State recruit Shamima Begum to a journalist in a refugee camp in eastern Syria are horrifying. She described being unmoved by the sight of a severed head, showed no sympathy for executed hostages, and said she had no regrets about her decision to leave the UK. We do not yet know whether she played any role during her four years with Islamic S
  • DoJ Charges US Agent, Four Iranians with Conspiracy

    DoJ Charges US Agent, Four Iranians with ConspiracyThe Department of Justice (DoJ) has indicted a former US counterintelligence agent with espionage on behalf of Iran. Additionally, the Treasury Department’s Office of Foreign Asset Controls (OFAC) announced sanctions on a group of six Iranian nationals known as the Cyber Conspirators.The DoJ indicted former US counterintelligence agent Monica Witt for “conspiracy to deliver and delivering national defense inf
  • Prevent and political judgments by police | Letter from Jenny Jones

    Parliament, rather than the police, should define who is and is not a domestic extremist, says Green party peer Jenny JonesAs one of the peers who pushed the government into holding a review of Prevent can I urge everyone to contribute to changing this counterproductive approach to combating terrorism (Police challenge Prevent critics to ‘stand up and be counted’, 5 February). The safeguarding of vulnerable people and vulnerable communities will only work if we have the cooperation o
  • Former MI6 director says schoolgirl who joined Isis should be 'given a chance'

    Although Shamima Begum has shown no remorse, Richard Barrett says Britain should be strong enough to reabsorb herA pregnant British teenager who fled to Syria with two schoolfriends to marry an Islamic State fighter should be “given a chance” and allowed to come home, a former director of global counter-terrorism at MI6 has said. Related: Shamima Begum is just a teenager. Britain should take her back | Richard BarrettContinue reading...
  • Advertisement

  • Shamima Begum is just a teenager. Britain should take her back | Richard Barrett

    Yes, the Isis recruit is unrepentant. But at times like this we have to remember our own valuesShamima Begum, who achieved notoriety in 2015 as one of three young schoolgirls from Bethnal Green who left the country to join Islamic State, has re-emerged in a refugee camp controlled by the Syrian Defence Forces in north-eastern Syria. Understandably, given her situation – she is about to give birth and has already lost two children – she would like to get home. But where is home, and w
  • After Isis: what happens to the foreign nationals who went to Syria?

    Facts on the ground as much as ethical and legal factors may come into play in repatriatingUS-backed Kurdish forces in Syria have almost completely dismantled Islamic State’s once sprawling “caliphate”, with Isis fighters making their last stand in an area smaller the one sq km in the eastern desert near the border with Iraq.Wives and children of Isis fighters, along with thousands of civilians unconnected to the group, have left for al-Hol refugee camp, where dozens of people,
  • Users at Risk of Online Scams this Valentine’s Day

    Users at Risk of Online Scams this Valentine’s DaySmartphone users could be leaving themselves vulnerable to online scams this Valentine’s Day, researchers from ESET have warned.The firm carried out a survey into people’s resolutions for the year and discovered that whilst one in eight are looking for love in 2019, only 39% were sure they had anti-virus software on their mobile phones. That’s a concerning statistic, because those who said they were committed to finding lo
  • Shamima Begum was groomed. She deserves the chance of rehabilitation | Michael Segalov

    Four years after joining Islamic State in Syria, she is now 19 and pregnant. She should be allowed back to the UKIt’s impossible not to feel a jolt of shock when confronted with the photo of Shamima Begum on the front page of this morning’s Times. Four years ago – when we last saw her – it was accepted that Begum had been brainwashed. There was consensus that she was an innocent child who’d been groomed online. Begum was allowed to be the victim in the nation’
  • Five Billion Records Exposed in 2018

    Five Billion Records Exposed in 2018Last year was the second highest on record in terms of data breaches and leaks, with over 6500 reported, according to Risk Based Security.The security vendor revealed that 6515 incidents were reported globally in 2018, second only in the past 12+ years to 2017’s 6728. When it came to number of records exposed, the figure of around five billion for last year came third to 2016’s 6.4 billion and 2017’s 7.9 billion.However, the caveat is that ju
  • Hackers Target Maltese Bank in €15m Cyber Heist

    Hackers Target Maltese Bank in €15m Cyber HeistA leading Maltese bank is resuming its services today after shutting down operations following a major cyber-attack on Wednesday.The Bank of Valetta (BOV) said in a notice on Thursday morning that customers could once again use ATMs, online banking, mobile Banking and their BOV cards, although at the time of writing, payments to third parties were still suspended.This is following an attack which directed €13m ($14.7m, £11m) worth of
  • Hackers Target Maltese Bank in €13m Cyber Heist

    Hackers Target Maltese Bank in €13m Cyber HeistA leading Maltese bank is resuming its services today after shutting down operations following a major cyber-attack on Wednesday.The Bank of Valetta (BOV) said in a notice on Thursday morning that customers could once again use ATMs, online banking, mobile Banking and their BOV cards, although at the time of writing, payments to third parties were still suspended.This is following an attack which directed €13m ($14.7m, £11m) worth of
  • Most US Firms Expect Critical Attack this Year

    Most US Firms Expect Critical Attack this YearAn estimated 80% of US businesses expect to be hit by a critical security breach at some point in the coming year, according to new research from Trend Micro.The security giant polled over 1000 IT security professionals to compile a new Cyber Risk Index (CRI), designed to help CISOs better identify and prioritize threats.The CRI measures business risk based on the difference between organizations’ current security posture and their likelihood o
  • UK will not put officials at risk to rescue Isis Britons, says minister

    Ben Wallace says ‘actions have consequences’ as schoolgirl who joined Isis is found in SyriaThe security minister, Ben Wallace, has said he would not put officials’ lives at risk to rescue UK citizens who went to Syria and Iraq to join Islamic State, insisting “actions have consequences”.“I’m not putting at risk British people’s lives to go looking for terrorists or former terrorists in a failed state,” he told BBC Radio 4’s Today progr
  • London schoolgirl who fled to join Isis wants to return to UK

    Shamima Begum, 19, in refugee camp in Syria after fleeing last territory held by Islamic State An east London schoolgirl who left the UK in 2015 to join Islamic State has been tracked down in Syria where she said has no regrets about joining the group, but now wants to come home as she is nine months pregnant.Shamima Begum, 19, said she fled the jihadists’ last remaining enclave in Baghuz, eastern Syria, as she was tired of life on a battlefield and feared for her unborn child after her tw
  • Dark Web Seller Removes Listings after Data Dump

    Dark Web Seller Removes Listings after Data Dump The dark web seller identified as gnosticplayers on Dream Market has removed all listings that were previously up for sale, which reportedly included upwards of 620 million account records.“All my listings have been removed, to avoid them being bought so many times and being leaked, as a respect for my buyers. But don’t worry, next round of breaches coming soon,” the vendor wrote on his seller profile.Dream Market vendor pro
  • Dark Web Seller Remove Listings after Data Dump

    Dark Web Seller Remove Listings after Data Dump The dark web seller identified as gnosticplayers on Dream Market has removed all listings that were previously up for sale, which reportedly included upwards of 620 million account records.“All my listings have been removed, to avoid them being bought so many times and being leaked, as a respect for my buyers. But don’t worry, next round of breaches coming soon,” the vendor wrote on his seller profile.Dream Market vendor prof
  • Two in Three Orgs Not Convinced They Can Avoid a Breach

    Two in Three Orgs Not Convinced They Can Avoid a BreachA majority of organizations confessed that they are not certain whether the security strategies they have in place will be effective in preventing data breaches, according to a Ponemon Institute survey.More than 600 cybersecurity leaders and professionals who are responsible for evaluating, selecting and/or implementing security solutions took part in the survey. Based on the survey results, Balbix published a new report, The Challenging Sta
  • DoJ Charges Hackers with Staging Computer Attacks

    DoJ Charges Hackers with Staging Computer AttacksFederal authorities have arrested two alleged members of a hacking group known as the Apophis Squad on charges of making false threats of violent attacks and staging attacks on multiple computer systems.According to an announcement from the Department of Justice (DoJ), the two defendants, Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina, and George Duke-Cohan, 19, of Hertfordshire, United Kingdom, are allegedly part of a global group of
  • #TEISS19: Deliver Your Security Message at an Understandable Level

    #TEISS19: Deliver Your Security Message at an Understandable LevelSpeaking at The European Information Security Summit 2019 in London, Condé Nast International CISO Nick Nagle said that threat intelligence is easily collected, but it can also be translated across the business.In his talk 'Effective threat intelligence communication strategies: Upwards, downwards and outwards' Nagle explained that threat intelligence is readily available, but turning it into actionable awareness
  • #TEISS19: Consider Psychology of Staff to Meet Data Protection Ambitions

    #TEISS19: Consider Psychology of Staff to Meet Data Protection AmbitionsSpeaking at The European Information Security Summit 2019 in London, Matthew Kay, group data protection officer at Balfour Beatty, said that organizations “are very different” in how data protection and risk is approached, and it is up to the data protection team and board-level executives to dictate the right direction.“In our organization we have four pillars: to lead, being experts, being trusted an
  • Equifax Partner Breaches Customer Data

    Equifax Partner Breaches Customer DataA technology partner of the three big credit reporting agencies has been breached in what appears to be a classic supply chain attack.Image-I-Nation Technologies is a North Carolina-based provider of software and hosting services. It’s part of FRS Software, which produces employee and background screening software used by Equifax, Experian and TransUnion, among other organizations.Although the firm remains tight-lipped on the nature of the incident, br
  • Anti-terror checks deliver fresh Brexit threat for UK hauliers

    Transport body warns security certificates would result in further chaos under no deal The freight industry has warned of the potential for a fresh Brexit ferry fiasco after it emerged all British truckers will be required to have counter-terrorism safety security certificates to enter the European Union in the event of no deal.The EU rule was introduced after the 9/11 attack on New York’s twin towers but only applies to third country freight entering the EU. Related: For lorries queuing a
  • Millions Affected by 500px Data Breach

    Millions Affected by 500px Data BreachOnline photography network 500px has forced a password reset for all users after revealing this week that it suffered a data breach last summer.The site claimed that the incident, which it believes occurred on around July 5 2018, was not discovered until last week, when its engineering team “became aware of a potential security issue affecting certain user profile data.”The firm said all users on or prior to July 5 have been affected. The site cu
  • Patch Tuesday Roundup Includes IE Zero Day

    Patch Tuesday Roundup Includes IE Zero DayMicrosoft has given system admins plenty of work to do this month with patches for nearly 80 vulnerabilities, including a zero-day flaw in Internet Explorer and a publicly disclosed Exchange server bug.Top of the priority list in this month’s Patch Tuesday security round-up will probably be CVE-2019-0676, an information disclosure vulnerability in IE which Microsoft claimed has been actively exploited in the wild.The bug allows attackers to test fo
  • Phishing, Humans Root of Most Healthcare Attacks

    Phishing, Humans Root of Most Healthcare AttacksAcross healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks, according to findings from the 2019 HIMSS Cybersecurity Survey published by the Healthcare Information and Management Systems Society (HIMSS).The study, which surveyed 166 qualified information security leaders from November to December 2018, found that there are particular patterns of cybersecurity threats
  • VFEmail Suffers Catastrophic Attack, All Data Lost

    VFEmail Suffers Catastrophic Attack, All Data LostA major cyber-attack has hit email provider VFEmail in what the company is calling a "catastrophic attack," which has destroyed all data in the US, including backups.The company issued an alert via its website and social media accounts on February 11, 2019, warning, “At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your n
  • SMBs Believe Attack Will Kill Their Company

    SMBs Believe Attack Will Kill Their CompanyJust under half of a surveyed set of British small to medium-sized businesses (SMBs) believe that a cyber-attack would put them out of business.The survey of 501 IT decision makers by Webroot found that 48% have suffered a cyber-attack or data breach in their lifetime, with over one in seven saying this happened more than once. The same number also believed that the cases negatively impacted relationships with partners, with almost a quarter (22%)
  • #TEISS19: Brute Force Won’t Change Peoples' Behaviors, You Must ‘Modify’ Their Beliefs

    #TEISS19: Brute Force Won’t Change Peoples' Behaviors, You Must ‘Modify’ Their BeliefsSpeaking at The European Information Security Summit 2019 in London, Adam Anderson, CSO and founder, Hook Security, explored behavioral psychology and how IT security leaders can effect changes in behaviors to improve security buy-in from the C-suite.Anderson said that you “can’t change [people’s] behaviors with just brute force efforts, you have to modify their beliefs to ge
  • #TEISS19: Quantifying Security Posture is Key to Mitigating Risk

    #TEISS19: Quantifying Security Posture is Key to Mitigating Risk“The security discussion starts with risk, but what has become very apparent at the board level is that most don’t really understand what’s in front of them.”These were the words of Ali Neil, director international security, Verizon, speaking at The European Information Security Summit 2019 in London. Neil said that quantifying security posture is key to mitigating risk, and “we need a means of measurem
  • UK Firms Are Drowning in Breaches

    UK Firms Are Drowning in BreachesThe vast majority of UK businesses have suffered data breaches over the past 12 months, many of them multiple times, according to new research from Carbon Black.The endpoint security vendor’s second UK Threat Report is based on interviews with over 250 CIOs, CTOs and CISOs in the country from a range of industries.Of the 88% of respondents that claimed to have been breached over the previous year, over a quarter had seen this happen five or more times.
  • #TEISS19: Boards Must Become More Technical to Make Orgs More Secure, says NCSC CEO

    #TEISS19: Boards Must Become More Technical to Make Orgs More Secure, says NCSC CEOSpeaking at The European Information Security Summit 2019 in London, Ciaran Martin, CEO, National Cyber Security Centre, reflected on the NCSC’s vision for a more secure Britain.Martin said “Our approach isn’t to close down the many and vast opportunities for the UK in cyber space, we’re not seeking security as an end in itself. We want security only so that we can prosper safely; it’
  • Firms Urged to Patch Serious Container Runtime Flaw

    Firms Urged to Patch Serious Container Runtime FlawEnterprises have been urged to patch a serious flaw in runc, the default runtime for Docker and Kubernetes, and ensure they have SELinux enabled.Aleksa Sarai — one of the maintainers for runc — made the initial announcement on Tuesday, attributing the discovery to researchers Adam Iwaniuk and Borys Poplawski. The runc runtime also supports containerd, Podman, CRI-O and countless other container offerings.“The vul
  • Critical Runc Flaw Spells Trouble for Containers

    Critical Runc Flaw Spells Trouble for ContainersSecurity researchers have discovered a critical flaw in runc, the default runtime for Docker and Kubernetes, allowing a malicious container to attack the host and all other containers running on it.Aleksa Sarai — one of the maintainers for runc — made the announcement on Tuesday, attributing the discovery to researchers Adam Iwaniuk and Borys Poplawski. The runc runtime also supports containerd, Podman, CRI-O and countless other co
  • ICO Helps Secure Bans for Mobile Spam Bosses

    ICO Helps Secure Bans for Mobile Spam BossesThe directors of two UK companies have received several-year bans after allowing their respective firms to make hundreds of thousands of nuisance calls and texts.Aaron Frederick Stalberg, (27), from Exmouth, was director of market research and polling business The Lead Experts, which made 115,000 illegal automated marketing calls to members of the public.The messages didn’t reveal the name of the company, and it also tried to hide its identity by
  • AWS Issues Alert for Multiple Container Systems

    AWS Issues Alert for Multiple Container SystemsA security issue that affects several open source container management systems, including Amazon Linux and Amazon Elastic Container Service, has been disclosed by AWS.The vulnerabilities (CVE-2019-5736) were reportedly discovered by security researchers Adam Iwaniuk, Borys Poplawski and Aleksa Sarai and would allow an attacker with minimal user interaction to “overwrite the host runc binary and thus gain root-level code exe
  • Data Privacy Top of Mind for 2020 Candidates

    Data Privacy Top of Mind for 2020 CandidatesMore candidates announced that they are throwing their hats into the 2020 presidential race, with one of the latest declarations coming from Sen. Amy Klobuchar, who promises to focus on data privacy regulations.After posing the rhetorical question of what she would do as President, Klobuchar said she would protect consumer privacy.“We need to put some digital rules of the road into law when it comes to privacy,” Klobuchar said in her announ
  • OkCupid Users Victims of Credential Stuffing

    OkCupid Users Victims of Credential Stuffing Love is in the air this week, but cyber-criminals are reportedly targeting user accounts on dating sites like OkCupid ahead of Valentine’s Day. Multiple news outlets have reported that OkCupid users say their accounts have been hacked, which the company says is likely the result of credential stuffing.“There has been no security breach at OkCupid. All websites constantly experience account takeover attempts and there haven't been any incre
  • CIOs Must Join Chief HR Officers to Change Culture

    CIOs Must Join Chief HR Officers to Change CultureBecause so many businesses are continuing on their digital transformation journeys, it is becoming ever more important to focus on changing not only technology but also culture, according to Gartner.Announced in a February 11 press release, Gartner predicts that by 2021, CIO will be playing a role in establishing the right mindsets and practices in the organization, among their many other duties.“A lot of CIOs have realized that cultur
  • Senators Urge Security Audit of Foreign VPNs

    Senators Urge Security Audit of Foreign VPNsTwo US senators have called for an urgent investigation into whether foreign-owned Virtual Private Networks (VPNs) represent a risk to national security.Ron Wyden and Marco Rubio signed a joint letter to the director of the Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency (CISA), Christopher Krebs.It points to the popularity of mobile data-saving and VPN apps, many of which have been downloaded millions of ti
  • China Gives Police New Powers to Snoop on Foreign Firms

    China Gives Police New Powers to Snoop on Foreign FirmsSecurity experts have warned foreign firms operating in China that new laws may give the authorities more power to spy on and censor them.Issued in November last year were updates to the country’s infamous 2017 Cybersecurity Law, dubbed: Regulations on Internet Security Supervision and Inspection by Public Security Organs.They give the Ministry of Public Security (MPS) sweeping new powers to conduct remote pen testing and on-site inspe
  • The author of Surveillance Valley on the dark history of the internet

    Author and journalist Yasha Levine talks with Techworld about his book Surveillance Valley, which unfurls the internet's hidden history as a weapon for surveillance and control, as well as the Silicon Valley companies that have played an instrumental role
  • Mumsnet Privacy Snafu Exposes User Info

    Mumsnet Privacy Snafu Exposes User InfoMumsnet has suffered a serious data leak affecting potentially thousands of users after a software glitch during an IT system migration to the cloud.Justine Roberts, founder and CEO of the popular parenting forum, explained in a blog post late last week that the issue affected users for the best part of two days: from 2pm on February 5 to 9am on February 7.“During this time, it appears that a user logging into their account at the same time as an

Follow @Security_UKnws on Twitter!