• Thousands Warned Over Home Group Data Breach

    Thousands Warned Over Home Group Data BreachThe Home Group – one of the biggest housing associations in the UK – has warned around 4000 customers that their personal details may have been stolen after the company suffered a data breach.As reported by the BBC, Home Group said the breach involved customer names, addresses and contact information, but no financial data. The organization explained that the breach was identified by a third party cybersecurity expert and affected customers
  • Trend Micro Tackles Cloud Misconfigurations with Latest Acquisition

    Trend Micro Tackles Cloud Misconfigurations with Latest AcquisitionTrend Micro has announced the acquisition of Australian start-up Cloud Conformity, in a deal which will see it expand its cloud security portfolio to include mitigations for customer misconfigurations.Following the reported $70m deal, Trend Micro is offering the Cloud Security Posture Management (CSPM) company’s solution immediately to its global customers.Cloud Conformity offers a single pane of glass via which companies c
  • US Military Personnel Exposed in Latest Cloud Data Leak

    US Military Personnel Exposed in Latest Cloud Data LeakResearchers have discovered another unsecured Elasticsearch database, this time exposing data on thousands of travelers including US military and government employees.The research team at vpnMentor discovered the online database hosted on AWS infrastructure, on September 13. It belonged to Autoclerk, a reservations management system now owned by hotel chain Best Western Hotels and Resorts Group.The database contained over 179GB of data, ofte
  • German Automation Giant Still Down After Ransomware Attack

    German Automation Giant Still Down After Ransomware AttackOne of the world’s biggest producers of automation tools is still crippled over a week after it was hit by a ransomware attack.German giant Pilz was forced to notify the prosecutor’s office and Federal Office for Security in Information Technology after suffering a targeted cyber-attack the Sunday before last.However, despite setting up an incident response team to locate the source of the attack and resolve the disruption, it
  • Advertisement

  • Supporters of banned groups in UK face tougher sentences

    Sentencing Council consulting on raising sentences for the most serious terror offencesTougher punishments for those convicted of expressing support for banned organisations or viewing terrorist material online are being proposed by the Sentencing Council.Following changes to legislation brought in by the Counter-Terrorism and Border Security Act 2019, the official body, which publishes guidelines for judges, has circulated a fresh consultation on raising sentences for the most serious offences.
  • Ad Targeting Gamers Successfully Cuts Cybercrime

    Ad Targeting Gamers Successfully Cuts CybercrimeAn advertising campaign warning that DoS attacks are illegal has proved successful in reducing cybercrime. In a new study, researchers from the University of Cambridge and the University of Strathclyde looked at four different cybercrime prevention methods employed by law enforcement agencies in the US and UK. The results showed that while high-profile arrests caused only a two-week reduction in the number of cyber-attacks taking pla
  • Avast Thwarts Cyber-spies in Suspected Second CCleaner Attack

    Avast Thwarts Cyber-spies in Suspected Second CCleaner Attack Avast has fended off a sophisticated cyber-espionage attack with the help of Czech intelligence.The global manufacturer of antivirus products announced today that its network had been breached, in what is thought to be an attempt to gain information regarding the company's CCleaner software.Avast identified suspicious behavior on its network on September 23. Together with the Czech police's cybersecurity division and the Cze
  • Most Effective Phishing Tactic Is to Make People Think They've Been Hacked

    Most Effective Phishing Tactic Is to Make People Think They've Been Hacked New research into phishing attacks has shown that the most clicked on email subject lines are those that relate to online security concerns.A report released today by security awareness training company KnowBe4 revealed that emails with titles that trick people into believing that they've already been hacked are the most likely to be opened. To produce the Q3 2019 Top-Clicked Phishing Tests Report, Kno
  • Advertisement

  • Chartered Institute of Information Security Calls for Better Collaboration on Skills and Pathways

    Chartered Institute of Information Security Calls for Better Collaboration on Skills and PathwaysSpeaking four months after the IISP was renamed as the Charted Institute of Information Security (CIIS), CEO Amanda Finch said the re-branding was “great for us, as it puts on the map” after three and a half years of application.Speaking at Plymouth University's Secure South West conference, she said that chartered status was important as it is “recognizing us as a proper profession
  • Chinese National Gets 40 Months for Exporting US Military Kit

    Chinese National Gets 40 Months for Exporting US Military KitA Chinese national will spend over three years behind bars after pleading guilty to conspiring to illegally export US military technology back home.Tao Li, 39, violated the International Emergency Economic Powers Act and was sentenced to 40 months behind bars last week.Between December 2016 and January 2018, he’s said to have worked with others back in China to buy radiation-hardened power amplifiers and supervisory circuits &mda
  • Trojanized Tor Browser Steals Users’ Digital Currency

    Trojanized Tor Browser Steals Users’ Digital CurrencyResearchers have discovered a Trojanized version of the popular Tor Browser, which has already stolen tens of thousands of dollars’ worth of digital currency from users.Targeted at Russian users, the malicious variant is distributed via spam messages on local forums and in Pastebin posts which have been SEO-d to rank high for users searching for terms including drugs, cryptocurrency, censorship bypass, and Russian politicians, acco
  • US Lawmakers Call on Apple to Reverse Hong Kong App Ban

    US Lawmakers Call on Apple to Reverse Hong Kong App BanA group of US lawmakers has criticized Apple’s decision to withdraw an app used by Hong Kong protesters at the behest of Beijing, branding it “deeply concerning.”The tech giant pulled HKmaplive from the App Store last week, claiming that it was used by the demonstrators to target police officers, and was therefore endangering their physical security.However, its decision to censor after pressure from the Chinese government
  • Advertisement

  • IRA ‘planned to knock out electricity in south-east England’

    Former gun runner claims republicans plotted to bomb London power supply in 1990sThe IRA planned to attack power stations in south-east England in the final years of its terror bombing campaign, a former member has claimed.The plan is alleged to have been made in the mid-1990s, shortly before the Belfast Agreement peace accord. Continue reading...
  • US Girl Scouts Launch First National Cybersecurity Challenge

    US Girl Scouts Launch First National Cybersecurity ChallengeGirls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow. Over 3,000 girls have signed up to practice their cybersecurity skills by solving a hypothetical ransomware attack on a moon base. Participants will form an incident response team that must find out who hacked the system and how they did it.The adrenaline-filled simulation will incorporate bo
  • Girl Scouts of USA Launch First National Cybersecurity Challenge

    Girl Scouts of USA Launch First National Cybersecurity ChallengeGirls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow. Over 3,000 girls have signed up to practice their cybersecurity skills by solving a hypothetical ransomware attack on a moon base. Participants will form an incident response team that must find out who hacked the system and how they did it.The adrenaline-filled simulation will incorporat
  • Italians Rocked by Ransomware

    Italians Rocked by RansomwareItaly is experiencing a rash of ransomware attacks that play dark German rock music while encrypting victims' files. The musical ransomware, called FTCode, was detected by security analysts at AppRiver in malicious email campaigns directed at Italian Office 365 customers. Targeted inboxes have received emails with malicious content posing as resumes, invoices, or documents scans. The emails include a Visual Basic script (.vbs) file that downloads
  • Baltimore Doubles Up on Cyber-Insurance Following Ransomware Attack

    Baltimore Doubles Up on Cyber-Insurance Following Ransomware AttackFive months on from a ransomware attack that brought the city to its knees, Baltimore has purchased cyber-insurance for the first time.On May 7, Baltimore became the second US city to fall victim to a new strain of ransomware called RobbinHood. The attack took all the city's servers offline with the exception of essential services. As a result, real estate transactions were suspended, water billing was disrupted, and city em
  • UK Government Announces Major New Cybersecurity Partnerships

    UK Government Announces Major New Cybersecurity PartnershipsThe UK government has revealed it is working with chip-maker Arm on a £36m initiative to make more secure processors.Although details are few and far between at this stage, the government claimed that the project could help to protect more UK businesses from remote cyber-attacks and breaches, while boosting new business opportunities and productivity.According to the government’s own data, around 60% of mid-sized and 61
  • New US Privacy Bill Would Intro Jail Time for CEOs

    New US Privacy Bill Would Intro Jail Time for CEOsA US senator has introduced a new privacy bill which he claims goes further than the EU’s GDPR, introducing prison sentences for culpable CEOs.Introduced by Ron Wyden, the Mind Your Own Business Act would create a national “Do Not Track” system enabling consumers to stop companies from tracking them online, selling or sharing their data, or targeting ads based on personal information.Like the GDPR, it would issue maximum fines o
  • DNC Russian Hacking Group Makes a Comeback

    DNC Russian Hacking Group Makes a ComebackSecurity researchers have uncovered new activity from the notorious Kremlin-backed APT29, or Cozy Bear, group, in an information-stealing campaign targeting foreign governments.APT29 was pegged for the infamous cyber-attacks on the Democratic National Committee (DNC) in the run-up to the 2016 US Presidential election, which many believe helped to install Donald Trump in the White House.However, up until now there had been little other evidence of activit
  • Official Secrets review – Keira Knightley shines as a very British whistleblower

    Knightley gives a sympathetic performance as Iraq war whistleblower Katharine Gun in this shrewd and relevant spy drama• Keira Knightley: ‘Iraq was the first time I’d been politically engaged’There’s something interestingly tough and forthright about this slow-burner from director and co-writer Gavin Hood. It is a beady-eyed spy drama that has shrewd things to say about the British establishment’s tendency to spite under pressure, about the eternal duality of c
  • A New Strain of Malware Is Terrorizing Docker Hosts

    A New Strain of Malware Is Terrorizing Docker HostsFor the first time in history, researchers have discovered a crypto-jacking worm that spreads via unsecured Docker hosts. Researchers at Unit 42 said that the new strain of malware has spread to more than 2,000 Docker hosts by using containers in the Docker Engine (Community Edition).The new worm has been named Graboid after the fictional subterranean sandworms that made a fairly poor show of hunting humans in nineties flick Tremo
  • Imposter Emails Plague Healthcare Industry

    Imposter Emails Plague Healthcare Industry A study looking at cyber-attacks on the healthcare industry has found that 95% of targeted companies encounter emails spoofing their own trusted domain. To create the Protecting Patients, Providers, and Payers 2019 Healthcare Threat Report, cybersecurity company Proofpoint analyzed nearly a year’s worth of cyber-attacks against care providers, pharmaceutical/life sciences organizations, and health insurers.Hundreds of millions
  • Recruitment Sites Expose Personal Data of 250k Jobseekers

    Recruitment Sites Expose Personal Data of 250k Jobseekers The personal details of 250,000 American and British jobs seekers have been exposed after two online recruitment companies failed to set their cloud storage folders as private. Names, addresses, contact information, and career histories were compromised as a result of the oversight by US jobs board Authentic Jobs and UK retail and restaurant jobs app Sonic Jobs.Each company stored the resumes of hopeful job applicants
  • The UK porn ban is dead – for now

    The government has shelved plans to block adult sites using age verification technology amidst heavy criticism from privacy advocates and a perceived lack of scope for the policy
  • Rogue Mobile App Fraud Soars 191% in 2019

    Rogue Mobile App Fraud Soars 191% in 2019Global fraud attacks soared by 63% from the second half of 2018 to the first six months of this year, with fake mobile applications a growing source of malicious activity, according to RSA Security.The firm’s Quarterly Fraud Report for Q2 2019 is a useful snapshot of current trends based on detections by the vendor.Phishing, including vishing and smishing, continues to be the biggest source of fraud — representing over a third (37%) of attacks
  • World’s Largest Child Exploitation Site Shut After Bitcoin Analysis

    World’s Largest Child Exploitation Site Shut After Bitcoin AnalysisGlobal investigators have traced Bitcoin payments to locate and shutdown the dark web’s largest child exploitation website, arrest hundreds of users and rescue dozens of abused children, according to unsealed court documents.On March 5 2018, agents from Homeland Security Investigations (HIS), Internal Revenue Service, Criminal Investigation (IRS-CI), the UK’s National Crime Agency (NCA) and Korean National
  • US Ordered Secret Cyber-Strike on Iran: Report

    US Ordered Secret Cyber-Strike on Iran: ReportThe US ordered a secret cyber-attack on Iranian IT systems in response to the alleged Tehran-backed September 14 attacks on Saudi Arabian oil facilities, according to a new report.Two anonymous US officials told Reuters that the attacks were targeted at Iranian hardware in an operation focused on limiting the Islamic Republic’s ability to spread propaganda.There are few other publicly available details about the raid, although it appears to hav
  • Vermont Schools Spy on What Students Do Online

    Vermont Schools Spy on What Students Do OnlineSchools in Vermont are hiring companies to monitor what their students post and search for online.According to a report by investigative journalism platform VTDigger, five schools in the Green Mountain State hired Burlington-based firm Social Sentinel to track the online activities of their students. Social Sentinel uses keyword-based algorithms and machine learning to scan social media posts within a set geographic area for
  • Over 550 Fake US Election Web Domains Discovered

    Over 550 Fake US Election Web Domains Discovered External threat intelligence experts have detected hundreds of fake election web domains designed to target American voters.New research by Digital Shadows uncovered over 550 fake domains ranging from false funding pages to counterfeit candidate sites set up against 19 Democrat and four Republican presidential candidates.Most of the sites—68%—simply redirect the user to another domain, often to that of a rival candidate. Worr
  • UK Abandons Planned Online Pornography Age Verification System

    UK Abandons Planned Online Pornography Age Verification System The British government has dropped plans to introduce a national online pornography age verification system because implementing it would be too difficult.A nationwide system to ensure X-rated online content cannot be viewed by children was first proposed in 2015 by the then culture secretary Sajid Javid. However, it took the proposal two years to become law.Under the proposal, pornography websites would be required to verify th
  • Industry Calls for Standardization of CISO Role

    Industry Calls for Standardization of CISO RoleProfessionals from the cybersecurity industry have called for clarity regarding the role of Chief Information Security Officers (CISOs).Research from Cyber Security Connect UK (CSCUK), a forum for cybersecurity professionals, has stated that CISOs are being pulled into job requirements outside their jurisdiction and that there is a lack of transparency about the responsibilities of cybersecurity teams within UK businesses of all sizes.The research a
  • Over 100 Million IoT Attacks Detected in 1H 2019

    Over 100 Million IoT Attacks Detected in 1H 2019A security vendor has detected over 100 million attacks on IoT endpoints in the first half of 2019 alone, highlighting the continued threat to unsecured connected devices.Russian AV vendor Kaspersky said its honeypots had spotted 105 million attacks coming from 276,000 unique IP addresses in the first six months of the year. The number of attacks is nearly nine times more than the figure for 1H 2018 when only 12 million were detected, originating f
  • Revealed: State-Sponsored Campaign that Helped China Build an Aircraft

    Revealed: State-Sponsored Campaign that Helped China Build an AircraftThe Chinese government orchestrated a sophisticated multi-year cyber-espionage campaign to gain parity with western aerospace firms and help it build the C919 commercial airliner, a new report has alleged.The story is an exemplar of the lengths Beijing is prepared to go to steal IP and force tech transfers from foreign companies and nations in order to gain self-sufficiency.“What is known from CrowdStrike Intelligence re
  • Major Carding Forum BriansClub Suffers Data Breach

    Major Carding Forum BriansClub Suffers Data BreachOne of the web’s largest marketplaces for stolen card data has been hacked, leading to the theft the second time over of more than 26 million cards.A source shared the news with security researcher Brian Krebs, whose name and likeness have been used for years by the administrators of the online BriansClub store.It is claimed that the trove includes credit and debit card details stolen from bricks-and-mortar retailers from the past four year
  • #ISWUK: Ransomware Remains Top Threat For Present and Future

    #ISWUK: Ransomware Remains Top Threat For Present and FutureRansomware remains the dominant threat for business now, and will continue to be in the future.Speaking at the NTT Security Information Security World 2019 conference in London, Nicole van der Meulen, head of strategy and development at Europol’s European Cybercrime Centre (EC3) reflected upon the top cyber-threats impacting the security of data today.van der Meulen Highlighted the five top current threats as: Ransomware Comp
  • Canadian Students Are Sharing Passwords to Prove Friendships

    Canadian Students Are Sharing Passwords to Prove FriendshipsCanadian students are sharing their online passwords with one another as proof of friendship, according to the Quebec Access to Information Commission (CAI).Since 2016, CAI has toured secondary schools across Quebec with a campaign called "Ce que tu publies, penses-y" which roughly translates as "Think before you publish."The purpose of the cybersecurity campaign is to warn adolescents about the risks and consequences of being acti
  • A Quarter of Americans Want Cyber-Flashers Jailed for Five Years

    A Quarter of Americans Want Cyber-Flashers Jailed for Five YearsA survey has revealed that a quarter of Americans think that sending unsolicited nude digital images should carry a five-year jail sentence and a hefty fine. The survey of 1,058 Americans aged 18 to 73 was carried out on behalf of BadGirlsBible.com. Participants were asked questions about how they send and receive photos in the modern world. Seventy percent of women and 50% of men surveyed said they thought that
  • A Quarter of Americans Want Cyber-flashers Jailed for 5 Years

    A Quarter of Americans Want Cyber-flashers Jailed for 5 YearsA survey has revealed that a quarter of Americans think that sending unsolicited nude digital images should carry a five-year jail sentence and a hefty fine. The survey of 1,058 Americans aged 18 to 73 was carried out on behalf of BadGirlsBible.com. Participants were asked questions about how they send and receive photos in the modern world. Seventy percent of women and 50% of men surveyed said they thought that a j
  • Florida Women's Clinic Warns 520,000 Patients of Data Breach

    Florida Women's Clinic Warns 520,000 Patients of Data BreachA Florida clinic providing specialized medical care for women has alerted all current and former patients that their personal information and medical records may have been exposed following a data breach. North Florida OB-GYN, which joined Women's Care Florida on May 6, 2019, became aware that a cyber-attack had been waged against its network on July 27 of this year. The breach is thought to have taken place on or before
  • #ISWUK: Trust Erosion Preventing Business Transformation

    #ISWUK: Trust Erosion Preventing Business TransformationAn Erosion trust, and a lack of situational awareness, are continuing to harm advancements in cybersecurity and digital transformation.Speaking at NTT Security’s Information Security World event in London, Thales CTO Jason Hart reflected upon the journey of 50 million users to radio, television, internet and, most recently, the Pokemon Go app. He likened this journey to the transformation of businesses fo
  • Ex-TalkTalk Security Leader to Take on Firm in Unequal Pay Dispute

    Ex-TalkTalk Security Leader to Take on Firm in Unequal Pay DisputeA former TalkTalk executive who led the company’s program to recover from a major 2015 breach is crowdfunding legal fees to bring a landmark equal pay case against the ISP.Rebecca Burke worked as program director for the embattled UK firm as part of its Top 50 Leadership Team to deliver the top 10 highest priority programs for the business.These included a strategy to bounce back from the breach in which hackers ma
  • Analyst Urges UK CISOs to Act on Brexit

    Analyst Urges UK CISOs to Act on BrexitA leading analyst firm has warned British CISOs to focus on three key areas to mitigate the potential fallout from the UK’s departure from the European Union.Whether the UK strikes a withdrawal agreement with the EU or not, security bosses must carefully consider action to maintain unhindered international data flows, and manage potential staffing and regulatory challenges, according to senior analyst, Paul McKay.He warned that a no-deal Brexit would
  • Pitney Bowes and Groupe M6 Hit By Ransomware

    Pitney Bowes and Groupe M6 Hit By RansomwareA US mailing technology company and one of France’s largest media groups have been hit by ransomware over the past few days, highlighting the continued threat to businesses of all types.Pitney Bowes, which provides services to print labels, track parcels and manage expenses, revealed the news in an update overnight.It claimed a third-party attack “encrypted information on some systems and disrupted customer access to our services.”Sen
  • Atlanta Judge Pleads Not Guilty to Improper Access of County Network

    Atlanta Judge Pleads Not Guilty to Improper Access ofCounty Network Superior Court judge Kathryn Schrader has pleaded not guilty to improperly accessing, altering, and removing data from the computer network of Gwinnett County, Georgia, located just northeast of Atlanta.  The judge was indicted on September 18, along with convicted child molester and co-founder of Atlanta sci-fi convention DragonCon, Ed Kramer; private investigator T.J. Ward; and Frank Karic. The defendants are ea
  • Thoma Bravo to Buy Sophos Group for $3.8bn

    Thoma Bravo to Buy Sophos Group for $3.8bnA British manufacturer of cybersecurity products is to be bought by American private equity firm Thoma Bravo for $3.8bn.Thoma Bravo, which raised billions for its latest private equity fund this year, bought Imperva and another cybersecurity firm, Veracode, in late 2018. In a buyout deal announced earlier today, Thoma Bravo said that it will be adding Sophos Group to its fast-growing cybersecurity portfolio. S
  • Thoma Bravo Buys Sophos Group for $3.8bn

    Thoma Bravo Buys Sophos Group for $3.8bnA British manufacturer of cybersecurity products has been bought by American private equity firm Thoma Bravo for $3.8bn.Thoma Bravo, which raised billions for its latest private equity fund this year, bought Imperva and another cybersecurity firm, Veracode, in late 2018. In a buyout deal announced earlier today, Thoma Bravo said that it will be adding Sophos Group to its fast-growing cybersecurity portfolio. Sop
  • Tactics of Supply-Chain Attack Group Exposed

    Tactics of Supply-Chain Attack Group ExposedResearchers have exposed the underhanded methods of a threat group responsible for unleashing a string of supply-chain attacks.Winnti Group has been targeting the gaming industry for nearly a decade. Their preferred mode of attack is to compromise game developers, insert backdoors into a game’s build environment, and then have their malware distributed as legitimate software.In April 2013, Kaspersky Lab reported that in 2011 W
  • Two MPs challenge refusal of judge-led rendition inquiry

    Labour’s Dan Jarvis and Tory David Davis go to high court over abandoned promiseA Labour and a Conservative MP have joined with a human rights charity to mount a legal challenge against a decision to abandon a promise to hold a judge-led inquiry into torture and rendition involving British intelligence agencies after 9/11.Dan Jarvis and David Davis have submitted an application for a judicial review in the high court in conjunction with Reprieve to try to reverse a decision made in the las
  • Stolen Cloud API Key to Blame for Imperva Breach

    Stolen Cloud API Key to Blame for Imperva BreachA security breach which led to the compromise of customer data at Imperva was caused by a stolen API key for one of its Amazon Web Services (AWS) accounts, the firm has revealed.The firm was notified of the incident, which affected a subset of its Cloud WAF customers, by a third party at the end August.Chief technology officer, Kunal Anand, explained in a blog post that the firm decided back in 2017 to migrate to the AWS Relational Database Service

Follow @Security_UKnws on Twitter!