• Has GDPR Impacted Insider Threats?

    Has GDPR Impacted Insider Threats?According to new research from Clearswift, the introduction of GDPR has led to a slight drop in insider threats in both the UK and Germany. Survey respondents said that insider threats make up 65% of reported incidents in 2018, compared to 73% last year. German companies reported similar declines, with insider error incidents at 75% this year, down from 80% last year.The research surveyed 400 senior IT decision makers from global organizations wit
  • May to ban Huawei from providing 'core' parts of UK 5G network

    Telecoms firm will still be able to supply some technology, but decision may anger Beijing Theresa May has ordered that Chinese telecoms supplier Huawei be banned from supplying core parts of the future 5G mobile phone network, following a meeting of ministers on the National Security Council (NSC).Huawei will be allowed to supply some “non core” technology to UK phone companies, insiders said, but several ministers in the meeting on Tuesday raised concerns even about that concession
  • European Parliament Approves Mass ID Database Plans

    European Parliament Approves Mass ID Database PlansThe European Parliament has approved plans to boost physical security by implementing a mass identity database, although privacy concerns persist.The Common Identity Repository (CIR) will centralize the personal information of nearly all non-EU citizens in the EU’s visa-free Schengen region. The latter covers the vast majority of the EU except for Ireland and the UK, as well as Bulgaria, Croatia, Cyprus, and Romania.The data — which
  • Addiction Center Patients Exposed in Privacy Snafu

    Addiction Center Patients Exposed in Privacy SnafuA large trove of personally identifiable information (PII) has been leaked by an addiction treatment center after researchers found another unsecured Elasticsearch database online.Justin Paine, who is also a director of trust and safety at Cloudflare, blogged about his findings late last week, claiming to have found the offending database via a simple Shodan search.As the data trove required no authentication to access, he was able to scroll thro
  • Advertisement

  • Cyber Readiness Worsens as Attacks Soar

    Cyber Readiness Worsens as Attacks SoarThe number of organizations in Europe and the US that have been hit by a cyber-attack over the past year has soared to over three-fifths (61%), according to a new report from Hiscox.The global insurer today released the results of its Hiscox Cyber Readiness Report 2019, which is compiled from interviews with over 5300 cybersecurity professionals in the US, UK, Belgium, France, Germany, Spain and the Netherlands.It revealed a sharp increase in the number of
  • Singapore Responds to Recent Cybersecurity Attacks

    Singapore Responds to Recent Cybersecurity AttacksDuring a visit to San Francisco, Singapore foreign affairs minister Vivian Balakrishnan commented that the country cannot "go back to pen and paper. ... If people lose confidence in the integrity and security of the system, then all these aspirations cannot be fulfilled."The comments follow information coming into the open regarding data breaches, one of which affected 14,200 individuals diagnosed with HIV up to January 2013. In a statement by th
  • WannaCry "Hero" Pleads Guilty to Writing Malware in US Court

    WannaCry "Hero" Pleads Guilty to Writing Malware in US CourtMarcus Hutchins, also known as MalwareTech, has pleaded guilty in a US court to two counts of creating and spreading malware. The reverse-engineer is well known for his contribution to ending the WannaCry ransomware attacks in May 2017. According to Wisconsin court documents, Hutchins was charged in "10 counts of a superseding indictment." He pleaded guilty to counts one and two, saying that the US government would be able to prove
  • Password "123456" Used by 23.2 Million Users Worldwide

    Password "123456" Used by 23.2 Million Users WorldwideThe National Cyber Security Centre (NCSC) expects 42% of Britain online users to lose money due to fraud, according to its first UK Cyber Survey. Released over the Easter weekend (April 21, 2019), the report also found that the most-used password from global cyber breaches was "123456," with "ashley" the most-used name as a password. The global password-risk list was published to disclose passwords already known to hackers.Surv
  • Advertisement

  • Sri Lanka terrorist attacks among world's worst since 9/11

    Death toll from Easter Sunday’s eight bomb blasts nears 300, with 500 others injuredSri Lanka bombings: latest updatesSunday’s wave of bombings targeting churches and luxury hotels in Sri Lanka is among the worst terrorist attacks carried out worldwide since 9/11, in which 2,296 people died.On Monday, police said the death toll had surged overnight to 290, with the number expected to rise further. About 500 people were injured, according to reports. Continue reading...
  • Mueller Report: Individuals Deleted Data During Investigation

    Mueller Report: Individuals Deleted Data During InvestigationAfter two years of investigating, yesterday Robert S. Mueller III finally released his investigation, Report on the Investigation into Russian Interference in the 2016 Presidential Election. The 448-page report looks into Russian interference specifically but also into any individuals in the US that may have been involved. Appointed in May 2017 as Special Counsel to the investigation, Mueller found that Russia's interference
  • Cyber-Attack Knocks the Weather Channel Off the Air

    Cyber-Attack Knocks the Weather Channel Off the AirThe Weather Channel, based in Atlanta, Georgia, has been hit with a cyber-attack that knocked it off the air for 90 minutes. On April 18, 2019, the organization took to its Twitter channel to confirm that it had been hit by a "malicious software attack" on its network but as of press time hasn't released any specifics on the attack itself. When the AMHQ show should have started, viewers saw taped programming, Heavy Rescu
  • Facebook Uploaded 1.5 Million Email Contacts Without Consent

    Facebook Uploaded 1.5 Million Email Contacts Without ConsentSince 2016, Facebook has reportedly harvested email contacts of 1.5 million users without their consent. According to Business Insider, the media outlet that broke the story, the company had been collecting the contact lists of new users since May 2016. In a statement, Facebook confirmed that it had been unintentionally uploading this data when people were verifying their accounts. "Last month we stopped offering email pa
  • Advertisement

  • New IRA and Saoradh face backlash over Lyra McKee murder

    Killing of journalist in Derry unites Sinn Féin and unionists against dissident republicans The New IRA have a modern-sounding name, but the shooting of Lyra McKee harks back to a strand of atavistic Irish republicanism.According to this worldview, it was not a reckless gunman from a tiny, fringe terror group who killed the journalist during riots in Derry on Thursday night, but a freedom fighter who was resisting British imperialism. Related: Lyra McKee's death shows the distance Norther
  • LinkedIn Data Found in Unsecured Databases

    LinkedIn Data Found in Unsecured DatabasesA security researcher identified eight unsecured databases that held "approximately 60 million records of LinkedIn user information."GDI Foundation, where the security researcher is from, is a nonprofit organization with a mission to "defend the free and open Internet by trying to make it safer." The researcher, Sanyam Jain, contacted Bleeding Computer when he noticed "something strange." He was seeing unsecured databases containing the LinkedIn dat
  • TA505 Targets Financial and Retail Using 'Undetectable' Methods

    TA505 Targets Financial and Retail Using 'Undetectable' MethodsA financially motivated gang is targeting retailers and financial institutions around the world using remote access software. CyberInt's Research Lab has found that TA505 is using tactics and an off-the-shelf commercial remote administration tool, developed by Russian-based company TektonIT. The group was behind attacks on the global financial industry between December 2018 and February 2019 and is using the
  • Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy

    Fraudsters Exploit Sympathies Surrounding Notre Dame TragedyFraudsters are preying on the goodwill of people everywhere by using the tragic fire of Notre Dame to their advantage.According to research by security company ZeroFOX, cyber-criminals are "spreading misinformation about the disaster," which includes fake donation pages and launching new phishing campaigns. The company says in a blog post that "preying on the sympathy of those wanting to help victims is nothing new, but the technic
  • Cloud Security Spending Set to Top $12bn by 2023

    Cloud Security Spending Set to Top $12bn by 2023Global spending on cloud security is set to grow nearly 18% to reach $12.7bn by 2023, with protection for public cloud deployments prioritized over the coming years, according to a new report from Forrester.Organizations spent $178bn on public cloud services last year, a figure that will grow to $236bn by 2020 — making security increasingly important to protect mission critical systems and sensitive data.Infrastructure decision makers are par
  • Dark Web Fraudsters Defraud Each Other with Fraud Guides

    Dark Web Fraudsters Defraud Each Other with Fraud GuidesCyber-criminals are doing a roaring trade in “how-to” fraud guides for their fellow scammers, although many are out-of-date and incomplete, according to new dark web research from Terbium Labs.The cyber-intelligence firm analyzed nearly 30,000 of these guides to compile its latest report, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data.These online documents typically include instructions on speci
  • DNS Hijackers Target Middle East Governments

    DNS Hijackers Target Middle East GovernmentsSecurity experts are warning of a new state-sponsored DNS hijacking campaign affecting at least 40 organizations across 13 countries.Cisco Talos revealed in a blog post yesterday that the “Sea Turtle” campaign began back in January 2017 and has been active until the first quarter of this year, targeting mainly public and private sector organizations in the Middle East and North Africa.Attackers sought first to gain DNS credentials from targ
  • DCMS Shares UK Journalists Emails, Potential GDPR Breach

    DCMS Shares UK Journalists Emails, Potential GDPR BreachThe government department that is responsible for implementing the General Data Protection Regulation (GDPR) has committed an email faux pas with UK journalists which could also mean it has broken its own rules. Flagged by Guardian journalist Alex Hern on Twitter, the email was regarding its announcement on age verification rules on online pornography. Hern tweeted: "DCMS has just announced that the porn filters are coming online
  • UK To Become First Country To Bring in Age-Verification for Online Pornography

    UK To Become First Country To Bring in Age-Verification for Online PornographyThe UK will become "the first country in the world" to bring in age verification for online pornography, according to the Department for Digital, Culture, Media and Sport (DCMS). The measures, which come into force on July 15, 2019, mean that commercial providers of online pornography will be required by law to carry out robust age-verification checks on users to ensure they are 18 or over.In its announcement this
  • Scranos Goes Global After Targeting China

    Scranos Goes Global After Targeting ChinaA new password and data stealing operation that has been targeting China has started to infect users worldwide, according to Bitdefender Cyber Threat Intelligence Lab. Using a rootkit driver, which is believed to have been a possibly stolen certificate, the attack is still a work in progress with many components in the early stage of development, say the researchers behind the company's latest report, Inside Scranos – A Cros
  • Fifth of Web Traffic Comes from Malicious Bots

    Fifth of Web Traffic Comes from Malicious BotsAround a fifth of all web traffic last year was linked to malicious bot activity, with financial services hit more than any other sector, according to Distil Networks.The security vendor compiled its 2019 Bad Bot Report from analysis of a global network covering thousands of anonymized domains.It claimed to have discovered hundreds of billions of “bad bot” requests across this network, enabling large-scale, automated malicious activity in
  • EU: We Have No Evidence Kaspersky Lab is Security Risk

    EU: We Have No Evidence Kaspersky Lab is Security RiskThe European Commission has admitted it has no evidence that Kaspersky Lab products are a national security risk to member states, despite the European Parliament voting last summer for a ban on the Russian AV company.The revelations come in response to a question from right-wing European Parliament member (MEP), Gerolf Annemans.It refers to the non-binding resolution, passed on June 13 2018, which branded Kaspersky Lab as ‘ma
  • Wipro Confirms Major Breach Investigation

    Wipro Confirms Major Breach InvestigationIT services giant Wipro has revealed it is investigating a potential intrusion after a report named the firm as suffering an attack targeting a dozen customers,India’s third largest IT outsourcer claimed to have spotted “potentially abnormal activity in a few employee accounts” after an “advanced phishing campaign” targeted the company.“Upon learning of the incident, we promptly began an investigation, identified the af
  • Almost a Quarter of Orgs Don’t Run Security Checks on Products

    Almost a Quarter of Orgs Don’t Run Security Checks on ProductsA new study from Outpost24 has discovered that almost one in four (23%) organizations do not carry out any form of security testing on their products before they are launched into the market.The cyber-assessment firm surveyed 121 security professionals at RSA Conference 2019, unearthing a worrying trend whereby application security appears to be taking a back seat in a number of product-producing companies.In fact, Outpost24 fou
  • Spear-Phishing Campaign Targeted Ukrainian Government as Early as 2014

    Spear-Phishing Campaign Targeted Ukrainian Government as Early as 2014A spear-phishing email campaign targeting government entities in Ukraine could have been active as early as 2014, according to FireEye.In a blog post published on April 16, 2019, FireEye Threat Intelligence found the latest spear-phishing email in early 2019, which included a "malicious LNK file" with PowerShell script to download the second-stage payload from the command-and-control (C&C) server. The email was received by
  • Support Services Websites Cut Off from UK Public by Gov-Backed ISPs

    Support Services Websites Cut Off from UK Public by Gov-Backed ISPsCharity, school and social support websites are being blocked by "overzealous" web filters, which have been designed to protect children from harmful online content. According to a study from VPN comparison service Top10VPN.com and Open Rights Group, "In the last two years around 700,000 websites have been blocked by UK ISPs in a Government-backed attempt to protect vulnerable users online."The report analysed the results of
  • Fortinet to Pay $545,000 for Violating False Claims Act

    Fortinet to Pay $545,000 for Violating False Claims ActNetwork security company Fortinet has agreed to pay $545,000 to resolve allegations that it violated the US's False Claims Act.According to the settlement agreement made public on April 12, 2019, "Fortinet acknowledged that during the more than seven years between January of 2009 and the fall of 2016, a Fortinet employee responsible for supply chain management arranged to have labels on certain products altered to make the products
  • NCSC Launches 2019 Cybersecurity Accelerator

    NCSC Launches 2019 Cybersecurity AcceleratorThe UK’s National Cyber Security Centre (NCSC) has launched its latest annual search for the hottest cybersecurity start-ups in the country.The NCSC Cyber Accelerator is a government-funded initiative that claims to have doled out £20m in investment since its launch in 2017, offering up the expertise of NCSC and its parent organization GCHQ to help nurture talent.It’s ultimately hoped that these star companies will go on to build prod

Follow @Security_UKnws on Twitter!