• Reddit Locks Down Accounts After Security Incident

    Reddit Locks Down Accounts After Security IncidentA large number of Reddit users have been locked out of their accounts as a precaution while the site’s admins investigate potential unauthorized access.Staffer “Sporkicide” would not disclose exactly how many users were affected by the move, but claimed in a post yesterday that “a large group of accounts were locked down due to a security concern.”“By ‘security concern,’ we mean unusual activity tha
  • Jailed director of security firm stole identities to supply fake guards to festivals

    The director of a South Wales company that supplied events with bogus security staff has been jailed for two years and three months.
  • Global Firms Face $5tr in Cybercrime Losses

    Global Firms Face $5tr in Cybercrime Losses Global firms could lose over $5tr to cybercrime over the next five years, a new Accenture study has warned.The consulting giant interviewed over 1700 CEOs and other C-suite executives to compile its report, Securing the Digital Economy: Reinventing the Internet for Trust.It claimed that as businesses become more dependent on complex web-based models, their ability to innovate and grow securely cannot keep up.In fact, over three-quarters (79%) clai
  • DNC: Russian Hackers Targeted Staffers After Midterms

    DNC: Russian Hackers Targeted Staffers After MidtermsThe Democratic National Committee (DNC) has claimed that one of the same Russian hacking groups blamed for leaking sensitive information in 2016 targeted its employees again just days after the 2018 midterm elections.In court documents filed at the weekend, the DNC said that the group known as Cozy Bear (aka APT29/The Dukes) posed as a State Department official in spear-phishing emails sent to dozens of its employees.The emails were booby-trap
  • Advertisement

  • Collection #1 Data Dump the “Tip of the Iceberg”

    Collection #1 Data Dump the “Tip of the Iceberg”A recently discovered trove of breached data is just a small part of a major 871GB haul up for sale on the dark web which could contain billions of records, according to experts.The 87GB Collection #1 dump was first publicized late last week when noted researcher Troy Hunt was alerted to the files hosted on a popular cloud site. After cleaning up the data he found it contained nearly 773 million unique email addresses and over 21 millio
  • Home Office under fire for blocking new spy watchdog

    Surveillance expert Eric King vetoed from top job at IPCO over past associationsThe Home Office has prompted outrage by blocking the appointment of the man tasked with leading investigations into the UK’s spy agencies.Eric King had been appointed head of investigations at the new government watchdog charged with regulating the intelligence agencies until the Home Office intervened, apparently due to his “previous work and associations”. Continue reading...
  • New Year, New Features for Fallout EK

    New Year, New Features for Fallout EKThe new year is a time for resolutions and promises of change, so much so that even malware has returned from a bit of time off with some new features, including a new Flash exploit, according to Malwarebytes head of investigations, Jérôme Segura.The Fallout exploit kit (EK) took a little respite over the first few weeks of 2019, but it has returned, this time using CVE-2018-15982, along with HTTPS support, a new landing page format, and Pow
  • Malware Evades Detection One Step at a Time

    Malware Evades Detection One Step at a TimeMalicious code was lurking about in two different apps within the Google Play store, according to researchers at Trend Micro who have disclosed that they discovered a banking Trojan in what seemed like legitimate apps.Both the currency converter and the battery-saving app have been removed from Google Play, but not before they were downloaded thousands of times. The battery app, BatterySaverMobi, even had 73 reviews resulting in a 4.5 star rating,
  • Advertisement

  • Hackers Use PayPal to Phish with Ransomware

    Hackers Use PayPal to Phish with RansomwareA new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link, according to MalwareHunterTeam.Attackers are stealing a page from Daedalus and are killing two birds with one stone by including a link to make a payment. To obtain the decryption key, victims can follow the link
  • CyberFirst Girls 2019 Kicks Off Next Week

    CyberFirst Girls 2019 Kicks Off Next WeekThe third annual CyberFirst Girls competition will kick off on Monday as GCHQ looks to help address a chronic gender imbalance and skills shortage in the industry.Over the past two years, the intelligence service’s National Cyber Security Centre (NCSC) has managed to attract 12,500 female pupils from schools across the UK to take part.Teams of up to four plus a teacher or mentor can enter, with girls in Year 8 in England and Wales, S2 in Scotland an
  • Facebook Disrupts New Russian Disinformation Campaign

    Facebook Disrupts New Russian Disinformation Campaign Facebook has removed hundreds of fake Pages and accounts after spotting a coordinated effort by Russian state-linked actors to spread disinformation in Ukraine and other former Soviet countries.There were two linked campaigns: the first targeting Romania, Latvia, Estonia, Lithuania, Armenia, Azerbaijan, Georgia, Tajikistan, Uzbekistan, Kazakhstan, Moldova, Russia and Kyrgyzstan.Although purporting to be independent or general interest Pa
  • DoJ Prepping Criminal Probe of Huawei IP Theft: Report

    DoJ Prepping Criminal Probe of Huawei IP Theft: ReportThings could be about to get even worse for Huawei after a report claimed the US Department of Justice is readying an indictment against the firm for IP theft against global partner companies.One of these is T-Mobile. That case has already been tried in a civil court in 2017, with a federal jury in Seattle siding with the US mobile carrier in finding Huawei liable for the theft of robotic technology it was developing.The incident happened in
  • Advertisement

  • Trump vows to boost America’s missile defence

    President Donald Trump vowed on Thursday to boost America’s missile defence systems, including by investing in technology to protect against the threat of sophisticated “hypersonic” weapons. Speaking...
  • Royal Navy frigate joins US destroyer in South China Sea

    Royal Navy warship HMS Argyll joined the US Navy for a two-day combined workout in the South China Sea. The Plymouth-based frigate linked up with American destroyer McCampbell, underlining the Royal...
  • J-20 Variant May Be World’s First Two-Seat Stealth Fighter Jet: Report

    China’s most advanced stealth fighter jet J-20 could be developed into a bomber, electronic warfare (EW) aircraft and a carrier-based variant, Chinese military experts said on Wednesday as...
  • Germany: Arms Exports Approvals Down A Quarter

    The Economy Ministry has reported a 23 percent downfall in arms exports approvals in 2018, one of the biggest in years. A moratorium on all arms exports to Saudi Arabia was a major factor in the...
  • West mustn’t ignore threat of al-Shabaab | Letters

    As Kenya mourns the dead of another major attack, Joseph Mullen says western countries must help to tackle the jihadist group in Africa before the danger spreads to their own shoresThe massacre of 20-plus civilians by al-Shabaab fighters at a hotel in Nairobi (SAS hero is hailed as Kenyatta orders hunt for hotel terrorists, 17 January) is the third major attack on the Kenyan state within the last five years; two previous being the Westgate shopping mall (71 fatalities) and the Garissa University
  • Attackers Leverage Open Source in New BYOB Attack

    Attackers Leverage Open Source in New BYOB AttackAn attack leveraging the open-source Build Your Own Botnet (BYOB) framework has reportedly been intercepted by Israeli cybersecurity firm Perception Point’s incident response team. According to the team, this appears to be the first time the BYOB framework has been found to be used for fraudulent activity in the wild.While these tactics and techniques have historically been limited in used to financially backed advanced persistent threa
  • 2018 Proved Highest Funding Year for Cybersecurity

    2018 Proved Highest Funding Year for CybersecurityDespite a 28% decrease in cybersecurity startups during 2017, global venture capital funding for cybersecurity rebounded with record high investments, according to Strategic Cyber Ventures.Though last year saw $5.3 billion in cybersecurity global ventures, Strategic Cyber Ventures called this an unsustainable investment rate.  Over half of cybersecurity founders of new startups have more than a decade of executive or entrepreneurial experien
  • VOIPo Left 7 Million Logs Unencrytped with No Passwords

    VOIPo Left 7 Million Logs Unencrytped with No PasswordsAnother California-based communications provider has announced a potential security incident, as VOIPo confessed that it left a database containing seven million call logs, six million text messages and other internal documents containing unencrypted passwords unprotected without a password.After security researcher Justin Paine notified the company, he wrote, “This database was promptly secured after I notified the company.
  • VOIPo Left 7 Million Logs Unencrypted with No Passwords

    VOIPo Left 7 Million Logs Unencrypted with No PasswordsAnother California-based communications provider has announced a potential security incident, as VOIPo confessed that it left a database containing seven million call logs, six million text messages and other internal documents containing unencrypted passwords unprotected without a password.After security researcher Justin Paine notified the company, he wrote, “This database was promptly secured after I notified the company.
  • WEF: Cyber-Attacks a Major Global Risk for Next Decade

    WEF: Cyber-Attacks a Major Global Risk for Next DecadeThe vast majority of senior decision makers across the globe expect data theft and cyber-disruption to increase in 2019, according to the latest report from the World Economic Forum (WEF).The annual Global Risks Report for 2019 uses interviews with risk experts, business leaders, academics and others to better understand the challenges facing the world economy.Rising dependency on technology ensured cyber-related risk remained front-of-mind f
  • Oklahoma Government Leaks 3TB of Sensitive Data

    Oklahoma Government Leaks 3TB of Sensitive DataMillions of sensitive files dating back decades have been exposed after 3TB of data on a storage server was left publicly exposed by the Oklahoma Securities Commission.Researchers at UpGuard made the discovery on December 7 last year and it was fixed a day later by the commission, part of the state’s Department of Securities which regulates and administers the trading securities sector.It was first registered as publicly accessible by Shodan a
  • Researchers Find 87GB Trove of Breached Log-Ins

    Researchers Find 87GB Trove of Breached Log-InsA leading security researcher has warned of a major trove of breached data being shared on hacking sites, containing over 772 million unique email addresses and more than 21 million unique passwords.Troy Hunt, owner of the Have I Been Pwned (HIBP) breached credentials site, explained that he was alerted to the collection of 12,000 files hosted on the MEGA cloud service last week.Although the 87GB dump was subsequently removed, he was also notif
  • How UK startup iProov sealed landmark US Homeland Security contract

    The firm has already claimed valuable contracts from the UK Home Office and major banks, but what's next?
  • MS Word Documents Spreading .Net RAT Malware

    MS Word Documents Spreading .Net RAT MalwareA malicious MS Word document, titled “eml_-_PO20180921.doc,” has been found in the wild, and according to researchers at Fortinet's FortiGuard Labs, the document contains auto-executable malicious VBA code.Victims who receive and open the document are prompted with a security warning that macros have been disable. If the user then clicks on “enable content,” the NanoCore remote access Trojan (RAT) software is installed on t
  • Fortnite Vulnerable to Account Take-Over Attack

    Fortnite Vulnerable to Account Take-Over AttackPlayers who love to indulge in online battle should heed caution when playing Fortnite, according to researchers at Check Point who have disclosed vulnerabilities that could give a malicious actor access to a user’s account and their V-Bucks.In addition to gaining full access to a user’s account, an attacker who exploited the vulnerability – which has now been fixed – could have eavesdropped on a player’s in-game conver
  • Bugs Rack Web Host Sites and Flight-Booking System

    Bugs Rack Web Host Sites and Flight-Booking SystemTwo security researchers working independently on different projects have discovered multiple vulnerabilities that affect multiple web hosting platforms, including the popular Bluehost, as well as Amadeus, the online reservation system used by several different airlines.According to independent security researcher Paulos Yibelo, Bluehost, a popular web hosting platform, was riddled with vulnerabilities, including one that would allow complet
  • New Magecart Group Hits Hundreds of Sites Via Supply Chain

    New Magecart Group Hits Hundreds of Sites Via Supply ChainResearchers have uncovered a twelvth Magecart group using tried-and-tested methods to disseminate the digital skimming code by infecting the supply chain.RiskIQ, which has for several years been tracking the activity of groups using Magecart to steal customer card details, claimed the new group has managed to infect hundreds of websites so far via a third party.This firm is Adverline, a French advertising agency. The attackers are said to
  • Alleged SEC Hackers Charged in Insider Trading Conspiracy

    Alleged SEC Hackers Charged in Insider Trading ConspiracyTwo Ukrainian nationals have been charged with hacking into the Securities and Exchange Commission (SEC) and stealing sensitive information for use in insider trading.Artem Radchenko, 27, and Oleksandr Ieremenko, 26, both from Kiev, were charged with 16 counts including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud.They’re alleged to have targeted the SEC’s Ele

Follow @Security_UKnws on Twitter!