• UK government security decisions can be challenged in court, judges rule

    Supreme court says GCHQ’s hacking powers should be subject to judicial reviewGovernment security decisions will in future be open to challenge in the courts after judges ruled that a secretive intelligence tribunal could not be exempt from legal action.By a 4-3 majority, supreme court justices declared that the extent of GCHQ’s powers to hack into internet services should be subject to judicial review. Related: GCHQ discloses secret location of former London officeContinue reading...
  • British nationals to be banned from parts of Syria under new law

    Those who enter or remain in Idlib or north-east could face 10 years in jail, Sajid Javid to warnBritish nationals are to be banned from entering or remaining in parts of conflict-stricken Syria in the first use of a controversial new power.The home secretary, Sajid Javid, will reveal on Monday how he expects the law, which makes it a criminal offence to enter or remain in a “designated area” overseas, to be used. Continue reading...
  • Download Hijack Flaw Patched in Slack Patches for Windows

    Download Hijack Flaw Patched in Slack Patches for WindowsSlack users have been urged to upgrade their applications and clients to the most recent version, 3.4.0, after Tenable researcher David Wells discovered a new vulnerability that would allow an attacker to share malicious hyperlinks that could alter where a victim’s files were stored.Wells discovered a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows. “This vulnerability, which has been patched,
  • More Orgs Use Booby Traps for Counterintelligence

    More Orgs Use Booby Traps for CounterintelligenceA recent survey found that to gain counterintelligence the vast majority of organizations would allow an attacker to take decoy files rather than stop an attack in progress, according to the latest International Cyber Benchmark Index from the Neustar International Security Council (NISC).A reported one in five companies are currently employing forensic investigations, as well as setting up honey pots and repositories of fake data to lure attackers
  • Advertisement

  • Baltimore Won't Pay Ransom, Systems Remain Down

    Baltimore Won't Pay Ransom, Systems Remain Down The city of Baltimore’s computer systems have remained down since a ransomware attack hit more than a week ago, but the city says it will not pay the ransom despite today’s final 10-day deadline, according to copy of the ransom note obtained by the Baltimore Sun.The May 7 note warned that if the ransom were not paid within 10 days, the city would no longer be able to have its files returned. In the aftermath of the attack, Baltimor
  • Hacktivist Attacks Have Fallen 95% Since 2015

    Hacktivist Attacks Have Fallen 95% Since 2015The number of publicly disclosed hacktivist attacks has dropped by 95% between 2015 and 2018 thanks to the relative decline of Anonymous, new stats from IBM X-Force have revealed.The firm claimed that it recorded 35 incidents in 2015, but the number dropped to just five two years later and two by 2018, with none so far this year.The number attributed to the Anonymous dropped from eight incidents in 2015 to only one tracked in 2018. This is significant
  • Facebook Bans Israeli Firm For Election Meddling

    Facebook Bans Israeli Firm For Election MeddlingFacebook has banned an Israeli company from its platform after detecting a massive, coordinated attempt to influence voters in Africa.In a blog post yesterday, head of cybersecurity policy, Nathaniel Gleicher, revealed his team had been forced to remove 265 Facebook and Instagram accounts, Facebook Pages, Groups and events involved in “coordinated inauthentic behavior” managed by Archimedes Group.In total, the shadowy Israeli firm ran 6
  • How to counter far-right extremism? Germany shows the way | Cynthia Miller-Idriss

    Teachers are better able to identify radicalisation than most, yet in the UK they are too often ignoredDozens of heads of state, policymakers and leaders of technology companies gathered in Paris this week to discuss social media’s impact on global terrorist violence. Their goal – to eliminate terrorist and violent content online – is a laudable, necessary step toward combating extremism. But a critical group was missing from the meeting: educators.During dozens of meetings abo
  • Advertisement

  • Europol and US Police Disrupt $100m Cybercrime Gang

    Europol and US Police Disrupt $100m Cybercrime GangEuropol and US authorities are claiming victory after “dismantling” a major international cybercrime gang that used the GozNym banking trojan in an attempt to steal $100m from businesses.A federal indictment was unsealed yesterday charging 10 members of the group with conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering. An eleventh has already been charged in
  • Critical Vulnerabilities in Cisco Products

    Critical Vulnerabilities in Cisco ProductsA high-risk vulnerability in Cisco's secure boot process was disclosed earlier this week by Cisco and Red Balloon Security and is believed to have affected an estimate 100 or more devices.The vulnerability (CVE-2019-1649) is “in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component
  • Forbes Site Up, Then Down Again after Magecart Attack

    Forbes Site Up, Then Down Again after Magecart AttackForbes was reportedly back online but went down again at 3:30 pm UTC after reports that the site was hit with the Magecart card-skimming malware, according to security researcher Troy Mursch.Mursch tweeted on May 15 that Forbes had been infected with the Magecart malware, adding that customers who made a purchase while the site was compromised likely had their credit card information stolen. In a later tweet, Mursch confirmed that the malware
  • Supply Chain Attack Hits Best of the Web Website

    Supply Chain Attack Hits Best of the Web WebsiteThe website Best of the Web, whose purpose is to assure site visitors that their user data is safe and that the websites it lists value visitor privacy, has been hacked, according to security researcher Willem de Groot. The site is a directory of websites that receive a trust seal so visitors will know they are real businesses, but the site itself was injected with an information stealing malware.  On May 13, the researcher tweeted t
  • Advertisement

  • UK Fraud Complaints Surge Over 40%

    UK Fraud Complaints Surge Over 40% UK consumers’ complaints over banking fraud have surged by over 40% to hit an all-time high in the 2018-19 financial year, driven by online scams, according to official figures.The Financial Ombudsman Service (FOS), which settles disputes between customers and their banks, said it received 12,195 complaints over the period, a 43% increase on the 6952 in the previous 12 months.“One of the fastest-growing types of fraud is authorized push payment (APP
  • Rights Group Win Allows Courts to Scrutinize Spy Agencies

    Rights Group Win Allows Courts to Scrutinize Spy AgenciesPrivacy campaigners are hailing a major legal victory after the Supreme Court ruled that the intelligence services should not be exempt from oversight by ordinary UK courts.Privacy International (PI) has fought a five-year case with the government, following the Edward Snowden disclosures that UK spies used bulk hacking techniques which may have impacted millions.The case was initially heard in the secret Investigatory Powers Tribunal (IPT
  • Trump Declares National Emergency to Contain China Threat

    Trump Declares National Emergency to Contain China ThreatThe Trump administration has turned up the heat on China after declaring a national emergency designed ostensibly to protect US networks from “foreign adversaries.”Although China and Huawei are not named in the declaration, it is widely seen as a move designed to target the latter. It will effectively extend the federal ban on Huawei equipment to all US firms.Separately, and perhaps even more importantly, the Shenzhen giant and
  • Companies' Stock Value Dropped 7.5% after Data Breaches

    Companies' Stock Value Dropped 7.5% after Data BreachesAfter analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.The report, Kings of the Monster Breaches, identified the extensive damage done by improper security by looking specifically at the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016. These to
  • IT Decision-Makers Willing to Share Threat Intel

    IT Decision-Makers Willing to Share Threat IntelThe sharing mentality is starting to take hold across the cybersecurity industry, with the vast majority of security decision-makers confessing that they would be willing to share threat intelligence, according to a new publication by IronNet.The report, Collective Offense Calls for Collective Defense: A Reality Check for Cybersecurity Decision Makers, surveyed 200 U.S. security IT decision-makers. Of those, 94% stated that their organization would
  • Boost Mobile Alerts Customers of Security Incident

    Boost Mobile Alerts Customers of Security IncidentCustomers of Boost Mobile are being urged to change their passwords and PINs after the company announced that it detected unauthorized activity from a third party.“On March 14, 2019, Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the notice of a security incident said.“The Boost Mobile fraud team discov
  • Hospitals Failing on Cybersecurity Hygiene

    Hospitals Failing on Cybersecurity HygieneHealthcare organizations (HCOs) are increasingly at risk from legacy operating systems, device complexity and the use of commonly exploited protocols, according to a new study from Forescout.The security vendor analyzed 75 healthcare deployments running over 1.5 million devices across 10,000 virtual local area networks (VLANs).It found that although less than 1% were running unsupported operating systems, 71% of Windows devices were on Windows 7, Windows
  • “Wormable” Bug Could Enable Another WannaCry

    “Wormable” Bug Could Enable Another WannaCryMicrosoft released fixes for 79 unique vulnerabilities yesterday, including 22 critical bugs — one of which could be used to spread malware around the globe.Microsoft detailed the potential impact of CVE-2019-0708 in a separate blog post on Tuesday.This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.Even worse, according to Micro
  • ZombieLoad Bugs Expose Intel Machines to Data Theft

    ZombieLoad Bugs Expose Intel Machines to Data TheftResearchers have discovered a major new set of vulnerabilities in nearly all post-2011 Intel chips which could enable side-channel attacks targeting sensitive information.ZombieLoad is reminiscent of Spectre and Meltdown bugs reported in January 2018 in that it affects not only desktop and laptop machines but also cloud servers. Like them, it exploits the speculative execution process to enable attackers to steal data from the processor.Tec
  • Police chiefs in row over definition of Islamophobia

    Muslim groups contest claim that proposed definition could undermine counter-terror fight Police chiefs have been accused of misunderstanding a cross-party effort to fight anti-Muslim prejudice after they publicly warned it risked undermining the fight against terrorism and hampering free speech.The row centres on a proposed new definition of Islamophobia by a group of parliamentarians who say they consulted extensively before writing it, including with some police officers. Continue reading...
  • San Francisco Votes to Ban Facial Recognition

    San Francisco Votes to Ban Facial RecognitionLawmakers in San Francisco will vote today on legislation that would ban the use of facial recognition technology among city departments, according to NPR.If approved, the law would make San Francisco the first city to ban the technologies use, a ban that would extend to police body cameras. “Governments have used the technology for several years, and the software can assist with efforts to find missing children, for example, or prevent driver's
  • Speculators Look to ID AVs Hacked by Russia

    Speculators Look to ID AVs Hacked by RussiaLast week Infosecurity Magazine reported on threat intelligence published by Advanced Intelligence (AdvIntel) claiming that three US antivirus companies had been hacked by a top-tier Russian hacking collective.While the original research did not identify the impacted companies, both Gizmodo and Bleeping Computer have reported that McAfee, Symantec and Trend Micro are the three companies in question.Though it does try to adhere to the general rule o
  • Over 460,000 E-Retailer User Accounts Hacked

    Over 460,000 E-Retailer User Accounts HackedFast Retailing Co., Asia’s largest retailer, released a statement acknowledging that hackers likely gained access to the personal information of nearly half a million Uniqlo and GU brand e-commerce portal users.“It was confirmed on May 10, 2019 that an unauthorized login by a third party other than the customer occurred on the online store site operated by our company. Although the number of targets and the situation may change accordi
  • Over 460 Million E-Retailer User Accounts Hacked

    Over 460 Million E-Retailer User Accounts HackedFast Retailing Co., Asia’s largest retailer, released a statement acknowledging that hackers likely gained access to the personal information of nearly half a million Uniqlo and GU brand e-commerce portal users.“It was confirmed on May 10, 2019 that an unauthorized login by a third party other than the customer occurred on the online store site operated by our company. Although the number of targets and the situation may change acc
  • Sajid Javid admits MI5 committed serious safeguard breaches

    Breached safeguards relate to information obtained under interception warrantsMI5 has committed “serious” breaches of surveillance safeguards in the way it handles information obtained under interception warrants, the home secretary, Sajid Javid, has admitted.So severe was the compliance failure that the Investigatory Powers Commissioner’s Office (IPCO) sent a team of inspectors into the intelligence agency for a week to investigate, according to the human rights organisation L
  • Equifax Has Spent Nearly $1.4bn on Breach Costs

    Equifax Has Spent Nearly $1.4bn on Breach CostsEquifax has incurred losses so far of over $1.35bn from a devastating 2017 breach which affected more than half of all Americans and millions of UK consumers, the firm revealed in its latest financials.The credit agency claimed in its Q1 2019 earnings statement that the figure “related to the incident, incremental technology and data security costs, and an accrual for losses associated with legal proceedings and investigations.”The firm
  • Nine Charged in $2m SIM Swap Conspiracy

    Nine Charged in $2m SIM Swap ConspiracyNine men have been charged for their alleged role in a major SIM swapping operation designed to bypass log-in security to steal millions in cryptocurrency from their victims.Dubbed “The Community” by investigators, the group of individuals in their teens and 20s includes six alleged cyber-criminals and three former employees of mobile phone companies who are said to have helped them.The former are charged with conspiracy to commit wire fraud, wi
  • WhatsApp Finds and Fixes Targeted Attack Bug

    WhatsApp Finds and Fixes Targeted Attack BugWhatsApp is urging its global users to update their app after fixing a serious remote code execution (RCE) vulnerability which was being exploited in a highly targeted attack, potentially by a nation state.The Facebook-owned mobile comms giant, which has over 1.5 billion users, rolled out a fix on Friday for the buffer overflow vulnerability in WhatsApp VOIP stack. It claimed the flaw allowed RCE “via specially crafted series of SRTCP packet

Follow @Security_UKnws on Twitter!