• US Indicts Chinese Man for Anthem Breach

    US Indicts Chinese Man for Anthem BreachThe US authorities have charged a Chinese man for his role in the massive 2015 information-stealing raid on health insurer Anthem, which affected nearly 79 million customers.Fujie Wang, 32, and another man charged as John Doe, have been indicted for attacks on four US businesses, including a “basic materials” firm, a tech company and a communications business.According to the court documents unsealed last week in Indianapolis, the two are
  • UK Political Parties Fail on Email Security Ahead of Elections

    UK Political Parties Fail on Email Security Ahead of ElectionsThe UK’s political parties are largely failing to protect their members from phishing attacks ahead of the European elections, a security vendor has claimed after revealing poor take-up of the DMARC protocol.Domain-based Message Authentication, Reporting and Conformance, to give it its full title, is widely regarded as a best practice solution to help mitigate the threat of email impersonation.Although not a silver bullet for em
  • TalkTalk Overlooked Nearly 5000 Customers in Breach Notification

    TalkTalk Overlooked Nearly 5000 Customers in Breach NotificationA mishandled 2015 data breach continues to hound TalkTalk after it emerged that the UK telco failed to notify nearly 5000 customers that had been affected.After being contacted by viewers who suspected their details had been stolen via the telco, consumer rights program Watchdog Live investigated.It subsequently found their full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and ban
  • UK Invests £22m in Army Cyber Centers as Russian Threat Looms

    UK Invests £22m in Army Cyber Centers as Russian Threat LoomsThe UK government has been sharing cyber-intelligence with 16 NATO allies and others outside the alliance on coordinated Russian attempts to probe critical infrastructure and government networks for vulnerabilities, according to Jeremy Hunt.The foreign secretary will say today at the NATO Cyber Defence Pledge Conference in London that the Kremlin is engaged in a global campaign designed to find IT flaws that could be exploit
  • Advertisement

  • Inside the neo-Nazi plot to kill a Labour MP – podcast

    A plot to kill a Labour MP and a police officer was only disrupted after an informant within the neo-Nazi group National Action blew the whistle. Robbie Mullen passed the details on to Hope Not Hate’s Matthew Collins. Here, they tell their extraordinary story. Also today: the columnist Aditya Chakrabortty on his unlikely collaboration with the techno group UnderworldIn the summer of 2017, Jack Renshaw, then aged 22, of the neo-Nazi group National Action, sat in a pub in Warrington and told
  • Fraud Attacks from Mobile Spiked 300% in Q1

    Fraud Attacks from Mobile Spiked 300% in Q1Fraud attacks from mobile apps spiked by 300% in the first quarter of 2019, according to new researcher from RSA.Published today, the Fraud Attack Trends: Q1 2019 report found that the total fraud attacks from rogue mobile applications on January 1 was 10,390 but had jumped to 41,313 by March 31.Rogue mobile apps are those designed to duplicate legitimate apps of trusted brands, which are a fast-growing phenomenon among cyber-criminals and a huge d
  • Firmware Vulnerability in Mitsubishi Electric

    Firmware Vulnerability in Mitsubishi Electric A vulnerability in Mitsubishi Electric’s MELSEC-Q Series Ethernet Module could allow a remote attacker to gain escalated privileges, according to an ICS-CERT advisory.Reported by Nozomi Networks, the vulnerability “could allow an attacker to render the PLCs statue in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or executive arbitrary code in the context of the affected system of the
  • US May Ban Chinese Surveillance Camera Companies

    US May Ban Chinese Surveillance Camera CompaniesCiting human rights as the primary concern, the US announced that it is considering a ban on surveillance technologies produced by five Chinese companies, including Hangzhou Hikvision Digital Technology Co. and Zhejiang Dahua Technology Co., to a blacklist that bars them from US components or software, according to The New York Times and Bloomberg.Hikvision’s cameras are used the world over, which has raised human rights c
  • Advertisement

  • Google Stored Plaintext Passwords Since 2005

    Google Stored Plaintext Passwords Since 2005Google has admitted that some of its enterprise customers’ passwords have been erroneously stored in plaintext, in a security issue dating back 14 years.The tech giant’s VP of engineering, Suzanne Frey, explained that the problem occurred when it introduced a new way for G Suite domain administrators to upload and manually set new passwords for their employees, to help with onboarding and account recovery.“We made an error when implem
  • FCA: £27m Lost to Crypto Scams Last Year

    FCA: £27m Lost to Crypto Scams Last YearThe UK’s financial regulator has warned that £27m was lost in the last financial year to scams promising big returns on cryptocurrency and foreign exchange (forex) investments.The Financial Conduct Authority (FCA) claimed that investors lost on average £14,600 to fraud during the 12-month period, with reports of scams more than tripling to 1800.This kind of fraud typically starts on social media, where investors are lured by “
  • Lib Dems Come First in UK for Cybersecurity

    Lib Dems Come First in UK for CybersecuritySweden’s political parties have the best cybersecurity posture globally, with the UK languishing in the bottom half of the table, according to a new analysis by SecurityScorecard ahead of the European Parliament elections.Noting the impact of a major data breach at the Democratic National Committee (DNC) which helped to swing the 2016 Presidential election in favor of Donald Trump, the security vendor decided to appraise the security of political
  • DHS Issues Alert on Chinese-Made Drones

    DHS Issues Alert on Chinese-Made DronesChinese-made drones may be sending sensitive flight data to their manufacturers in China, according an alert issued by the US Department of Homeland Security (DHS), CNN reported on May 20.In a copy of the alert obtained by CNN, DHS said, "The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to t
  • Advertisement

  • Ransomware Not Gone but More Targeted, Report Says

    Ransomware Not Gone but More Targeted, Report SaysCyber-criminals continue to grow more sophisticated, developing advanced attack methods, including tailored ransomware, according to the Q1 Global Threat Landscape Report, published today by Fortinet. In addition to targeted attacks, criminals are also using custom coding, living-off-the-land (LotL) and sharing infrastructure to maximize their opportunities, the report said.Despite a decline in previous high rates of ransomware, ransomware itself
  • Encryption is Often Poorly Deployed, if Deployed at All

    Encryption is Often Poorly Deployed, if Deployed at All Encryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.According to research by Thales and IDC, encryption for email is only adopted by around 27% of European of the respondents they recently surveyed, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European
  • DDoS Attacks on the Rise After Long Period of Decline

    DDoS Attacks on the Rise After Long Period of DeclineThe number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab.The global cybersecurity company’s findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shiftin
  • Washington Issues Temporary License to Huawei

    Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August.Despite reports emerging over the weekend of various chipmakers halting supplies to the Chinese firm after it was placed on an Entity List last week, the Commerce Department appears to have softened its stance.Issued on Monday, the temporary general license for Huawei and 68 non-US affiliates
  • Phishing Kit 16Shop Targets Apple Users, Hackers

    Phishing Kit 16Shop Targets Apple Users, HackersResearchers have discovered a hidden backdoor in a commercial phishing kit, 16Shop, used to attack Apple customers, according to Akamai.“When it comes to targeting Apple users and their personal and financial data, 16Shop has emerged as a go to kit for those who can afford it. While 16Shop is sold to criminals looking to collect sensitive information from a targeted subset of the Internet community, at least one pirated version circulating on
  • Aussie Government IT Worker Arrested for Cryptomining

    Aussie Government IT Worker Arrested for CryptominingAn Australian government IT contractor has been arrested on suspicion of making thousands from an illegal cryptocurrency mining operation at work.The 33-year-old New South Wales man appeared in court today after allegedly earning AU$9000 ($6188) by “modifying his agency’s computer systems,” according to the Australian Federal Police (AFP).At Sydney Local Court, he was charged with unauthorized modification of data to cause im
  • Fifth of Docker Containers Have No Root Passwords

    Fifth of Docker Containers Have No Root PasswordsA fifth of the world’s most popular Docker containers contain a security issue which could make them vulnerable to attack in some circumstances, a researcher has discovered.Kenna Security principal security engineer, Jerry Gamblin, explained that after recent Cisco Talos research revealed Alpine Linux docker images were shipping with no (nulled) root passwords, he decided to dig a little deeper.Running a script on the 1000 most popular conta
  • KnowBe4 Announces Acquisition of CLTRe

    KnowBe4 Announces Acquisition of CLTReKnowBe4 has announced the acquisition of CLTRe, adding the capability to measure security culture into its portfolio.Led by Kai Roer, CLTRe is a Norwegian company focused on helping organizations assess, build, maintain and measure a strong security posture. It will continue to operate as an independent subsidiary of KnowBe4.The acquisition will mean that CLTRe’s toolkit and Security Culture Framework will be available to all KnowBe4 customers later th
  • Ecuador Shares Assange's Legal Docs with US

    Ecuador Shares Assange's Legal Docs with USComplying with a request by US authorities, Ecuadorian officials are preparing to hand over documents that are reportedly the entire legal defense against Julian Assange, compiled during the time he has been living in the Ecuadorian embassy in London, according to WikiLeaks."On Monday Ecuador will perform a puppet show at the embassy of Ecuador in London for their masters in Washington, just in time to expand their extradition case before the UK deadlin
  • New South Wales Announces New Cybersecurity Position

    New South Wales Announces New Cybersecurity PositionIn an attempt to centralize all of the cyber efforts and strategies of the state, New South Whales (NSW) has announced a new cybersecurity NSW office to be led by led by Tony Chapman, chief cybersecurity officer, according to a May 20 press release.Chapman assumed the position today, which falls under the department of customer service, and wrote via LinkedIn, “The changes reflect the leadership and coordination role required to uplift cy
  • Online Account Hijacker Forum OGUsers Hacked

    Online Account Hijacker Forum OGUsers HackedAn online forum used by those involved in online account hijacking has been breached, according to KrebsonSecurity.An attack on OGUsers.com leaked the personal information of nearly 113,000 people. Krebs reportedly received a copy of the database, which included usernames, email addresses, hashed passwords, private messages and IP address.The RaidForums Omnipotent administrator announced to forum members that he had made the OGUsers forum database
  • Sajid Javid announces overhaul of espionage and treason laws

    New bill needed to tackle hostile activity by Russia and others, says home secretaryHostile state actors – spies, assassins or hackers directed by the government of another country – are to be targeted by refreshed espionage and treason laws, the home secretary has announced.In a speech to security officials in central London, Sajid Javid revealed plans to publish a new espionage bill to tackle increased hostile state activity from countries including but not limited to Russia. Conti
  • The global supply implications of the Google-Huawei blacklisting

    If Google is forced to block Android and related Google Services from shipping in future Chinese handsets, the ramifications for global production could be enormous
  • LeakedSource Company Pleads Guilty

    LeakedSource Company Pleads Guilty The operators of an infamous breached credentials site have pleaded guilty to trading in stolen information, according to Canadian police.Defiant Tech, which owns the LeakedSource website, entered the plea on Friday at a court in Ottowa, a brief notice from the Royal Canadian Mounted Police (RCMP) stated.The charges of “trafficking in identity information and possession of property obtained by crime” came after an investigation was launched by the p
  • Ex-CIA Man Gets 20 Years for Handing China Secrets

    Ex-CIA Man Gets 20 Years for Handing China SecretsA former CIA intelligence officer has been sentenced to two decades behind bars after being found guilty last year of passing defense secrets to China.Kevin Patrick Mallory, 62, of Leesburg, was found guilty by a federal jury in June 2018 of conspiracy to deliver, attempted delivery, delivery of national defense information to aid a foreign government, and making material false statements.He is said to have been paid $25,000 for handing classifie
  • Chipmakers Cut Huawei Shipments

    Chipmakers Cut Huawei Shipments European and US chipmakers have stopped supplying Huawei with products while Google will cease providing technical Android support from the next OS iteration, as Donald Trump’s executive order starts to bite.Google said in a tweet yesterday: “while we are complying with all US gov't requirements, services like Google Play & security from Google Play Protect will keep functioning on your existing Huawei device.”However, it’s believe
  • British nationals to be banned from parts of Syria under new law

    Those who enter or remain in Idlib or north-east could face 10 years in jail, Sajid Javid to warnBritish nationals are to be banned from entering or remaining in parts of conflict-stricken Syria in the first use of a controversial new power.The home secretary, Sajid Javid, will reveal on Monday how he expects the law, which makes it a criminal offence to enter or remain in a “designated area” overseas, to be used. Continue reading...
  • Download Hijack Flaw Patched in Slack Patches for Windows

    Download Hijack Flaw Patched in Slack Patches for WindowsSlack users have been urged to upgrade their applications and clients to the most recent version, 3.4.0, after Tenable researcher David Wells discovered a new vulnerability that would allow an attacker to share malicious hyperlinks that could alter where a victim’s files were stored.Wells discovered a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows. “This vulnerability, which has been patched,

Follow @Security_UKnws on Twitter!