• Calling Corbyn a ‘terrorist sympathiser’ is just a way to prevent awkward questions | Daniel Finn

    Labour’s leader draws fire because he doesn’t go along with the double standards ruling the UK’s relations with foreign powersLast week Jeremy Corbyn was branded a “terrorist sympathiser” by a heckler in Glasgow, who demanded to know where his “Islamic jihad scarf” could be found.The moment, gleefully covered by the rightwing press, lost some of its lustre when it emerged that the heckler, a Church of Scotland minister called Richard Cameron, allegedly h
  • Researchers Publish PoC for Docker Escape Bug

    Researchers Publish PoC for Docker Escape BugSecurity researchers are urging Docker customers to upgrade to the latest version after detailing a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape.The CVE-2019-14271 flaw was fixed in Docker version 19.03.1, but if left unpatched could give an attacker full root code execution on the host.“The vulnerability can be exploited, provided that a container has been compromised by a pre
  • US Man Charged with ISIS Coding Plot

    US Man Charged with ISIS Coding PlotA Chicago man has been arrested and charged with attempting to provide technology to ISIS to support the terror group’s propaganda efforts.Thomas Osadzinski, 20, was arrested on Monday and charged with one count of attempting to provide material support and resources to a foreign terrorist organization.The complaint alleged that he designed a process that helps computer users more easily access and share ISIS propaganda on social media.Osadzinski was cau
  • Anti-Stalkerware Alliance Sets Sights On Malicious Spying Apps

    Anti-Stalkerware Alliance Sets Sights On Malicious Spying AppsThe anti-virus industry has teamed up with victim support groups in a new anti-stalkerware alliance focused on shutting down the malicious surveillance apps.The Coalition Against Stalkerware features Kaspersky, Norton, Avira, G Data and Malwarebytes alongside the Electronic Frontier Foundation (EFF), the National Network to End Domestic Violence, Operation: Safe Escape and other domestic violence groups.Its focus will be on providing
  • Advertisement

  • Windy City to Welcome 2,000 New Jobs in Cybersecurity and Technology

    Windy City to Welcome 2,000 New Jobs in Cybersecurity and Technology Cybersecurity and technology firms have revealed plans to create 2,000 new jobs in Chicago, Illinois, next year.The encouraging news was revealed yesterday when representatives of 15 different businesses joined the Chicago mayor, Lori Lightfoot, to celebrate the city's third annual Tech Day. The event was held at the headquarters of software company Relativity. Chicago’s first African American–owned cybers
  • Only 12.5% of Top US Retailers Protect Customers from Email Fraud

    Only 12.5% of Top US Retailers Protect Customers from Email Fraud A study conducted by cloud-based email security company Red Sift has found that only 12.5% of America's top 100 retailers have taken steps to prevent fraudulent emails from landing in their customers' inboxes.The worrying finding emerged after Red Sift researchers looked into the DMARC status of companies featured in STORES Magazine’s Top 100 Retailers for 2019, along with their subsidiaries.&nb
  • PayMyTab Exposes Data of US Restaurant Goers

    PayMyTab Exposes Data of US Restaurant Goers A mobile payments provider exposed the data of thousands of US restaurant goers for 16 months by failing to follow security protocols. PayMyTab didn't change the security settings to "private" on an Amazon Web Services (AWS) S3 bucket that the company has been using to store customer data since July 2, 2018.Data exposed included personally identifying information (PII) of customers who had paid for restaurant meals using the PayMyTab se
  • Gerry Adams was interned illegally during Troubles, supreme court told

    Wrong minister approved order, court hears during appeal to overturn convictions for escaping Maze prison in 70sThe former Sinn Féin leader Gerry Adams was interned illegally at the height of Northern Ireland’s Troubles because the wrong minister approved his detention order, the supreme court in London has been told.In an attempt to overturn two criminal convictions for escaping from the Maze prison in 1973 and 1974, lawyers for the 71-year-old are challenging the way he was origin
  • Advertisement

  • Gerry Adams was illegally interned during troubles, supreme court told

    Wrong minister approved order, court hears, during appeal to overturn convictions for escaping Maze prison in 70sThe former SinnFéin leader Gerry Adams was illegally interned at the height of Northern Ireland’s Troubles because the wrong minister approved his detention order, the supreme court in London has been told.In an attempt to overturn two criminal convictions for escaping from the Maze prison in 1973 and 1974, lawyers for the 71-year-old are challenging the way in which he w
  • Governments Lose Millions to DNS Attacks Each Year

    Governments Lose Millions to DNS Attacks Each YearGlobal governments lose nearly $7 million on average from DNS attacks each year, the most of any sector, according to new research from EfficientIP.The DNS security vendor commissioned IDC to poll nearly 1000 IT and security leaders from North America, Europe and Asia Pacific, to compile its IDC 2019 Global DNS Threat Report.It revealed that public sector organizations around the world suffer on average 12 DNS attacks per year, costing over half
  • Macy’s Online Customers Hit by Magecart Breach

    Macy’s Online Customers Hit by Magecart BreachMacy’s is notifying some of its online customers that their card details have been skimmed as part of another Magecart data breach.According to the breach notice, the firm only found out about the incident around a week after it happened, in early October.“On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investig
  • Louisiana Servers Down After Another Ransomware Blitz

    Louisiana Servers Down After Another Ransomware BlitzA major ransomware attack on Louisiana state IT infrastructure yesterday forced multiple services offline, including government websites, email and internal applications.The incident was revealed by Louisiana governor John Bel Edwards in a series of tweets on Monday afternoon, local time.He claimed the state’s Office of Technology Services (OTS) detected a cybersecurity threat that “affected some, but not all state servers,”
  • Hacked Disney+ Accounts on Sale for $1

    Hacked Disney+ Accounts on Sale for $1 Disney's new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1. According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was targeted by threat actors from the get-go. Within hours of the service going live on November 12, Disney+ users began posting messages o
  • Interpol to Condemn Strong Encryption

    Interpol to Condemn Strong Encryption International crime-fighting force Interpol is to condemn the spread of strong encryption because of the protection it gives to child sexual predators.News service Reuters stated yesterday that Interpol will issue a statement announcing their staunch opposition to strong encryption later today. According to Reuters, word of the announcement was leaked to them by three people who had been briefed on the matter. According to Reuters' source
  • CyberCon Triples Number of Events for 2020

    CyberCon Triples Number of Events for 2020 A US cybersecurity conference focused on protecting power and utilities is tripling the number of events it will stage next year.The decision to hold three events instead of the usual one was announced today by CyberCon Power & Utilities CISO Summit and Cybersecurity Conference. Prompting the major expansion plans is an increase in the number of cyber-threats faced by the US power grid, coupled with what the event's organizers are calling
  • Office 365 Admins Singled Out in Phishing Campaign

    Office 365 Admins Singled Out in Phishing CampaignSecurity experts are warning of a newly discovered phishing campaign targeting Office 365 administrators and using legitimate sender domains to bypass reputation filters.PhishLabs said it saw malicious emails being sent out as part of the campaign across a wide variety of industries and enterprises. Administrators are targeted for several reasons.“For starters, Office 365 admins have administrative control over all email accounts on a domai
  • Booter Boss Banged Up for 13 Months

    Booter Boss Banged Up for 13 Months An Illinois man has been sentenced to 13 months behind bars after participating in a DDoS-for-hire scheme which made him over half a million dollars.Sergiy P. Usatyuk, 21, of Orlando Park, was charged with one count of conspiracy to cause damage to internet-connected computers. He’s said to have owned and managed illegal booter services which were used to launch DDoS attacks on millions of victims in the US and abroad.As part of the verdict, Usatyuk has
  • Gamers Exposed After Wizards of the Coast Data Leak

    Gamers Exposed After Wizards of the Coast Data LeakA US gaming company has admitted accidentally leaking the personal data of countless customers via a cloud storage bucket.Hasbro-owned Wizards of the Coast specializes in fantasy and science fiction games such as card trading title Magic: The Gathering.However, it was forced late last week to email an unspecified number of Magic Online and MTG Arena users informing them of the privacy snafu. It’s unclear how many were affected but MTG Aren
  • Killer drones: how many are there and who do they kill?

    From lightweight surveillance devices to heavily armed attack weapons, pilotless drones are rapidly becoming a favoured tool of warfare. But are they accurate? Ethical? Here to stay?Drones – remotely piloted craft – first appeared in the 1990s when they were used for military surveillance by the US. Familiar advances in miniaturisation and cost mean they are now used for all kinds of purposes – for recreation, filming, monitoring conservation or to deliver vital medicines in re
  • Holiday Shopping on Company Devices a Worry for Executives

    Holiday Shopping on Company Devices a Worry for ExecutivesNew research published today by Zix-AppRiver has revealed that 61% of US executives feel powerless to stop employees holiday shopping on company devices, despite knowing that the practice poses a cybersecurity threat to the business.Researchers asked 1,049 cybersecurity decision-makers within American SMBs across a diverse range of industry sectors about the holiday shopping habits of their employees. According to
  • Ransomware: Still Going Strong 30 Years On

    Ransomware: Still Going Strong 30 Years OnNext month marks the 30th anniversary of the first ever ransomware attack, and according to new research this particular form of malware is still going strong. According to the "Mid-Year Threat Landscape Report" published yesterday by Bitdefender, ransomware increased 74.23% year on year in the first six months of 2019. Researchers noted a change in the ransomware landscape following the fall of GandCrab earlier th
  • Japan's Largest Messaging App Launches Bug Bounty Hunt

    Japan's Largest Messaging App Launches Bug Bounty HuntEthical hackers from around the world have been invited to discover and fix vulnerabilities in Japan's largest messaging app. LINE Corporation today launched a public bug bounty program (BBP), offering hackers financial rewards for identifying glitches throughout LINE's web domains and core messenger application.The program will run through HackerOne, which LINE has been using since July 2019 to run a private bug hunt in tandem
  • LA Warns Travelers of Juice Jacking Scams

    LA Warns Travelers of Juice Jacking ScamsTravelers in Los Angeles have been urged by officials not to use public USB charging points for fear they might infect their devices with malware.LA County district attorney, Jackie Lacey, posted an official fraud alert warning of USB charging scams, also known as “juice jacking.”“Travelers should avoid using public USB power charging stations in airports, hotels and other locations because they may contain dangerous malware,” it r
  • Alleged Crypto-Stealing SIM Swap Duo Charged

    Alleged Crypto-Stealing SIM Swap Duo ChargedTwo men have been arrested and charged in connection with a major SIM swap campaign designed to steal cryptocurrency and hijack high-value social media accounts.Eric Meiggs, 21, of Brockton, Massachusetts, and Declan Harrington, 20, of Rockport, Massachusetts, face an 11-count indictment, charging them with one count of conspiracy, eight counts of wire fraud, one count of computer fraud and abuse, and one count of aggravated identity theft.After using
  • UK Government Brexit App Riddled with Security Issues

    UK Government Brexit App Riddled with Security IssuesA Home Office app intended for EU citizens to apply for UK residency lacks basic security, potentially exposing the passport and biometric information of over one million users, according to experts.Norwegian security firm Promon tested the EU Exit: ID Document Check application against common attack tools and tactics, and found it came up short in a number of areas.First, it found the Android app lacks functionality to prevent malware reading
  • Capture the Flag Competition Aims to Trace Missing Persons

    Capture the Flag Competition Aims to Trace Missing PersonsCyber professionals will compete to find leads in real missing persons cases in a competition in Washington, DC, next month. SANS Institute has teamed up with non-profit organization Trace Labs to host the Open-Source Intelligence (OSINT) Missing Persons Capture the Flag (CTF) in partnership with local, state, and federal law enforcement agencies.Participants, working in teams of up to four people, will gather fresh intelli
  • Boom in Lookalike Retail Domains

    Boom in Lookalike Retail Domains New research into domains registered with a trusted TLS certificate has found lookalike domains outnumber legitimate retails sites by more than 2:1.In a study conducted by researchers at Venafi, suspicious domains targeting 20 major retailers in the US, UK, France, Germany, and Australia were analyzed. Researchers found over 100,000 lookalike domains that use valid TLS certificates to appear safe and trustworthy. Threat actors use fake domains
  • Apple Employee Texts Himself Customer's Nude

    Apple Employee Texts Himself Customer's NudeA California woman has issued a warning on Facebook after discovering that an Apple store employee texted himself an intimate photo from her phone. Gloria Fuentes took her phone into the Valley Plaza Apple store in Bakersfield, California, on November 4 to get the screen repaired.Before handing her phone over to a man on the tech team, Fuentes had taken the precaution of removing social media apps and financial information from the devic
  • Shamoon-Slingers APT33 in Secret New Operations

    Shamoon-Slingers APT33 in Secret New Operations Security researchers are warning oil and aviation industry organizations to be on their guard after spotting a notorious Iranian APT group using private VPNs to keep its activity hidden.APT33 has been linked to the infamous Shamoon destructive malware which knocked out tens of thousands of PCs at Saudi Aramco in 2012 and has been deployed across Europe and the Middle East since.Now Trend Micro has observed the group using a dozen command and contro
  • Healthcare Malware Infections Soar 60% from 2018

    Healthcare Malware Infections Soar 60% from 2018Cyber-criminals are increasingly focusing data stealing and ransomware attacks on healthcare organizations (HCOs), with detected infections increasing by 60% from 2018 to the first three quarters of this year, according to Malwarebytes.The security vendor’s Cybercrime tactics and techniques: the 2019 state of healthcare report makes for concerning reading for IT security professionals in the sector.It claimed that hackers are attracted by the
  • Alleged $20M Carding Forum Mastermind Faces US Charges

    Alleged $20M Carding Forum Mastermind Faces US ChargesA Russian national is facing charges of running a $20m carding forum after being extradited from Israel to the US.Aleksei Burkov, 29, arrived at Dulles International Airport on Monday after being arrested initially at Ben-Gurion airport in December 2015, and failing in his appeal attempts over subsequent years to avoid being shipped to the States.According to an unsealed indictment, he is alleged to have run the Cardplanet site which sol
  • Multi-Party Cyber-Incidents Cost 13x More Than Single-Party Incidents

    Multi-Party Cyber-Incidents Cost 13x More Than Single-Party Incidents A new study has found that the financial losses caused by cyber-incidents affecting multiple parties are vastly more devastating than those that stem from any single-party incident. According to the Ripples Across the Risk Surface study, published today by Cyentia Institute, when compared to losses triggered by a single-party incident, the ripple effect costs that occur following multi-party incidents resul
  • IRS to Mount Epic Cyber-Safety Campaign

    IRS to Mount Epic Cyber-Safety Campaign America's Internal Revenue Service is to launch a large-scale cyber-safety campaign to coincide with the busiest shopping period of the year.According to the website Accountingtoday.com, the campaign by the IRS will begin on the Monday after Thanksgiving, commonly known to bargain hunters as Cyber Monday. "The campaign will emphasize to practitioners and taxpayers the potential dangers they face during the holiday shopping season and the filing season
  • Facebook Bug Turns on iPhone Cameras

    Facebook Bug Turns on iPhone Cameras Users of the Facebook app have complained after discovering a bug that causes their iPhone cameras to activate in the background when they use the app. Multiple people have taken to Twitter to report that using the Facebook app on their iPhone has caused the device's rear camera to switch on and run in the background.Eagle-eyed users noted that the problem seemed to occur as they looked at photos and watched videos that appeared on their newsfeed.It
  • Airbus Launches Human-Centric Cybersecurity Accelerator

    Airbus Launches Human-Centric Cybersecurity AcceleratorAirbus has announced the launch of a human-centric cybersecurity accelerator program. It will feature a dedicated team of human factor and cognitive psychology experts that will work in collaboration with the UK’s National Cyber Security Centre (NCSC) and a range of other partners to gain crucial insights into human-centric approaches for improving cybersecurity effectiveness. The Accelerator will offer placements for qualify
  • Mexican Petrol Giant Pemex Hit by Ransomware

    Mexican Petrol Giant Pemex Hit by RansomwareMexico’s state-owned petroleum giant Petróleos Mexicanos (Pemex) is insisting all operations are running normally after a suspected ransomware attack, despite reports to the contrary.The firm claimed that operation and production systems remain unaffected and supply of fuel remains guaranteed. However, it admitted that an attack on Sunday did affect around 5% of its personal computers.Reports, though, suggest the firm has been harder hit,
  • US Border Officers Humbled by Fourth Amendment Ruling

    US Border Officers Humbled by Fourth Amendment RulingPrivacy groups are celebrating after a federal court ruled that suspicion-free searches of travellers’ electronic devices at the US border are unconstitutional.The original lawsuit was filed by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF) and ACLU of Massachusetts, on behalf of 11 travellers whose smartphones and laptops were searched without suspicion on entry to the US.According to the Boston court&rs
  • Microsoft Patches IE Zero-Day Bug

    Microsoft Patches IE Zero-Day BugMicrosoft released fixes for 75 vulnerabilities during this month’s patch update round, including one zero-day flaw in Internet Explorer.The bug in question, CVE-2019-1429, exists in the way the scripting engine handles objects in memory in the browser, corrupting memory so an attacker can execute arbitrary code, according to Microsoft.“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the
  • Orvis Passwords Leaked Twice on Pastebin

    Orvis Passwords Leaked Twice on PastebinInternal passwords belonging to American retailer Orvis were twice leaked online in a double data breach. Credentials belonging to the luxury fishing equipment purveyor were posted on the website Pastebin.com last month, according to investigative reporter Brian Krebs. A swathe of plaintext usernames and passwords relating to everything from firewalls and routers to database servers and even administrator accounts was exposed for s
  • PortSwigger Launches Web Security Academy

    PortSwigger Launches Web Security AcademyPortSwigger has launched a free interactive training platform in an attempt to address the global shortage of cybersecurity talent. The makers of Burp Suite cut the ribbon on the new Web Security Academy last month following a soft launch of the platform in April 2019, which a PortSwigger spokesperson said had garnered "overwhelmingly positive user feedback."The Web Security Academy features a vast amount of high-quality reading materi
  • Aqua Security Acquires CloudSploit

    Aqua Security Acquires CloudSploit CloudSploit has been acquired by Aqua Security for an undisclosed sum.Aqua Security, the leading platform provider for securing container-based, serverless, and cloud native applications, announced the acquisition of security auditing and monitoring tool CloudSploit today. The American company said the addition of CloudSploit will enable them to expand into cloud security posture management (CSPM) and give their customers the option of continuous secu
  • Microsoft to Extend California Privacy Law US-Wide

    Microsoft to Extend California Privacy Law US-WideMicrosoft has announced plans to extend the privacy provisions provided in a landmark new Californian state law to users across the US.The California Consumer Privacy Act (CCPA) comes into effect on January 1, 2020. It’s set to offer more GDPR-like protections and rights to the Golden State’s citizens, such as the ability to find out what personal information of theirs companies are collecting and to prevent it from being sold to thir
  • UK Labour Party Hit By "Sophisticated" and "Large-Scale" Cyber-Attack

    UK Labour Party Hit By "Sophisticated" and "Large-Scale" Cyber-AttackThe UK Labour Party has stated that it has been hit by a “sophisticated and large-scale cyber-attack” on its digital platforms.As report by Sky News, a party spokesperson said that the attack failed to breach any data because of the party’s robust security systems.“Security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed,&
  • Just a Third of Global Firms Are PCI DSS Compliant

    Just a Third of Global Firms Are PCI DSS CompliantThe number of global organizations fully compliant with PCI DSS regulations has fallen for the second year in a row to just under 37%, according to a new report from Verizon.The firm’s annual Payment Security Report (PSR) has tracked compliance levels for several years. This year’s was compiled from 302 PCI DSS engagements by Verizon Qualified Security Assessors (QSAs) with a range of organizations, including Fortune 500 and large mul
  • Most Security Pros Still Don’t Get Shared Responsibility: Report

    Most Security Pros Still Don’t Get Shared Responsibility: ReportSome 60% of global security professionals misunderstand the concept of “shared responsibility” in the cloud, potentially putting their organizations at risk, according to Centrify.The identity and access management (IAM) vendor polled 700 cybersecurity pros to compile its new report, Reducing Risk in Cloud Migrations: Controlling Privileged Access to Hybrid and Multi-Cloud Environments.It found that nearly two-thir
  • Two New Carding Bots Threaten E-Commerce Sites

    Two New Carding Bots Threaten E-Commerce Sites Two new carding bots that pose a threat to e-commerce platforms have been detected at the start of the busiest shopping period of the year. The discovery was made by an eagle-eyed PerimeterX research team, which launched an investigation after the number of cyber-attacks against their own checkout pages surged.One of the new carding bots, named the canary bot, specifically exploits top e-commerce platforms. The other bot, dubbed the s
  • Report Reveals Businesses Aren't Ready for 5G

    Report Reveals Businesses Aren't Ready for 5GA new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration. The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to automate security. A degree of ret
  • Texas Health Agency Fined $1.6m for Data Breach

    Texas Health Agency Fined $1.6m for Data Breach A fine of $1.6m has been meted out to the Texas Health and Human Services Commission for unintentionally exposing the personal health information of thousands of vulnerable people online.The Texan commission inadvertently made the names, addresses, Social Security numbers, and treatment information of 6,617 people visible on the internet between 2013 and 2017. The breach occurred when an internal application was moved to a public server f
  • Vulnerability Values Fluctuate Between White, Grey and Black Hats

    Vulnerability Values Fluctuate Between White, Grey and Black HatsA black hat selling vulnerabilities can make as much money as a white hat researcher using bug bounty programs, or a grey hat working for a nation state doing reverse engineering. Speaking at a Tenable conference in London last week, director of research Oliver Rochford said that to have people do vulnerability research is expensive, and all of the white, black and grey markets are symbiotic, as despite the difference between
  • Surveillance Fears as Russia Proposes New App Law

    Surveillance Fears as Russia Proposes New App LawThe Russian parliament is pushing through proposed legislation that would force PCs and mobile devices to be sold with pre-installed domestic applications, raising security concerns.The bill is being touted by lawmakers as protecting the local technology market from foreign, presumably US, competition.“The initiative provides domestic companies with legal mechanisms to promote their programs for Russian users,” the Duma said.However, t

Follow @Security_UKnws on Twitter!