• French Teens on Trial for Cyber-bullying

    French Teens on Trial for Cyber-bullyingFrance is trying more than a dozen teenagers in a new court set up in January specifically to hear cases concerning alleged online abuse and discrimination.If convicted in the landmark two-day trial, the thirteen young people could be given suspended prison sentences of up to three years. The defendants are from a range of social and religious backgrounds. Charges levied against them include online harassment, making online death threats, an
  • NIST Publishes Ransomware Guidance

    NIST Publishes Ransomware Guidance The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks. The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. NIST's Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and
  • SEC Probes SolarWinds Breach Disclosure Failures

    SEC Probes SolarWinds Breach Disclosure FailuresThe United States Securities and Exchange Commission (SEC) has launched a probe to determine whether some companies failed to disclose that they had been impacted by the 2020 hacking attack that compromised the SolarWinds Orion software supply chain.The assault on SolarWinds was discovered and disclosed by researchers at FireEye in December. The advanced persistent threat (APT) group behind the attack was able to compromise nine
  • PM does not have to investigate Russian interference, judge says

    PM does not have to investigate Russian interference, judge says
    High court rejects attempt to compel Boris Johnson to investigate Kremlin interference in UK electionsA judge has rejected an attempt by a group of MPs and peers to compel Boris Johnson to investigate Russian interference in UK elections, saying their concerns were a “matter for politics rather than the law”.The judge, Mr Justice Swift, said he saw “no distinction” between a controversial talkshow host – or a “shock-jock”, as he put it – and career
  • Advertisement

  • US could slow pullout from Afghanistan: Pentagon

    US could slow pullout from Afghanistan: Pentagon
    DefenceTalkThe US military could slow down its withdrawal from Afghanistan due to the gains made by the Taliban insurgents, Pentagon spokesman John Kirby said Monday. Kirby stressed that President...
  • Myanmar troops kill four in gun battle with anti-junta militia

    Myanmar troops kill four in gun battle with anti-junta militia
    DefenceTalkMyanmar soldiers battled an anti-junta civilian militia with small arms and grenades in the country’s second city on Tuesday, with four protesters killed and several members of the...
  • Iran’s Raisi calls for effective nuclear talks, rules out Biden meet

    Iran’s Raisi calls for effective nuclear talks, rules out Biden meet
    DefenceTalkIran’s President-elect Ebrahim Raisi said on Monday he will not allow nuclear negotiations for the sake of negotiations, in his first news conference since winning election last...
  • Israel says used ‘airborne laser’ to down drones

    Israel says used ‘airborne laser’ to down drones
    DefenceTalkIsrael has used an airborne laser to shoot down drones in a series of tests, officials said Monday, calling it a “milestone” to update its already powerful defence systems....
  • Advertisement

  • New Tool Launched to Remove Nude Images of Children Online

    New Tool Launched to Remove Nude Images of Children OnlineA new online tool has been launched to help young people remove nude images of themselves that have been shared online.The Report Remove tool, developed by Childline and the Internet Watch Foundation (IWF), enables any person under the age of 18 to report any nude image or video of them that has appeared on the internet. The IWF will assess the content, which will work to remove it if it is found to have broken the law. To do so, a digita
  • Fifth of Google Play Apps Violate Child Protection Law

    Fifth of Google Play Apps Violate Child Protection LawOne in five apps on Google Play designed for children appear to be breaking federal law, according to new research from Comparitech.The consumer rights and comparison site analyzed the top 300 free and top 200 paid apps on the marketplace under the children and family categories and reviewed each listed privacy policy.It found that one in five contravened the Children's Online Privacy Protection Act (COPPA), legislation which places a strict
  • Ransomware Payments Could Be Tax Deductible - Report

    Ransomware Payments Could Be Tax Deductible - ReportUS organizations that choose to pay a ransom to their online extorters may be eligible to claim the money back from the Internal Revenue Service (IRS), it has emerged.A report from The Associated Press over the weekend cited tax lawyers and accountants who claimed the little-known clause could be a “silver lining” for ransomware victims.However, the deduction could also be seen as a further corporate incentive to pay up, encouraging
  • Three-Quarters of SMBs Can't Repel Cyber-Attacks

    Three-Quarters of SMBs Can't Repel Cyber-AttacksMillions of the UK’s small businesses aren’t confident they can withstand a cyber-attack, with resources frequently diverted to other areas, according to new research from Arctic Wolf.The security operations vendor polled over 500 decision-makers in the UK working at firms with fewer than 250 employees to better understand their cyber challenges.It found that three-quarters (73%) believe their organization lacks the in-house expertise a
  • California Cops Launch ALPR Transparency Portal

    California Cops Launch ALPR Transparency PortalPolice in California are sharing information on their usage of Automated License Plate Recognition (ALPR) technology in a unique stab at transparency. The Piedmont Police Department (PPD) in Alameda County is the first to launch a public ALPR Transparency Portal that reveals information on their technology policies, practices, and usage to the public.Via the Portal, the department can communicate directly with the communities it serves. Ci
  • Ohio Medicaid Provider Suffers Data Breach

    Ohio Medicaid Provider Suffers Data BreachA security incident at an Ohio Medicaid provider last month may have resulted in the theft of personal data.On Monday, the Ohio Department of Medicaid warned that an unknown party had accessed data in the care of Maximus for two days in May without authorization. Maximus was hired by the department to carry out data management. The company employs about 30,000 workers worldwide, with approximately 10,000 of those employees workin
  • Finger Scanning Costs Six Flags $36m

    Finger Scanning Costs Six Flags $36mTheme park operator Six Flags Great America has agreed to pay $36m to settle a class-action lawsuit concerning the gathering and collection of its customers' biometric data.Filed in Lake County, Illinois, the lawsuit alleges that the use of finger-scanning equipment used at Six Flags entry gates violated the Prairie State's Biometric Privacy Act.The act regulates how companies collect and use an individual's retina or ir
  • UK Parliamentary Staffers Lost 96 Devices in Past Two Years

    UK Parliamentary Staffers Lost 96 Devices in Past Two YearsClose to 100 electronic devices have been lost by Parliamentary staffers in the UK during the last two years, raising fears that sensitive public data has fallen into the hands of malicious actors.The official data obtained by Parliament Street think tank under Freedom of Information (FOI) legislation revealed that a total of 96 laptops, tablet computers and other electronic gadgets were reported missing by Parliamentary s
  • Amazon Prime Day - Beware of Phishing Deluge, Experts Warn

    Amazon Prime Day - Beware of Phishing Deluge, Experts WarnSecurity experts have warned online shoppers to beware of scam emails and texts over the next couple of days as the Amazon Prime Day e-commerce bonanza gets underway.The 48-hour sales event for Prime subscribers is said to be an even bigger money-maker for Amazon than Black Friday and Cyber Monday combined.However, where there is money and consumers, cyber-criminals are usually not far away, warned Charles Brook, a threat intelligence res
  • Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach

    Over 30,000 Fertility Clinic Patients Hit by Ransomware Data BreachTens of thousands of patients at a US fertility clinic have had sensitive personal and medical information stolen in a ransomware attack.Reproductive Biology Associates (RBA) was the first organization of its kind to offer IVF in the US state of Georgia and is the founding partner of the nationwide fertility clinic network My Egg Bank.In a new breach notification, RBA claimed to have first become aware of a cyber-incident on Apri
  • Nuclear Research Institute Breached by Suspected North Korean Hackers

    Nuclear Research Institute Breached by Suspected North Korean HackersA South Korean nuclear power research organization has admitted it’s currently investigating a security breach after reports suggested its neighbor to the north may be responsible.  Lawmaker Ha Tae-keung, who sits on the parliamentary intelligence committee, cited third-party research attributing the May 14 attack to Pyeongyang-backed APT group Kimsuky.One of 13 IP addresses used to attack the Korea Atomic Energy Res
  • Texan Admits Data Center Bomb Plot

    Texan Admits Data Center Bomb PlotA man from Texas could be facing up to 20 years in prison after pleading guilty to plotting to blow up a data center in Virginia.Seth Aaron Pendley, of Wichita Falls, was arrested in April after trying to purchase what he believed to be an explosive device from an undercover FBI employee in Fort Worth.The 28-year-old admitted that he had planned to use the device to destroy servers in an Amazon-owned data center located on Smith Switch Road in Ashburn,
  • New Jersey Councilor Charged with Cyber-harassment

    New Jersey Councilor Charged with Cyber-harassmentA councilor from New Jersey has been arrested and charged with waging a campaign of cyber-harassment against a former girlfriend. Detectives from the Cape May County Prosecutor's Office, with the assistance of detectives from the Middle Township Police Department, launched an investigation into the activities of 43-year-old realtor and Cape May councilman Christopher Bezaire in May 2021 after allegations of cyber-abuse were made.&n
  • Colorado Passes New Privacy Act

    Colorado Passes New Privacy Act The Centennial State has unanimously passed a new data privacy act to safeguard Coloradoans' personal information.On June 8, the state Senate approved the Colorado Privacy Act after a series of revisions were made. The Act is due to take effect on July 1, 2023, and now awaits the signature of state governor Jared Polis. Should the Act become law, Colorado will follow California and Virginia by enacting comprehensive privacy legislatio
  • Google Spices Up Supply China Security with SLSA Framework

    Google Spices Up Supply China Security with SLSA Framework Google has proposed a new framework to mitigate the growing risks posed by attacks on the software supply chain.The Supply Chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is designed to ensure the integrity of software artifacts across the entire supply chain.It’s based on Google’s own Binary Authorization for Borg framework, which the tech giant has been using as standard for all its productio
  • Google Spices Up Supply Chain Security with SLSA Framework

    Google Spices Up Supply Chain Security with SLSA Framework Google has proposed a new framework to mitigate the growing risks posed by attacks on the software supply chain.The Supply Chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is designed to ensure the integrity of software artifacts across the entire supply chain.It’s based on Google’s own Binary Authorization for Borg framework, which the tech giant has been using as standard for all its productio
  • Infosecurity Europe 2021 Postpones Live Event

    Infosecurity Europe 2021 Postpones Live Event Infosecurity Europe has announced that it is postponing the live event due to run at London Olympia in July, following the government’s delay in lifting the final COVID-19 restrictions.Infosecurity Europe will instead deliver a virtual exhibition and conference from 13-15 July 2021, the original dates of the event. The in-person event will now be held in 2022.The plan, before government restriction lifting was delayed, was to combine both
  • Novel Phishing Attack Abuses Google Drive and Docs

    Novel Phishing Attack Abuses Google Drive and Docs Enterprising cyber-criminals have found a way to create convincing phishing emails which abuse Google Docs and Drive functionality to bypass security filters, according to Avanan.Researchers at the email security vendor claimed this is the first time such techniques have been used to piggyback on a popular service like Google’s.The email that victims receive contains what appears to be a legitimate Google Docs link, Avanan explained i
  • Carnival Confirms Another Breach Impacting Staff and Passengers

    Carnival Confirms Another Breach Impacting Staff and PassengersOne of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew.Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line.According to a data breach notification letter sent to customers and seen by Infosecurity, the firm detected unauthorized third-party acc
  • A Billion CVS Records Exposed

    A Billion CVS Records ExposedMore than a billion records were exposed after a misconfiguration error left a CVS Health cloud database without password protection.The 240GB of unsecured data was discovered by WebsitePlanet and security researcher Jeremiah Fowler in a cooperative investigation. Because of the security oversight by CVS Health, which owns CVS Pharmacy and Aetna, a total of 1,148,327,940 records were exposed.Information that was left publicly accessible
  • Australia Suffers Widespread Internet Outage

    Australia Suffers Widespread Internet OutageAustralians' lives were disrupted on Thursday by a widespread internet outage that impacted the country's mail service and multiple businesses, including banks and airlines.The outage began in the early hours and was caused by a problem at Akamai Technologies, a global content delivery network (CDN) and cybersecurity and cloud service provider. Akamai, which is based in Cambridge, Massachusetts, has acknowledged the issue, but has not ye
  • Hackers Can Spy on Peloton Workouts

    Hackers Can Spy on Peloton WorkoutsPeloton bike users could be spied on while working out, according to new research by McAfee's Advanced Threat Research team.The team discovered a vulnerability (CVE-2021-3387) in the touchscreen of the $2,495 Bike+ that allows it to be controlled remotely by a threat actor without any interference to the equipment's operating system.Hackers could exploit the flaw to install malicious apps that spoof Netflix or Spotify to steal personal details an
  • Manchester Arena bomber should have been identified as threat, inquiry finds

    Manchester Arena bomber should have been identified as threat, inquiry finds
    Report into May 2017 tragedy says there were missed opportunities to prevent or minimise ‘devastating impact’ of Salman Abedi’s attack The Manchester Arena suicide bomber Salman Abedi should have been identified as a security threat on the night of the attack, a public inquiry has found.Sir John Saunders, chair of the inquiry, found there were “serious shortcomings” and a number of missed opportunities by those in charge of security to prevent the May 2017 attack. S
  • LORCA Announces New Intensive Program for Most Promising Cyber Startups

    LORCA Announces New Intensive Program for Most Promising Cyber StartupsThe London Office for Rapid Cybersecurity Advancement (LORCA) has launched a new initiative designed to propel the growth of UK cyber startups.LORCA Ignite will see six of the most successful companies that have graduated from the LORCA accelerator program during the past three years participate in a new, intensive program, which will help them achieve rapid scale and commercial growth.LORCA is a government-backed initia
  • Manchester Arena attacker should have been identified as threat, inquiry finds

    Manchester Arena attacker should have been identified as threat, inquiry finds
    Report into May 2017 attack in which 22 people were murdered says security staff should have realised Salman Abedi was a threat
    The Manchester Arena suicide bomber, Salman Abedi, should have been identified as a threat on the night of the attack by those in charge of security, a public inquiry into the May 2017 attack has found.More details soon… Continue reading...
  • Puzzling New Malware Blocks Access to Piracy Sites

    Puzzling New Malware Blocks Access to Piracy SitesResearchers have admitted they’re baffled by a new piece of malware primarily designed to prevent victims from visiting software piracy sites.Sophos principal researcher, Andrew Brandt, branded the discovery “one of the strangest cases I’ve seen in a while.”It’s hidden in pirated copies of various software, including security products, and distributed on game chat service Discord and through Bittorent.
  • 60% of Businesses Would Consider Paying a Ransomware Demand

    60% of Businesses Would Consider Paying a Ransomware DemandThree in five (60%) organizations would consider paying an extortion demand in the event of a ransomware attack, according to a new study by the Neustar International Security Council (NISC).The research also revealed that one in five businesses would be prepared to spend 20% or more of their annual revenue to restore their systems in these situations.The findings have come amid a surge in high-profile ransomware incidents in recent
  • Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers

    Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers Hundreds of thousands of retail customers had their personal data exposed thanks to a misconfigured cloud storage account, Infosecurity has learned.A research team at reviews site WizCase traced the leaky Amazon S3 bucket to popular Turkish beauty products firm Cosmolog Kozmetik.The 20GB trove contained around 9500 files, including thousands of Excel files which exposed the personal information of 567,
  • US Warns Russia of Cyber-Attack No-Go List

    US Warns Russia of Cyber-Attack No-Go List President Biden and his team have warned the Putin administration of 16 critical infrastructure entities that are off-limits for threat actors operating from Russia.The news came as the two leaders sat down in Geneva for a summit which Biden said was designed to ensure a “stable and predictable” relationship between countries following the turmoil of the Trump years.After an audacious attack on Colonial Pipeline, which disrupted fuel su
  • US Convicts Russian Malware-masker

    US Convicts Russian Malware-maskerThe United States has convicted a Russian cyber-criminal of running a malware-masking service that helped hackers systematically infect victim computers around the world with malware, including ransomware.On Tuesday, a federal jury in Connecticut found 41-year-old native Estonian Oleg Koshkin guilty of operating a crypting business via multiple websites, including “Crypt4U.com,” and “fud.bz.”On the websites, Koshkin and his co-c
  • Deloitte Acquires Terbium Labs

    Deloitte Acquires Terbium LabsAll of the assets of Terbium Labs have been acquired by multinational professional services network Deloitte Touche Tohmatsu Limited (Deloitte).The acquisition of the Baltimore-based digital risk protection company was announced by Deloitte on June 15. Terbium Labs was found in 2013 to help organizations detect and remediate data exposure, theft, or misuse across the digital landscape. In 2019, the company announced a $2m investment&nbs
  • IAB Tech Lab Accused of “World’s Largest Data Breach”

    IAB Tech Lab Accused of “World’s Largest Data Breach”The IAB Technology Laboratory (IAB Tech Lab), which develops ad-industry standards, is being sued by the Irish Council for Civil Liberties (ICCL) for allegedly being responsible for "the world's largest data breach."A non-profit digital media consortium established in 2014 and based in New York, the IAB Tech Lab's 650-member community includes Facebook, Google and Amazon.In a lawsuit filed by ICCL senior fellow Johnny Ryan on
  • Members of Clop Ransomware Gang Arrested in Ukraine

    Members of Clop Ransomware Gang Arrested in UkraineMembers of the notorious FIN11 (Clop) ransomware gang have been arrested today by the Ukrainian police in conjunction with Interpol and law enforcement from the US and South Korea.In a statement published today, the Ukrainian police revealed it has arrested six people alleged to be part of the financial cybercrime gang FIN11, which is believed to be behind many high-profile cyber-attacks. These include the attacks exploiting vulne
  • NHS Test and Trace Bolsters its Cybersecurity

    NHS Test and Trace Bolsters its CybersecurityNHS Test and Trace has announced that an early-stage UK company will be in charge of managing its supply chain cybersecurity risks.Risk Ledger, which was part of the fourth cohort of the government-backed London Office for Rapid Cybersecurity Advancement (LORCA) program to promote cyber scaleups, will allow NHS Test and Trace to utilize its ‘social network’ platform. The platform will enable organizations to connect and share ris
  • Football Fever Puts Password Security at Risk

    Football Fever Puts Password Security at RiskSecurity experts have urged users to think more carefully about their password choice after spotting as many as one million based on simple football-related words.Authentication firm Authlogics manages a Password Breach Database — a collection of previous stolen or cracked credentials which that allows it to spot trends and offer industry advice.It claimed that of the one billion passwords in the trove, over 1.1 million are linked to the be
  • Most Ransomware Victims Are Hit Again After Paying

    Most Ransomware Victims Are Hit Again After Paying Some 80% of global organizations that have paid a ransom demand experienced another attack, often at the hands of the same threat actors, according to a new study from Cybereason.The security vendor polled 1,263 cybersecurity professionals in multiple verticals across the US, UK, Spain, Germany, France, the United Arab Emirates, and Singapore to compile its latest report, Ransomware: The True Cost to Business.It confirmed what law enforcers
  • IoT Supply Chain Bug Hits Millions of Cameras

    IoT Supply Chain Bug Hits Millions of CamerasSecurity experts have warned of a critical IoT supply chain vulnerability that may affect millions of connected cameras globally, allowing attackers to hijack video streams.Nozomi Networks revealed the flaw in a popular software component from ThroughTek, which OEMs use to manufacture IP cameras, baby and pet monitoring cameras, and robotic and battery devices.The bug itself is found in a P2P SDK produced by the firm. In this case, P2P refers to funct
  • “Homeless Hacker” Arrested

    “Homeless Hacker” Arrested Author and activist Christopher Doyon has been arrested in Mexico in connection with a cyber-attack on the Santa Cruz County government's website carried out more than a decade ago.Doyon, who calls himself Commander X online, wrote and published the book Behind the Mask about his time as a member of hacking group Anonymous. On social media, the 56-year-old is also known as the Homeless Hacker.A former resident of Mountain View, California, Doyon w
  • Marketplace Selling Stolen Credentials Is Dismantled

    Marketplace Selling Stolen Credentials Is Dismantled An online marketplace offering millions of allegedly stolen online account login credentials for sale has been taken down in a coordinated international operation.Law enforcement agencies in Germany, the Netherlands, Romania, and the United States worked together to disrupt and dismantle the infrastructure of the store named Slilpp.According to a seizure warrant affidavit unsealed on June 10, the Slilpp marketplace pedaled stolen log
  • IKEA Fined $1.2m for Spying on Employees

    IKEA Fined $1.2m for Spying on EmployeesSwedish furnishing conglomerate IKEA has been fined €1m ($1.2m) for illegally spying on its employees in France and storing their data.The fine was ordered by a French court on Tuesday after a criminal probe launched in 2012 found that IKEA France had created an elaborate "spying system" to snoop on staff and on customers who had opened disputes.IKEA, which has 29 stores in France, was found guilty of "receiving personal
  • NATO Warns it Will Consider a Military Response to Cyber-Attacks

    NATO Warns it Will Consider a Military Response to Cyber-Attacks NATO has warned it is prepared to treat cyber-attacks in the same way as an armed attack against any of its allies and issue a military response against the perpetrators.In a communique issued by governments attending the meeting of the North Atlantic Council in Brussels yesterday, the military alliance revealed it had endorsed a Comprehensive Cyber Defence Policy, in which a decision will be taken to invoke Article 5 “on a c
  • Fake Online Reviews Linked to $152 Billion in Global Purchases

    Fake Online Reviews Linked to $152 Billion in Global PurchasesFake online reviews are responsible for an estimated $152 billion in purchases, according to a new study based on data shared by major e-commerce sites.Customer acquisition security vendor CHEQ teamed up with the University of Baltimore to produce its Fake Online Reviews 2021 report — part of what it claims to be the “first-ever in-depth economic analysis of the full scale of internet harm.”The report’s headlin

Follow @Security_UKnws on Twitter!