About the Review

Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is a publication designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.

Latest news 

Swiss Vote to Give Their Government More Spying Powers
September 25, 2016
On Sunday, Swiss voters decided with a 66.5 percent majority to give their own government more spying powers over their daily lives.

Over 850,000 Devices Affected by Unpatched Cisco Zero-Day
September 25, 2016
A scan of Cisco networking devices from around the world has revealed that hundreds of thousands of devices are vulnerable to an unpatched security issue that allows attackers to retrieve data from the equipment’s memory.

Hacker Gets 10 Years in Prison for Using Malware to Steal Data from US Companies
September 25, 2016
A Romanian hacker received a ten-year prison sentence last week after he previously pleaded guilty to hacking several US companies and stealing data from their networks.

German Military Hacked Afghan Mobile Operator to Discover Hostage’s Whereabouts
September 24, 2016
A special cyber unit of the Bundeswehr carried out Germany’s first ever offensive cyber-operation by hacking into the network of an Afghan mobile operator to track the location of a group of kidnappers that had taken hostage a young German woman.

Yahoo Hit by First Lawsuit One Day After Announcing Huge Data Breach
September 24, 2016
It took one day for ambulance chasers to file lawsuits against Yahoo over its recently announced data breach that exposed the personal details of over 500 million of its users.

UK government partners with tech startups on cyber security
September 23, 2016
The UK government has announced a “ground-breaking” partnership with tech startups to develop cutting-edge, world-leading cyber security technology

Yahoo admits 500 million users had data stolen in 2014 attack
September 23, 2016
Data from at least 500 million Yahoo users was “stolen” during an attack in 2014, the internet company has said.

Critical DoS Flaw found in OpenSSL — How It Works
September 23, 2016
The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.

FAA Advisory Body Recommends Cybersecurity Measures
September 22, 2016
Manufacturers, carriers, maintenance facilities and even airports may eventually need to include cybersecurity factors in routine activities

Leaked NSA Hacking Tools Were ‘Mistakenly’ Left By An Agent On A Remote Server
September 22, 2016
The leaked hacking tools, which enable hackers to exploit vulnerabilities in systems from big vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online by the group calling itself “The Shadow Brokers.”

Cyber attacks on satellites could spark global catastrophe, experts warn
September 22, 2016
The world is unprepared for how vulnerable it is to attack from the skies, argues a major new paper from Chatham House

iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours!
September 22, 2016
It has only been a few days since the launch of Apple’s brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken.

Cybersecurity is threatening America’s military supremacy
September 22, 2016
Targeted Chinese cyber attacks designed to impact America’s physical military systems in the South China Sea are the most substantial evidence that we may be on the brink of a more tangible cyber threat to American military power.

Cyber-Security researchers hack into Tesla Model S, company issues security patch
September 21, 2016
Tesla Motors Inc has rolled out a security patch for its electric cars after Chinese security researchers uncovered vulnerabilities they said allowed them to remotely attack a Tesla Model S sedan.

HKMA to add cyber security, anti-money laundering knowledge to bankers’ certification
September 19, 2016
Starting in December, new programmes will be added to the HKMA’s Enhanced Competency Framework (ECF) for local banker

Mitigating cyber security threats within the energy sector
September 19, 2016
As the energy sector seeks to improve its efficiency and reliability, infrastructure operators must be aware that the increased use of hyper connectivity, including Supervisory Control And Data Acquisition (SCADA) and Industrial Control System (ICS), can increase exposure to cyber-attacks across the energy value chain.

Zero-percent cybersecurity unemployment, 1 million jobs unfilled
September 19, 2016
The numbers haven’t changed much since then. There’s still roughly 1 million job openings in 2016 — which is expected to reach 1.5 million by 2019.

The Biggest Cybersecurity Threats Are Inside Your Company
September 19, 2016
When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology

Email Bomb Attack Hits 100+ Government Accounts
September 18, 2016
A massive email-based attack occurred over the weekend of August 13 and 14, which resulted in the flooding of 100+ email inboxes for various government accounts, and other smaller targets.

Nearly 800,000 FTP Servers Accessible Online Without Authentication
September 18, 2016
A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials.

Firefox Browser vulnerable to Man-in-the-Middle Attack
September 18, 2016
The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer.

Wall Street Software Firm Sued After Losing $6 Million in Email Scam
September 17, 2016
Tillage Commodities Fund, a US investment firm, is suing SS&C Technologies, a Wall Street technology firm, after the latter lost $6 million of the former’s money, forcing it to shut down operations temporarily

Fancy Bears Hackers Leak Another Batch of Useless WADA Files
September 15, 2016
Russian hackers using the name Fancy Bears and posing as an offshoot of the Anonymous hacker collective have released more files they stole from WADA servers this past summer.

Cyber security awareness growing within business sector, research shows
September 15, 2016
While awareness of cyber security risks is improving, fewer firms know how much an attack is likely to cost them

Sixth Linux DDoS Trojan Discovered in the Last 30 Days
September 14, 2016
Linux users have yet another trojan to worry about, and as always, crooks are deploying it mostly to hijack devices running Linux-based operating systems and use them to launch DDoS attacks at their behest.

Massive Data Breach Exposes 6.6 Million Plaintext Passwords from Ad Company
September 14, 2016
The data breach has exposed plaintext passwords, usernames, email addresses, and a large trove of other personal information of more than 6.6 Million ClixSense users.

Volkswagen sets up cyber security firm with ex-Israeli spy chief
September 14, 2016
Volkswagen is forming a company with the former head of Israel’s Shin Bet intelligence agency to develop cyber security systems for Internet-connected cars and self-driving vehicles

CYBER TRENDS conference – Prague, 20-21 October 2016
September 14, 2016
International conference CYBER TRENDS accompanying with CYBER WORKSHOPS, live demostration and simulation test areas aims to deepen close cooperation in European cyber security.

UK’s national cyber security unit working on automated defenses
September 13, 2016
Ciaran Martin warned that far too many unsophisticated cyber attacks are succeeding, going on to discuss the government’s new more pro-active cyber security strategy — including looking into large scale DNS filtering as a potential method to automate blocking malware at scale.

Directive Seeks to Coordinate Response to Oil, Gas Cyberattacks
September 13, 2016
The cybersecurity risks that oil and gas companies face continue to grow, according to the 2016 BDO “Oil & Gas Risk Factor” report.

Central Bank warns financial firms over cybersecurity risks
September 13, 2016
The Central Bank of Ireland has warned that regulated financial firms here are not implementing “sufficiently robust” IT systems and controls and must increase their resilience to technology failures to “minimise the potential impact on their business, reputations and the wider financial system”.

Stopping Hackers from Turning off the Lights
September 13, 2016
According to a U.S. Department of Homeland Security report, although “the energy sector only represents 5-6 percent of U.S. GDP, the energy industry is subject to roughly 32 percent of all cyberattacks.”

Cyber attacks raise questions about blockchain security
September 12, 2016
Flaws in the code and storage problems are headaches for the financial industry

Former CIA CTO Gus Hunt to Lead Accenture Federal Services’ Cybersecurity Practice
September 12, 2016
Ira “Gus” Hunt, former chief technology officer for the CIA, has joined Accenture Federal Services (AFS) to lead its cybersecurity practice.

ICAO, IATA and ACI to Host AVSEC World
September 12, 2016
The International Air Transport Association (IATA), The International Civil Aviation Organization (ICAO) and Airports Council International (ACI) have joined forces to address evolving aviation security risks with integrated solutions.

Smartphone Sensors Can Steal Data from 3D Printers
September 12, 2016
Attackers only need to tweak their smartphone’s software and place the device up to 30 centimeters away from a 3D printer.

Cybersecurity and the hospitality industry
September 11, 2016
Cybercriminals are now finding it easier to target multiple small restaurants. In fact, nearly half of cyberattacks worldwide in 2015 were against small businesses with fewer than 250 workers.

Israeli Police Arrest Owners of vDos DDoS-for-Hire Service
September 11, 2016
Israeli police arrested on Thursday two 18-year-olds, Itay Huri and Yarden Bidani, the alleged owners of a DDoS-for-Hire service named vDos, recently exposed by infosec journalist Brian Krebs.

New USB Kill 2.0 Thumb Drive Can Kill Your Laptop or PC in a Second
September 9, 2016
A Hong Kong company is selling a USB thumb drive called USB Kill 2.0 that can fry any computer it’s plugged into by introducing a power surge via the USB port.

White House names retired Air Force general as first cyber security chief
September 9, 2016
Gregory Touhill’s job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.

FBI Arrests Two Hackers Who Hacked US Spy Chief, FBI and CIA Director
September 8, 2016
US authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group “Crackas With Attitude.”

ISPs: UK Police Need to “Up Their Game” on Following Cybercrime Leads
September 8, 2016
Law enforcement bodies in the UK “need to up their game” when taking leads on cybercrime from internet service providers (ISPs), according to the Internet Service Providers Association (ISPA), which published a report this week.

NHS Digital to expand CareCERT cyber security focus
September 8, 2016
NHS Digital is to begin expanding its Care Computer Emergency Response Team (CareCERT) cyber security service as a means to improve the resilience of systems used in both health and social care provision.

Why corporate security fails – A focus on leadership
September 8, 2016
For too many organisations, cyber-security is seen as the sole responsibility of the company CIO or CISO, when the reality is that everyone now needs a sound appreciation of cyber-security best-practices.

Intel to spin out cybersecurity unit, sell stake in business to TPG
September 7, 2016
Intel said it would spin out its cyber security division, formerly known as McAfee, and sell a majority stake in it to investment firm TPG for $3.1 billion in cash.

Just an Image Can Hack Your Android Phone — Patch Now
September 6, 2016
Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.

DC’s Cybersecurity Startup Scene Is Hot. Can It Get Hotter?
September 6, 2016
Cybersecurity startups around Washington have been on fire this summer. A handful of companies collectively have raised more than $100 million in the last six weeks or so, all approaching cybersecurity from different angles despite similar goals.

Global Risk Institute calls emerging quantum computing technology major threat to cybersecurity systems
September 6, 2016
Acording to a report from Toronto-based Global Risk Institute, emerging quantum computing technology threaten to undermine cybersecurity systems installed by businesses and governments.

Obama touts U.S. cybersecurity strength after meeting with Putin
September 5, 2016
Obama said the United States has strong offensive and defensive cybersecurity capabilities.

A Sneaky Hacker Is Infecting Other Hackers with Malware
September 5, 2016
A hacker that uses the name Pahan has had a prodigious streak of infecting fellow hackers with all sorts of malware, presumably for his own gain.

Apple Issues Global Security Updates After Hacking Flaw Exposed
September 2, 2016
The company warns users of OS X El Capitan and Yosemite software to install updates as soon as possible.

Florida Man Arrested for Hacking Linux Kernel Organization
September 2, 2016
According to a four-count indictment, Donald Ryan Austin, 27, of El Portal, Florida, gained access to server credentials used by an individual associated with the Linux Kernel Organization.

Romanian Hacker Guccifer Sentenced to 52 Months in a US Prison
September 1, 2016
Marcel Lehel Lazar, 44, of Arad, Romania, a former cab driver turned hacker who used the name Guccifer, was sentenced to 52 months (4 years 4 months) in prison by a US court.

Washington Think Tank Organizations Hacked by APT29
August 31, 2016
Russian-linked cyber-espionage group known as APT29 has attempted to hack several Washington-based think tank organizations.

OneLogin Announces Security Breach That Exposed Customer “Secure Notes”
August 31, 2016
OneLogin has announced a server security breach that allowed an intruder to take a peek at customer Secure Notes thanks to a bug in the company’s logging procedures.

SWIFT discloses more cyber thefts, pressures banks on security
August 31, 2016
SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February’s high-profile $81 million heist at Bangladesh Bank.

One of Europe’s Biggest Companies Loses €40 Million in Online Scam
August 31, 2016
Leoni AG, Europe’s biggest manufacturer of wires and electrical cables and the fourth-largest vendor in the world, has announced it lost €40 million ($44.6 million) following an online scam that tricked one of its financial officers into transferring funds to the wrong bank account.

India, UK cybersecurity watchdogs sign pact for cooperation
August 31, 2016
State-run cybersecurity bodies of India and the UK have signed a Memorandum of Understanding for close cooperation on counter cyberattacks these countries face.

Cybercrime Will Double by 2021 with an Annual Profit of $6 Trillion
August 31, 2016
According to a report, cybercrime will double within 5 years, jumping from $3 trillion this year to the whopping $6 trillion by 2021.

Dropbox Hacked — More Than 68 Million Account Details Leaked Online
August 30, 2016
Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach.

New and Mysterious FairWare Ransomware Targets Linux Servers
August 30, 2016
At least three Linux server administrators have complained at the time of writing about a new ransomware variant called FairWare that targets web servers running Linux.

With the development of new uses and new technologies, security lies at the heart of a hyper-connected society
August 30, 2016 –  PRESS RELEASE
Public and private actors will gather in Lille on 24 and 25 January 2017 for the International Cybersecurity Forum (FIC 2017), to exchange ideas around the challenges of an increasingly connected world and to work at establishing a secure digital environment.

Kaspersky Fixes Bugs That Allowed Attackers to Crash Its Antivirus
August 29, 2016
Russian security vendor Kaspersky Lab has recently patched four vulnerabilities in its flagship product, which allowed attackers to crash the antivirus and disclose information from the computer’s memory.

Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns
August 29, 2016
A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states,

Multiple Australian Government Agencies Compromised in the Last Five Years
August 29, 2016
Australian authorities suspect that Chinese hackers are behind cyber-attacks against several government agencies at the Department of Foreign Affairs and Trade, the Defence Department, and the Bureau of Meteorology.

Meet USBee, the malware that uses USB drives to covertly jump airgaps
August 29, 2016
Technique works on virtually all USB drives with no modifications necessary

Microsoft joining China’s cybersecurity council
August 28, 2016
China is allowing foreign technology companies to join a key government committee in an effort to ease foreign concerns over its strict cybersecurity policies

Finding the right security professional: The true skills challenge
August 28, 2016
Backed by a $19 trillion industry, cyber criminals are finding new and complex ways of compromising systems and are evading detection more than ever before.

VirusTotal Adds Support for CrowdStrike and Invincea Scanners
August 28, 2016
Both are part of the new wave of next-gen anti-malware products that rely on machine learning algorithms to analyze behavior and network activity in order to detect anomalies and flag malware.

Here’s how much money you could make with a career in cybersecurity
August 28, 2016
The difference between cybersecurity professionals and everyone else in the information-technology sector isn’t just a matter of skill set, it’s also a matter of mindset.

Opera Browser Sync Service Hacked; Users’ Data and Saved Passwords Compromised
August 27, 2016
Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week

2000 officials receive e-governance, cyber security training
August 26, 2016
Some 2,000 government officials have received training from reputed international organisations on governance, project management and cyber security issues.

Ensuring Cybersecurity In Fintech: Key Trends And Solutions
August 25, 2016
Given the growth, dynamism, and complexity of the digital financial ecosystem, it is inevitable that some solutions will be insufficiently secure against cyberattacks.

Exploits patched by Apple today hint at years of surreptitious government hacks
August 25, 2016
You’ll want to be updating your iOS devices to 9.3.5, the version released today by Apple — especially if you’re a prominent human rights activist.

The biggest threat facing connected autonomous vehicles is cybersecurity
August 25, 2016
One of the biggest threats that society will face as transportation transforms in the coming years is vehicle cybersecurity.

Asian companies have world’s worst cybersecurity says study
August 24, 2016
Many Asian organisations are badly defended against cyber-attacks, a year-long investigation by US security company Mandiant indicates.

Military submarine maker springs leak after “hack” – India, Oz hit dive alarm
August 24, 2016
Massive leak of French shipbuilder’s documents reveal detailed defense plans.

Juniper Confirms Shadow Brokers Firewall Implants
August 23, 2016
Company still investigating, no fixes or mitigations out yet.

Critical Flaws Let Attackers Hijack Cellular Phone Towers
August 23, 2016
Three critical security flaws in BTS stations allow attackers to compromise, hijack, crash mobile cell towers, security researchers from Zimperium have discovered.

US Ports Targeted with Zero-Day SQL Injection Flaw
August 23, 2016
Ports in the US have reported attacks using an SQL injection flaw made public by a hacker known as bRpsd, who released a fully working exploit online without notifying the vendor in advance.

Cisco Exploit Leaked in NSA Hack Modifies to Target Latest Version of Firewalls
August 23, 2016
Recently released NSA exploit from “The Shadow Brokers” leak that affects older versions of Cisco System firewalls can work against newer models as well.

United States Air Force hopes to improve cyber security with migration to Windows 10
August 22, 2016
The Air Force is slated to upgrade to Windows 10 during the next couple years to improve the Air Force’s cybersecurity posture, lower the cost of information technology and streamline the IT operating environment.

New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings
August 22, 2016
Attacks currently detected only against Brazilian banks.

Facebook Photos Lead to Hacking of Facial Recognition System
August 22, 2016
The hackers can use two-dimensional pictures, photos, and even 3D face replicas to compromise a system.

Despite billions spent on cybersecurity, companies aren’t truly safe from hacks
August 22, 2016
Companies on a treadmill to stay ahead of data thieves.

Bounty hunters are legally hacking Apple and the Pentagon – for big money
August 22, 2016
A growing roster of ‘white hat’ hackers earn thousands finding chinks in the digital armor of the US government and companies such as Apple and Google.

Many hospitals transmit your health records unencrypted
August 22, 2016
About 32% of hospitals and 52% of non-acute providers — such as outpatient clinics, rehabilitation facilities and physicians’ offices — are not encrypting data in transit, according to a new survey.

Cybercrime damages expected to cost the world $6 trillion by 2021
August 22, 2016
Massive expansion of the global cyber attack surface will fuel the cybercrime epidemic.