About the Review


Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.


Latest news 


  • Container ship loading plans are ‘easily hackable’

    November 20, 2017

    Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or “Bay Plan”. The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied and which are ...

  • Your biggest threat is inside your organisation and probably didn’t mean it

    November 19, 2017

    It doesn’t have a super-sexy moniker like KRACK or Heartbleed, but the spectre of the insider threat looms large for organisations, and has done so for as long as electricity, silicon, and computing have been paired up to store information. While it’s easy to imagine a disgruntled, unhappy employee becoming a malicious actor within an organisation, and dumping the ...

  • Massive US military social media spying archive left wide open in AWS S3 buckets

    November 17, 2017

    Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. The archives were found by UpGuard’s veteran security-breach hunterChris Vickery during a routine scan of open ...

  • Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

    November 16, 2017

    Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale.  Products affected include Oracle PeopleSoft ...

  • Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

    November 15, 2017

    Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and ...

  • Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices

    November 15, 2017

    Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable global market for stolen mobile phones—and by extension, ...

  • Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

    November 14, 2017

    Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information ...

  • DHS, FBI describe North Korea’s use of FALLCHILL malware

    November 14, 2017

    The North Korean government has likely been using the malware since 2016 to target the aerospace, telecommunications, and finance industries, the US government says. The federal government on Tuesday issued an alert detailing the North Korean government’s use of malware known as FALLCHILL, warning that North Korea has likely been using the malware since 2016 to target the ...

  • 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

    November 14, 2017

    You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all ...

  • Google security report finds phishing to be biggest threat

    November 14, 2017

    In an effort to better understand how users accounts get ‘hijacked,’ Google collaborated with the University of California at Berkeley to investigate how the black markets responsible for obtaining and selling user credentials operate. The study took place from March 2016 to March 2017 and the research focused primarily on tracking several large black markets trading ...

  • New IcedID Trojan Targets US Banks

    November 13, 2017

    Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID. The IcedID Trojan was spotted in September by researchers at IBM’s X-Force Research team. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and ...

  • Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask

    November 13, 2017

    Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...

  • Experts working with Homeland Security hacked into Boeing 757

    November 10, 2017

    There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...