About the Review

Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.

Latest news 

  • Military Contractor’s Vendor Leaks Resumes in Misconfigured AWS S3

    September 5, 2017

    Thousands of resumes and job applications containing the personal information of U.S. veterans, many with top secret clearances, and law enforcement officers were left exposed in an Amazon Web Services S3 bucket, continuing a trend where poorly configured cloud-storage services are putting people at risk. The applicants were seeking employment with a private military contractor from ...

  • Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

    September 5, 2017

    Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON. The vulnerability (CVE-2017-9805) is a ...

  • Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards

    September 5, 2017

    The Estonian government has discovered a security risk in its ID card system, potentially affecting almost 750,000 residents. “When notified, Estonian authorities immediately took precautionary measures, including closing the public key database, in order to minimise the risk while the situation can be fully assessed and a solution developed,” according to an email by Kaspar Korjus, ...

  • Alert: AT&T customers with Arris modems at risk of remote hacking, claim infosec bods

    September 1, 2017

    Infosec consulting firm Nomotion has reported vulnerabilities in Arris broadband modems and which it says are trivial to exploit, and could affect nearly 140,000 devices. The report claims the modems carry hard-coded credentials, serious since a firmware update turned on SSH by default. That would let a remote attacker access the modem’s cshell service and take a ...

  • FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

    August 31, 2017

    Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, ...

  • Intel ME controller chip has secret kill switch

    August 29, 2017

    Security researchers at Moscow-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk. Intel’s ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction with integrated peripherals. It handles much of the data travelling between ...

  • Russia to Promote Cybersecurity at UNGA, BRICS

    August 28, 2017

    The Russian special presidential representative for international cooperation in information security says that Russia is going to advance the issue of cybersecurity at the UN General Assembly and at the BRICS Summit. Russia intends to promote the issue of cybersecurity at the United Nations General Assembly as well as through regional platforms, such as BRICS summit, Andrei Krutskikh, a special presidential representative ...

  • WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones

    August 28, 2017

    Do you believe that just because you have downloaded an app from the official app store, you’re safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones. Dubbed WireX, detected as “Android Clicker,” the botnet ...

  • Holiday cyber threat: GCHQ says take extra steps to secure smartphones

    August 26, 2017

    British holidaymakers should take extra measures to secure smartphones and laptops abroad following a series of cyber attacks on hotel Wi-Fi networks across Europe, GCHQ has warned. The agency’s National Cyber Security Centre (NCSC) said travellers should avoid “insecure” WiFi networks and set up “two-step verification” for emails, typically meaning that accounts can only be accessed using a ...

  • Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger

    August 24, 2017

    If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software. Although it is ...

  • Cybersecurity world faces ‘chronic shortage’ of qualified staff

    August 24, 2017

    The number one issue facing cybersecurity firms is a “chronic shortage” of qualified staff. That’s according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. “The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It’s an absolute epidemic,” Morgan told supply-chain blog Channelnomics. Morgan’s company in 2016 gathered feedback from executives listed ...

  • A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

    August 23, 2017

    How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp. Zerodium announced a new pricing structure on Wednesday, paying out $500,000 ...

  • VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

    August 23, 2017

    Messaging provider Fuze has resolved a trio of vulnerabilities in its TPN Handset Portal. The access controls and authentication flaws, discovered by security tools firm Rapid7, created a means for hackers to obtain personal data about Fuze users ranging from phone numbers to email addresses and access credentials. Once seized through brute-force attacks, this sensitive data could ...