News


  • Government Should Name And Shame Companies With Poor Cyber Security, Say Academics

    January 22, 2019

    The UK government should name and shame companies whose cyber security measures fail to protect consumers’ data, according to a new report from King’s College London’s Cyber Security Research Group, which promotes research into cyber security, and the Policy Institute, an independent research institution which works to solve societal challenges with evidence. The report, called UK Active ...

  • GandCrab ransomware and Ursnif virus spreading via MS Word macros

    January 21, 2019

    Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing ...

  • New Phobos ransomware exploits weak security to hit targets around the world

    January 21, 2019

    A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world. Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of ...

  • DarkHydrus abuses Google Drive to spread RogueRobin Trojan

    January 21, 2019

    The DarkHydrus advanced persistent threat (APT) group is back and this time is not only using Windows vulnerabilities to infect victims but is also abusing Google Drive as an alternative communications channel. Last week, researchers from the 360 Threat Intelligence Center (360TIC) said the hackers have a new campaign underway which is focusing on targets in the Middle ...

  • Google Fined €50 Million by French Watchdog for Lack of Transparency

    January 21, 2019

    Google was hit with a €50 (56,8) million financial penalty in accordance with the General Data Protection Regulation (GDPR) by the Commission Nationale de l’informatique et des Libertés (CNIL) for violating transparency and information obligations and for not obtaining user consent for processing data for ads personalization purposes. The French watchdog’s fine against Google follows complaints filed by None Of Your Business ...

  • Cumbria health trust hit by 147 cyber attacks in five years

    January 19, 2019

    The NHS in Cumbria has been hit by more than 150 cyber attacks in five years, the BBC can reveal. Of these, 147 were directed at University Hospitals of Morecambe Bay NHS Trust (UHMBT), which runs hospitals in Barrow, Kendal, Morecambe and Lancaster. The trust said it had spent £29,600 in 2017 dealing with the effects of ...

  • WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    January 18, 2019

    Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for ...

  • New Android Malware Apps Use Motion Sensor to Evade Detection

    January 18, 2019

    Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research ...

  • Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

    January 18, 2019

    A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. Cisco Small Business Switches were developed for small office and home office (SOHO) environments, to manage and control small local area networks with no ...

  • Massive Collection #1 leak exposes 773m unique records online

    January 17, 2019

    Nearly 2.7 billion records containing up to 800 million unique email addresses and more than 21 million unique passwords have been compromised and published online. The massive data leak, dubbed Collection #1, is made up of individual breaches from “literally thousands of different sources”, according to security researcher Troy Hunt, who announced his findings in a blog ...

  • Unprotected Government Server Exposes Years of FBI Investigations

    January 17, 2019

    A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case ...

  • LoJax rootkit used by Russian-linked Fancy Bear has been silently active since 2016

    January 17, 2019

    Researchers have discovered that LoJax, the malware that formed the foundation for devastating Fancy Bear attacks in 2018, has been silently active for years. Use of this infrastructure by the Russian-linked hacking group was exposed in September 2018, just a few months after the LoJax servers were first discovered by security researchers in May. LoJax was last ...

  • GCHQ sets up all-female cyber-training classes

    January 17, 2019

    All-female classes in cyber-skills are being set up by the GCHQ intelligence service, in an attempt to recruit a wider range of online security experts. Almost 90% of the cyber-skills workforce worldwide is male, says GCHQ’s cyber-defence arm, the National Cyber Security Centre (NCSC). With warnings of serious skills shortages, the security services are worried about missing ...

  • NanoCore Trojan is protected in memory from being killed off

    January 16, 2019

    The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say. The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document. Developed in ...

  • Gemalto reports increase in blockchain use for securing the Internet of Things

    January 15, 2019

    The use of blockchain-based technology to help secure Internet of Things (IoT) data, devices, and services doubled last year, a report from Gemalto has revealed. According to the company’s The State of IoT Security report, released on Tuesday, blockchain has emerged as a potential aid to the IoT security dilemma, with adoption of the technology surging from nine percent ...

  • The Rise of Physical Crime in the Cybercrime Underground

    January 14, 2019

    While underground forums have long been the purview of digital or internet-enabled crimes, recent developments have shown signs of increasing synergy and interaction between traditional criminals and cybercrime actors. Given the nature of the underground, it shouldn’t be a surprise that even traditional criminals communicate and even sell their wares via these underground forums. Is it ...

  • Goldman Sachs leads $8M round in cyber security skills platform Immersive Labs

    January 14, 2019

    Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors. Operating in the cyber security training space, Immersive Labs  helps enterprise IT and other cyber security ...

  • How a hacked phone may have led killers to Khashoggi

    January 13, 2019

    Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised — along with the rest of Abdulaziz’s phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users. Abdulaziz, as CNN reported last ...

  • Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

    January 12, 2019

    Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible. Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom ...

  • These are the courses UK police are set to take in cybersecurity

    January 11, 2019

    As law enforcement in the UK and beyond are now expected to tackle the plague of cybersecurity-related fraud, scams, and crimes being committed for the purposes of identity theft and financial gain, they must also now become familiar with the threats, concepts, and — at the least — the basics in how such attacks are ...