Welcome to the Cyber Security Review website.
The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.
Threats posed by cybercriminals, state and non-state actors are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, manufacturing, online commerce and digital life in general, security experts are finding that their work has become a race against the attackers.
The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.
Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.
- Meet Mantis – the tiny shrimp that launched 3,000 DDoS attacks
July 15, 2022
The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp. Cloudflare said it thwarted the 26 million request per second ...
- Attackers scan 1.6 million WordPress sites for vulnerable plugin
July 15, 2022
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading ...
- The industrial internet of things is still a big mess when it comes to security
July 14, 2022
Critical infrastructure is increasingly targeted by cyber criminals – and while those responsible for running industrial networks know that securing operational technology (OT) and the ...
- Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response
July 14, 2022
WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for ...
- New Lilith ransomware emerges with extortion site, lists first victim
July 13, 2022
A new ransomware operation has been launched under the name ‘Lilith,’ and it has already posted its first victim on a data leak site created ...
- 1.9m patient records exposed in healthcare debt collector ransomware attack
July 13, 2022
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data – ...
- Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
July 13, 2022
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared ...
- Transparent Tribe begins targeting education sector in latest campaign
July 13, 2022
Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India. This campaign was ...
- End-to-end encryption is a ‘disaster’ for counter-terrorism and stops police finding right-wing extremists online
July 13, 2022
End-to-end encryption on messaging apps is a “disaster” for counter-terrorism officials as it stops them finding extreme-right activity online, a new report warns. Extreme right-wing terrorists’ ...
- From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
July 12, 2022
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the ...
- Hackers impersonate cybersecurity firms in callback phishing attacks
July 12, 2022
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks. Most phishing campaigns embed links to ...
- Defense contractor pays $9m to settle whistleblower’s cybersecurity allegations
July 11, 2022
Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 ...