- Bluetooth LE devices impacted by SweynTooth vulnerabilities
February 15, 2020
A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet
- Researchers Use Smart Light Bulbs to Infiltrate Networks
February 6, 2020
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...
- Ransomware Hits Maastricht University, All Systems Taken Down
December 27, 2019
Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two ...
- New Plundervolt attack impacts Intel CPUs
December 10, 2019
Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...
- Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam
November 4, 2019
Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...
- Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks
October 17, 2019
When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...
- Silent Librarian Retools Phishing Emails to Hook Student Credentials
October 16, 2019
Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...
- Hack Breaks PDF Encryption, Opens Content to Attackers
October 2, 2019
Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...
- Universities a ‘huge target’ for nation-state attackers, warns NCSC
September 19, 2019
Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it’s important that these institutions remain cyber secure. Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside ...
- Router Network Isolation Broken By Covert Data Exfiltration
August 18, 2019
Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...
- UK gov launches second audit of cyber security labour market
August 2, 2019
The UK government has launched a second audit of the country’s cyber security labour market in an effort to assess how companies across the country are handling the employment and training of IT professionals. Organisations across the public and private sector have been chosen at random to contribute to the study, with responses helping to shape ...
- Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping
July 23, 2019
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android ...
- Lancaster University students’ data stolen by cyber-thieves
July 23, 2019
Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...
- Cybersecurity staff burnout risks leaving organisations vulnerable to cyberattacks
June 25, 2019
Cybersecurity professionals are overworked and stressed out to such an extent that it threatens to provide hackers and cybercriminals with a better chance of conducting cyberattacks against the enterprise. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across the UK, France and Germany and ...
- Is it still a good idea to publish proof-of-concept code for zero-days?
March 18, 2019
More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...
- Theoretical Ransomware Attack Could Lead to Global Damages Says Report
January 29, 2019
According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. First of all, it is important to understand that although the numbers look very scary, this type of ...
- Government Should Name And Shame Companies With Poor Cyber Security, Say Academics
January 22, 2019
The UK government should name and shame companies whose cyber security measures fail to protect consumers’ data, according to a new report from King’s College London’s Cyber Security Research Group, which promotes research into cyber security, and the Policy Institute, an independent research institution which works to solve societal challenges with evidence. The report, called UK Active ...
- IDA and CIT champion new ‘Cyber Ireland’ infosec cluster
December 13, 2018
Could ambitious endeavour make Ireland the Fort Knox of infosec? IDA Ireland and Cork Institute of Technology (CIT) have joined forces on an initiative to establish Cyber Ireland, a national cybersecurity cluster. Cyber Ireland will provide a collective voice to represent the needs of the cybersecurity sector across the country and will address key challenges including skills needs, ...
- Rowhammer attacks can now bypass ECC memory protections
November 22, 2018
Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...
- New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data
November 3, 2018
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...