Month: May 2022

0 Comments
The cyber implications of the Russia-Ukraine conflict were discussed by a panel of international security leaders during the opening plenary session at CYBERUK 2022. The discussion was moderated by NCSC’s CEO Lindy Cameron, who was joined on the stage by the director of the US’ National Security Agency (NSA), Robert Joyce, head of the Australian Cyber
0 Comments
The European Union (EU) has reached political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations. The new directive will replace the EU’s existing rules on the security of network and information systems (NIS Directive), which requires updating because “of the increasing degree of digitalization and interconnectedness of our society and the
0 Comments
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other.
0 Comments
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold? We all know there’s a cybersecurity skills shortage. Across the globe, the shortfall of talent is now measured in the millions. We’ve also all heard about the Great Resignation: a once-in-a-generation period of
0 Comments
The Spanish government has sacked its spy chief Paz Esteban amid a dual phone-hacking scandal involving Pegasus spyware, the country’s defense minister said today. The National Intelligence Center (CNI) that Esteban headed faced controversy recently for reportedly using Pegasus, developed by Israel’s NSO Group, to spy on leaders of the Catalan independence movement. CNI was
0 Comments
The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. “Analysis of these samples indicates that the developer has access to REvil’s source code, reinforcing the likelihood that the threat group has reemerged,” researchers from Secureworks Counter Threat Unit
0 Comments
Russians tuning in to view the country’s Victory Day parade today were shocked to find anti-war messages after the country’s television listings system was hacked. The hack affected several major networks, including Channel One, Rossiya-1 and NTV-Plus, the BBC reported. The name of every program was replaced with a message stating, per the BBC’s translation: “On your
0 Comments
by Paul Ducklin Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with
0 Comments
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that’s offered on sale for “dirt cheap” prices, making it accessible to professional cybercriminal groups and novice actors alike. “Unlike the well-funded, massive Russian threat groups crafting custom malware […], this remote access Trojan (RAT) appears to be
0 Comments
The US National Institute of Standards and Technology (NIST) has updated its guidance on supply chain cybersecurity. The revised publication, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, gives organizations key practices to adopt as they manage cybersecurity risks across their supply chains. In particular, it advises organizations to consider vulnerabilities in the components of a
0 Comments
The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations’ most valuable data The conflict in Ukraine has highlighted the risks of cyberespionage and sabotage, which typically involve Advanced Persistent Threat (APT) groups. In this special edition of Week in security, Tony looks