Security

0 Comments
The White House has allocated a total of $3.1bn to cybersecurity infrastructure in its latest budget report. Published on Thursday, the document shows $145m of this figure will go toward making the Cybersecurity and Infrastructure Security Agency (CISA) “more resilient and defensible.” Of the remaining funds, $98m will be invested in implementing the Cyber Incident Reporting
0 Comments
Two separate vulnerabilities have been found in the Trusted Platform Module (TPM) 2.0 that could lead to information disclosure or escalation of privilege. At a basic level, TPM is a hardware-based technology providing secure cryptographic functions to the operating systems on modern computers, making them resistant to tampering. Affecting Revisions 1.59, 1.38 and 1.16 of the
0 Comments
by Paul Ducklin The US Cybersecurity and Infrastructure Security Agency (CISA), which dubs itself “America’s Cyber Defense Agency”, has just put out a public service annoucement under its #StopRansomware banner. This report is numbered AA23-061a, and if you’ve slipped into the habit of assuming that ransomware is yesterday’s threat, or that other specific cyberattacks should
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning system defenders against the Royal Ransomware group. Part of the Agency’s #StopRansomware campaign, the document was released on Thursday in collaboration with the FBI and describes tactics, techniques and procedures (TTPs) alongside indicators of compromise (IOCs) associated with Royal ransomware variants. The
0 Comments
Security researchers from ESET have discovered a new custom backdoor they dubbed MQsTTang and attributed it to the advanced persistent threat (APT) group known as Mustang Panda. Writing in an advisory published on March 2, 2023, ESET malware researcher, Alexandre Côté Cyr explained the new backdoor is part of an ongoing campaign the company traced back to early January.
0 Comments
Russian government officials will no longer be able to use messaging apps developed and run by foreign companies, according to a new law which went into force yesterday. Parts 8–10 of Article 10 of the new law – On Information, Information Technologies and Information Protection – apply to government agencies and organizations. “The law establishes
0 Comments
The Information Commissioner’s Office (ICO) has repeated calls for an urgent review into government ministers’ use of private messaging apps for official business, after 100,000 WhatsApp messages were leaked to a newspaper. The messages had been shared by former health secretary Matt Hancock with right-wing journalist Isabel Oakeshott so she could ghost write his Pandemic Diaries
0 Comments
British high street chain WH Smith has revealed earlier today it was hit by a cyber-attack that resulted in the theft of company data. In particular, the stationery and book chain said current and former employee data was accessed by the threat actors, including names, addresses, dates of birth and national insurance numbers. WH Smith
0 Comments
by Naked Security writer Dutch police announced late last week that they’d arrested three young men, aged between 18 and 21, suspected of cybercrimes involving breaking in, stealing data, and then demanding hush money. The charges include: computer intrusion, data theft, extortion, blackmail, and money laundering. The trio were actually arrested a month earlier, back
0 Comments
A business magnate and major political donor has been indicted for masterminding a “massive” $2bn scheme to defraud regulators and thousands of insurance policyholders. Greg Lindberg, 53, of Durham, North Carolina, allegedly conspired with others between 2016 and 2019 to invest nearly $2bn in multiple insurance companies – many of which have since 2019 apparently
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) warned nations’ defenders yesterday against disruptive and defacement attacks today. These, the agency said on Thursday, may spur from attempts to sow chaos and societal discord on the anniversary of Russia’s 2022 invasion of Ukraine. “In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion
0 Comments
Russia’s invasion of Ukraine has disrupted the vast cybercrime underground operating from the country, thanks to mobilization of some threat actors and the emigration of others, according to Recorded Future. The threat intelligence firm’s new report, Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem, is compiled from analysis of dark web sources. The cybersecurity vendor
0 Comments
The UK’s privacy regulator has called on accountants to play a key role in ensuring the country’s SMEs are compliant with rigorous data protection laws. The Information Commissioner’s Office (ICO) said that research from 2021 revealed that around a third (34%) of smaller businesses trust their accountants for advice, while a fifth (20%) use these
0 Comments
A suspected distributed denial of service (DDoS) attack downed several websites broadcasting President Putin’s state of the nation address on Tuesday, according to reports. Reuters said journalists based in multiple locations were unable to access the All-Russia State Television and Radio Broadcasting Company (VGTRK) website or the Smotrim live-streaming platform for periods during the speech.
0 Comments
Three fund managers have been sentenced to 12 years and three months following a seven-year investigation into their fraudulent handling of the Libyan sovereign wealth fund. The UK’s National Crime Agency (NCA) said it began its investigation after one of the trio, Frederic Marino, walked out of a London meeting with auditors and promptly fled
0 Comments
The FBI has released a brief statement about a recent cyber-incident that occurred at one of its highest profile field offices, claiming it is now under control. Sources briefed on the matter told CNN that a malicious incident impacted part of its network used in investigations of images of child sexual exploitation. “The FBI is