Security

Interpol has repeated warnings that human traffickers are fueling an online fraud epidemic in South East Asia and beyond, after revealing details of more arrests made during a recent operation. Operation Storm Makers II involved law enforcers from 27 countries in Asia, as well as Africa, the Middle East and South America. It led to

The ransomware epidemic hitting UK businesses is leading many to increase their prices, adding to already high inflation, new data from Veeam has warned. The data protection firm surveyed 100 directors of UK businesses with over 500 employees that had been successfully compromised at least once by ransomware in the past 18 months. It found that large

Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)

The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to

Almost all (90%) of the world’s 48 biggest energy companies have suffered a supply chain data breach in the past 12 months, according to new data from SecurityScorecard. The security resilience vendor analyzed the cybersecurity posture of the largest coal, oil, natural gas and electricity companies in the US, UK, France, Germany and Italy, as well

Legal experts have warned that a “landmark” ruling by the European Court of Justice (ECJ) could have major financial ramifications for organizations that breach the GDPR. The judgement handed down yesterday involved German property company Deutsche Wohnen. The firm was originally hit with a €14.5m ($15.7m) fine by the Berlin Data Protection Commissioner back in

A prolific Russian state-sponsored APT group is actively exploiting a known vulnerability in Outlook to access email accounts in Exchange servers, Microsoft has warned. APT28 (aka Forest Blizzard, Strontium, Fancy Bear) is known to target government, energy, transportation and non-governmental organizations in the US, Europe and the Middle East, Microsoft Threat Intelligence claimed on X

Staples is still suffering disruption after being hit by a cyber-attack late last week, the retailer has revealed. The office supplies giant apologized to customers for any inconvenience, in an updated service message on its main website. “We continue to experience disruption of our communications and our customer service lines. All other aspects of our

Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and

The UK’s security agency has urged the nation’s water sector to apply best practice security measures after a US operator was breached via its industrial control systems. The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and switched to manual operation after its Unitronics

The UK government has signed what it claims to be a “world-first” charter with some of the biggest technology companies on the planet, which will see the latter commit to blocking and removing fraudulent content from their platforms. Announced late yesterday, the Online Fraud Charter is a voluntary agreement for technology firms to better police fraud

Okta has revealed that an October security breach compromised all users of its customer support system rather than a small subset as previously thought. CSO David Bradbury said last month that only 134 customers were impacted after a threat actor gained access to the support system between September 28 and October 17. They had managed to access

Security experts have urged ownCloud customers to mitigate a critical zero-day vulnerability in its “graphapi” app announced last week, after observing mass exploitation by threat actors. Security vendor GreyNoise raised the alarm after file server and collaboration platform ownCloud revealed the CVSS 10.0-rated vulnerability on November 21. “The ‘graphapi’ app relies on a third-party library

Police in Ukraine have arrested five individuals including the suspected ringleader of a prolific ransomware affiliate believed to have made hundreds of millions of dollars from cyber-attacks. Law enforcers and judicial authorities from seven countries joined forces with Europol to dismantle the group, searching 30 properties in Kyiv, Cherkasy, Rivne and Vinnytsia on November 21.

A prolific threat actor has been spotted on the dark web selling what they claim to be sensitive information stolen from General Electric. General Electric (GE) is one of America’s best-known multinationals, having been founded over 100 years ago by Thomas Edison. It now has a portfolio ranging from aerospace to renewable energy. However, according

Security researchers have found a way to bypass the popular Windows Hello fingerprint authentication technology, after discovering multiple vulnerabilities. Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of the top three fingerprint sensors embedded in laptops. The firm studied a Dell Inspiron 15, a Lenovo ThinkPad T14 and a Microsoft

House sales and purchases across the UK have been disrupted by a cyber-attack affecting multiple conveyancing firms. CTS, a legal sector specialist infrastructure service provider, confirmed in a statement that it has experienced a service outage caused by a cyber-incident. The firm said the cyber-attack has impacted a portion of the services it delivers to

The US Cybersecurity and Infrastructure Security Agency (CISA) has relaunched a key working group, with ambitious plans to understand the effectiveness of security controls in tackling ransomware and other threats. The Cybersecurity Insurance and Data Analysis Working Group (CIDAWG) was originally founded in 2016, although the new iteration will be very different, according to CISA

The British Library has revealed that HR data was stolen and leaked in a recent ransomware breach. The state-run institution, one of the world’s largest public libraries, only admitted last week that an October 28 incident was in fact caused by ransomware. In a further update yesterday it revealed a little more detail. “Following confirmation

Europol has announced a new unit whose job it will be to find and analyze publicly available information indicating Russian war crimes committed in Ukraine. The Operational Taskforce (OTF) will scour the internet to “identify suspects and their involvement in war crimes, crimes against humanity or genocide crimes” through open source intelligence (OSINT), the policing

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) sector. The new guide outlines defensive mitigation strategies and best practices to counteract prevalent cyber-threats targeting critical infrastructure in the healthcare domain. The paper, published on Friday, emphasizes the importance of vulnerability management,

The UK’s National Cyber Security Centre (NCSC) has revealed details of its first RFC for standards body the Internet Engineering Task Force (IETF) – covering indicators of compromise (IoCs). RFCs are reference documents containing technical specifications and organizational notes for the technical foundations of the internet. RFCs that reach a certain level of maturity can

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a detailed cybersecurity advisory on the sophisticated Scattered Spider threat group, urging critical infrastructure (CNI) firms to implement its mitigation recommendations. The group (also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest and Muddled Libra) is thought to be responsible for big-name

involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban. The hackers craft enticing emails promising heavy discounts on these luxury products, with the email addresses manipulated to mimic the authenticity of the brands. Despite the appearance of legitimacy, a closer look reveals that the email origins have no connection to the actual

The Cloud Security Alliance (CSA) has introduced the Certificate of Competence in Zero Trust (CCZT), the industry’s inaugural authoritative zero trust certification.  CSA said the certification responds to the evolving landscape of pervasive technology and the inadequacy of legacy security models. It aims to equip security professionals with the knowledge necessary to develop and implement

The US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its inaugural roadmap for artificial intelligence (AI). The initiative aligns with President Biden’s recent Executive Order, which directed DHS to globally promote AI safety standards, safeguard US networks and critical infrastructure, and address the potential weaponization of AI. The roadmap

Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the Python community, across all projects, with 768 of them validated as authentic.  Notably, 2922 projects contained at least one unique secret. Among the leaked secrets were various credentials, including AWS Keys, Redis credentials, Google API

The global online gaming community is facing a rising threat from cyber-criminals exploiting vulnerabilities inherent in gamers’ interactions with digital content.  A recent report by Sekoia.io has shed light on a targeted campaign using Discord messages and fake download websites to distribute information-stealing malware within the gaming sphere. According to the post, gamers, in their quest for

Two giants of the banking and legal sectors have been breached by suspected ransomware actors, according to reports. Allen & Overy is one of the UK’s “Magic Circle” law firms. It released a statement yesterday revealing a “data incident” impacting a “small number of storage servers.” Although the firm did not name ransomware as the

Microsoft has revealed a new threat campaign exploiting a zero-day vulnerability in the popular SysAid IT helpdesk software. Posting to X (formerly Twitter) yesterday, the Microsoft Threat Intelligence account said the group is the same one responsible for the MOVEit data theft and extortion campaign – a threat actor known as Lace Tempest (aka DEV-0950,