News

Hackers and cybercrime prevention

• October 19, 2023 19 Oct'23

  Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

  Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source

• October 18, 2023 18 Oct'23

  What are the cyber risks from the latest Middle Eastern conflict?

  The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations

• October 17, 2023 17 Oct'23

  Five Eyes issues five tips on thwarting nation state threats

  Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats

• October 17, 2023 17 Oct'23

  Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine

  Hacktivists supporting Gaza and Palestine have launched hundreds of website defacement attacks against Israeli websites, mirroring the pattern of attacks that occurred after Russia’s invasion of Ukraine

• October 17, 2023 17 Oct'23

  Alert sounded over dangerous Cisco IOS XE zero-day

  Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems

• October 17, 2023 17 Oct'23

  What it takes to succeed in DevSecOps

  Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey

• October 13, 2023 13 Oct'23

  US SEC launches probe into mass MOVEit breach

  Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected

• October 11, 2023 11 Oct'23

  Why only 1% of the Snowden Archive will ever be published

  Speaking to Computer Weekly after we published new revelations from the Snowden archive, the Guardian’s Pulitzer Prize winner, Ewen MacAskill, explains why more of the Snowden trove is unlikely to see the light of day

• October 10, 2023 10 Oct'23

  MGM faces £100m loss from cyber attack on its casinos

  MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

• October 05, 2023 05 Oct'23

  Microsoft: Nation-state cyber espionage on rise in 2023

  Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering

• October 05, 2023 05 Oct'23

  Red Cross issues rules of engagement for hackers in conflicts

  The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them

• October 05, 2023 05 Oct'23

  Ransomware dwell times now measured in hours, says Secureworks

  Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report

• October 03, 2023 03 Oct'23

  Cyber experts urge EU to rethink vulnerability disclosure plans

  The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...

• October 03, 2023 03 Oct'23

  RSA and other crypto systems vulnerable to side-channel attack

  A researcher has found that a flaw in RSA is still vulnerable – a quarter of a century after it was first discovered

• October 03, 2023 03 Oct'23

  CIISec scores DSIT funding to expand successful CyberEPQ scheme

  DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date

• October 03, 2023 03 Oct'23

  Top science journal faced secret attacks from Covid conspiracy theory group

  A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly

• September 28, 2023 28 Sep'23

  Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

  The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps

• September 28, 2023 28 Sep'23

  How Akamai is driving growth in APAC

  Akamai's managing director for the region outlines the company’s growth journey, how it sets itself apart from competitors, and its strategies to drive the next phase of growth

• September 28, 2023 28 Sep'23

  Yahoo picks Intigriti to run crowdsourced bug bounty programme

  Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate

• September 27, 2023 27 Sep'23

  Researchers offer free threat briefings on Vegas casino hackers

  Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment

• September 27, 2023 27 Sep'23

  City of Las Vegas masters cyber incident response with Darktrace

  The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence

• September 26, 2023 26 Sep'23

  Sony alleged victim of new extortion gang

  A little-known threat actor claims it has breached IT systems and networks at electronics and entertainment giant Sony, and is threatening to release the organisation’s data unless paid off

• September 26, 2023 26 Sep'23

  Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

  Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job

• September 25, 2023 25 Sep'23

  Apple fixes three vulnerabilities found by spyware researchers

  Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab

• September 22, 2023 22 Sep'23

  Annual Security Serious Awards nominations announced

  Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry

• September 22, 2023 22 Sep'23

  Cyber experts set out plan to secure future US elections

  A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past

• September 21, 2023 21 Sep'23

  ‘Top’ ransomware gangs favour smaller businesses

  Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses

• September 19, 2023 19 Sep'23

  New revelations from the Snowden archive surface

  A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by ...

• September 19, 2023 19 Sep'23

  Okta confirms link to cyber attacks on Las Vegas casinos

  Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed

• September 18, 2023 18 Sep'23

  Unregulated DeFi services abused in latest pig butchering twist

  Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation

• September 18, 2023 18 Sep'23

  Government seeks industry views on cyber threat to UK CNI

  The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure

• September 15, 2023 15 Sep'23

  Las Vegas mainstay Caesars Palace likely paid off ransomware crew

  Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers

• September 15, 2023 15 Sep'23

  Manchester police data breach a classic supply chain incident

  The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force

• September 14, 2023 14 Sep'23

  Data on over 3,000 Airbus suppliers leaked after breach

  An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines

• September 14, 2023 14 Sep'23

  BlackCat on the hook for cyber attack that crippled Vegas casinos

  The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues

• September 14, 2023 14 Sep'23

  Google, Microsoft and Mozilla push browser updates to foil zero-day

  A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GCHQ breached privacy rights of IT professional and security researcher, human rights court rules

  The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher

• September 13, 2023 13 Sep'23

  BianLian ransomware gang holds Save the Children hostage

  The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected

• September 13, 2023 13 Sep'23

  Storm-0324 gathers over Microsoft Teams

  An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 13, 2023 13 Sep'23

  ExtraHop open sources 16 million rows of threat domain data

  NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms

• September 12, 2023 12 Sep'23

  US casino giant MGM Resorts battles 36-hour outage after cyber attack

  Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos

• September 12, 2023 12 Sep'23

  IT spending in Australia to grow 7.8% in 2024

  The growth will be led by investments in cyber security, cloud, analytics and application modernisation as Australian CIOs look to improve cost and operational efficiencies

• September 11, 2023 11 Sep'23

  Brits happy to break cyber law if the price is right

  A study conducted ahead of an upcoming security trade fair reveals a slim majority of Brits would come out in favour of offensive government security ops and even engage in cyber criminality themselves in the right circumstances

• September 11, 2023 11 Sep'23

  Professional ransomware gangs clearly a threat, but attacks can be easily stopped

  NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do

• September 11, 2023 11 Sep'23

  Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

  Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 08, 2023 08 Sep'23

  Apple patches Blastpass exploit abused by spyware makers

  Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO

• September 08, 2023 08 Sep'23

  Deputy PM urges UK plc not to lose focus on cyber

  In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors