News

Network security management

• February 13, 2023 13 Feb'23

  Killnet DDoS attacks disrupt Nato websites

  A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable

• February 09, 2023 09 Feb'23

  How Check Point is keeping pace with the cyber security landscape

  Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security

• February 06, 2023 06 Feb'23

  Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

  Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app

• February 05, 2023 05 Feb'23

  Australian organisations underinvesting in cyber security

  Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches

• February 02, 2023 02 Feb'23

  North Korea’s Lazarus gang exposes itself in opsec failure

  WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up

• February 01, 2023 01 Feb'23

  NCSC for Startups inducts four companies into programme

  Four more startups are set to join the NCSC accelerator, which helps the UK government develop technology and approaches to pressing cyber security challenges

• February 01, 2023 01 Feb'23

  Cisco fixes two bugs that could have led to supply chain attacks on users

  Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them

• January 31, 2023 31 Jan'23

  Russian DDoS hacktivists seen targeting western hospitals

  A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk

• January 26, 2023 26 Jan'23

  Zero-trust implementations remain work in progress

  Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds

• January 24, 2023 24 Jan'23

  Chinese IoT suppliers expose UK businesses to espionage and data theft

  Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat

• January 24, 2023 24 Jan'23

  SSRF attacks hit 100,000 businesses globally since November

  There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers

• January 23, 2023 23 Jan'23

  Royal Society calls on public sector to pilot privacy tech

  The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow

• January 23, 2023 23 Jan'23

  NCSC warning over cyber risk to charity sector

  Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC

• January 18, 2023 18 Jan'23

  David Anderson KC to review UK surveillance laws

  Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies

• January 17, 2023 17 Jan'23

  Cloudflare urged to clamp down on pirates, counterfeiters

  A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods

• January 12, 2023 12 Jan'23

  Cloudflare completes SASE offer with Magic WAN Connector

  Software-defined wide-area network functionality released by online application acceleration and infrastructure provider Cloudflare to complete single-supplier secure access service edge offering

• January 10, 2023 10 Jan'23

  New APT group targets ASEAN governments and militaries

  The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB

• January 08, 2023 08 Jan'23

  Vulnerable organisations to get free Cyber Essentials support

  Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre

• January 06, 2023 06 Jan'23

  Russia’s Turla falls back on old malware C2 domains to avoid detection

  Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals

• January 05, 2023 05 Jan'23

  Cyber gang abused free trials to exploit public cloud CPU resources

  A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying

• January 05, 2023 05 Jan'23

  Warning over ransomware attacks spreading via Fortinet kit

  Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web

• December 28, 2022 28 Dec'22

  Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

  NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness

• December 22, 2022 22 Dec'22

  NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

  The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 22, 2022 22 Dec'22

  Top 10 cyber crime stories of 2022

  Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents

• December 16, 2022 16 Dec'22

  UK unis implement new IP traffic policies to combat ransomware

  Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature

• December 15, 2022 15 Dec'22

  Cops dismantle 48 DDoS-for-hire websites

  An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites

• December 15, 2022 15 Dec'22

  NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

  EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears

• December 14, 2022 14 Dec'22

  Microsoft fixes two zero-days in final Patch Tuesday of 2022

  December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over

• December 14, 2022 14 Dec'22

  New cyber approaches ease Registers of Scotland’s AWS migration

  As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web ...

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 13, 2022 13 Dec'22

  More Uber data exposed in possible supply chain attack

  A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack

• December 11, 2022 11 Dec'22

  How Zscaler is cracking APAC’s cloud security market

  Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better

• December 09, 2022 09 Dec'22

  Iranian APT seen exploiting GitHub repository as C2 mechanism

  A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• December 06, 2022 06 Dec'22

  Industrial IoT focus of next NCSC startup challenge

  The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things

• December 06, 2022 06 Dec'22

  Don’t become an unwitting tool in Russia’s cyber war

  Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?

• December 05, 2022 05 Dec'22

  French cyber consultancy Hackuity sets up UK operation

  Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base

• December 01, 2022 01 Dec'22

  MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

  Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

• November 30, 2022 30 Nov'22

  Latest LockBit ransomware versions have wormable capabilities

  Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter

• November 27, 2022 27 Nov'22

  Plexal inducts six into cyber leadership scheme

  Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  UK police arrest 120 in largest-ever cyber fraud crackdown

  The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 22, 2022 22 Nov'22

  Killnet DDoS hacktivists target Royal Family and others

  Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks

• November 21, 2022 21 Nov'22

  Bug Bounty Calculator helps organisations fine-tune their payouts

  Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention

• November 18, 2022 18 Nov'22

  New gold standard to protect good faith hackers

  HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking

• November 18, 2022 18 Nov'22

  CyberPeace Institute helps NGOs improve their security resilience

  Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people

• November 18, 2022 18 Nov'22

  Enterprises embrace SD-WAN but miss benefits of integrated approach to security

  Research from managed network and security services provider finds virtually all enterprises have deployed software-defined wide area networks or plan to do so within the next 24 months, but nearly half reported they either don’t have security ...

• November 17, 2022 17 Nov'22

  Another Log4Shell warning after Iranian attack on US government

  The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching