Security

The ransomware epidemic hitting UK businesses is leading many to increase their prices, adding to already high inflation, new data from Veeam has warned. The data protection firm surveyed 100 directors of UK businesses with over 500 employees that had been successfully compromised at least once by ransomware in the past 18 months. It found that large

Europe’s cybersecurity agency has warned that geopolitics is fueling a current increase in denial-of-service (DoS) attacks. ENISA analyzed 310 publicly reported DoS attacks between January 2022 and August 2023, to compile its ENISA Threat Landscape for DoS Attacks report. It claimed that two-thirds (66%) were motivated by political reasons or activist agendas, with half (50%)

The UK’s privacy regulator has warned of falling public trust in AI and said any use of the technology which breaks data protection law would be met with strong enforcement action. Speaking at techUK’s Digital Ethics Summit 2023 on Wednesday, information commissioner, John Edwards, pointed to organizations using AI for “nefarious purposes” in order to

In today’s digital world, businesses are just as vulnerable to cyber-attacks as they are to fire and theft. New research from insurance provider Aviva found that businesses are 67% more likely to experience a cyber incident than a physical theft and almost five times as likely to have an attack as a fire. Overall, at

The LockBit ransomware strain continues to be the primary digital extortion threat to all regions, and almost all industries globally, according to a report by ZeroFox. Researchers found that LockBit was leveraged in more than a quarter of global ransomware and digital extortion (R&DE) attacks in the seven quarters analyzed from January 2022 to September

A prolific Russian state-sponsored APT group is actively exploiting a known vulnerability in Outlook to access email accounts in Exchange servers, Microsoft has warned. APT28 (aka Forest Blizzard, Strontium, Fancy Bear) is known to target government, energy, transportation and non-governmental organizations in the US, Europe and the Middle East, Microsoft Threat Intelligence claimed on X

The Cyber Resilience Act (CRA), the EU’s upcoming legislation to boost the security of digital products, is now only one step away from being officially adopted. After days of debate within EU institutions, the European Parliament and the EU Council reached a political agreement on the legislation on December 3. First proposed by the EU

The UK government has signed what it claims to be a “world-first” charter with some of the biggest technology companies on the planet, which will see the latter commit to blocking and removing fraudulent content from their platforms. Announced late yesterday, the Online Fraud Charter is a voluntary agreement for technology firms to better police fraud

Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20. The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild. The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and

The UK’s security agency has urged the nation’s water sector to apply best practice security measures after a US operator was breached via its industrial control systems. The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and switched to manual operation after its Unitronics

A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human’s Satori Threat Intelligence Team said it has uncovered the new build of ScrubCrypt for sale in dark web marketplaces, and observed it being used to launch account takeover

A worrying 17% of the UK’s small and medium-sized businesses (SMBs) can’t always spot the tell-tale signs of online fraud and scams, according to new data from UK Finance. The banking industry body has been running its “Can you spot fraud?” quiz for small business owners since last year. Designed in collaboration with Amazon, it

Cybercriminals are so far reluctant to use generative AI to launch attacks, according to new research by Sophos. Examining four prominent dark-web forums for discussions related to large language models (LLMs), the firm found that threat actors showed little interest in using these tools, and even expressed concerns about the wider risks they pose. In

Decentralized exchange KyberSwap has become the latest crypto firm to lose millions to digital thieves, after reporting a highly sophisticated cyber-attack. In a post on Friday, the firm revealed that the attack took place on November 22, resulting in a loss of nearly $55m in users’ funds. “On Nov 22 10:54 PM UTC, attackers exploited

Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers, ahead of the Black Friday online sales bonanza which starts today. For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December. However, it

Security researchers have found a way to bypass the popular Windows Hello fingerprint authentication technology, after discovering multiple vulnerabilities. Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of the top three fingerprint sensors embedded in laptops. The firm studied a Dell Inspiron 15, a Lenovo ThinkPad T14 and a Microsoft

House sales and purchases across the UK have been disrupted by a cyber-attack affecting multiple conveyancing firms. CTS, a legal sector specialist infrastructure service provider, confirmed in a statement that it has experienced a service outage caused by a cyber-incident. The firm said the cyber-attack has impacted a portion of the services it delivers to

Software supply chain attacks conducted by North Korean hackers have skyrocketed over the past few years, according to UK and South Korean government agencies. The MagicLine4NX and 3CX compromises, which both started in March 2023, are two of the most recent examples. To raise public awareness and help prevent compromise, the UK’s National Cyber Security

Several government agencies and cybersecurity organizations have raised the alarm in response to multiple threat actor groups exploiting Citrix Bleed, a vulnerability affecting Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. As part of the #StopRansomware coalition, an advisory was issued on November 21 warning organizations about ongoing exploitation of the vulnerability

The chief operating officer (COO) of a US network security firm has pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company. Securolytics executive, Vikas Singla, admitted hacking Gwinnett Medical Center (GMC) hospitals in Duluth and Lawrenceville, Georgia, as explained in a 2021 indictment. The incidents, which

A former NHS secretary has been fined by the data protection regulator after illegally accessing the medical records of over 150 people. The Information Commissioner’s Office (ICO) said that a complaint was first lodged back in June 2019, after a patient raised concerns that their records had been improperly accessed by Loretta Alborghetti, from Redditch.

Royal Mail has revealed a multimillion-pound cost attached to a serious ransomware breach it suffered earlier this year. The British postal service company was hit by a LockBit affiliate, in an incident which caused “severe service disruption” for items sent abroad. It later transpired that the ransomware actors were demanding nearly $80m from the firm

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a detailed cybersecurity advisory on the sophisticated Scattered Spider threat group, urging critical infrastructure (CNI) firms to implement its mitigation recommendations. The group (also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest and Muddled Libra) is thought to be responsible for big-name

involving the spoofing of luxury brands, including Louis Vuitton, Rolex, and Ray-Ban. The hackers craft enticing emails promising heavy discounts on these luxury products, with the email addresses manipulated to mimic the authenticity of the brands. Despite the appearance of legitimacy, a closer look reveals that the email origins have no connection to the actual

Almost half (29) of the 60 ransomware groups tracked by WithSecure in 2023 began operations this year, the security vendor has claimed. WithSecure’s analysis found that, although more established groups (8Base, Alphv/BlackCat, Clop, LockBit and Play) accounted for over half of data leaks in the first nine months of 2023, the new wave of ransomware variants

The Information Commissioner’s Office (ICO) has urged shoppers to investigate the privacy and security credentials of any smart technologies they’re planning to buy this Black Friday. The data protection regulator, which is currently reviewing the tech category before issuing new guidance next year, warned that many buyers may unwittingly put their personal data at risk.

A Middle Eastern advanced persistent threat (APT) group launched a new series of targeted cyber-espionage attacks from July to October 2023, using a new initial access downloader dubbed IronWind, according to Proofpoint. The security vendor identified the actor as TA402 (aka Molerats, Gaza Cybergang, Frankenstein, WIRTE), which it said supports Palestinian intelligence gathering objectives. Although

The EU has cemented ties with Ukraine on cybersecurity cooperation, with a new formal agreement designed to improve information sharing and capacity building. Announced today, the agreement formalizes discussions begun in Warsaw during the EU-Ukraine Cybersecurity Dialogue last year. It was signed by EU security agency ENISA, and Ukraine’s National Cybersecurity Coordination Center (NCCC) and the

Two giants of the banking and legal sectors have been breached by suspected ransomware actors, according to reports. Allen & Overy is one of the UK’s “Magic Circle” law firms. It released a statement yesterday revealing a “data incident” impacting a “small number of storage servers.” Although the firm did not name ransomware as the

Most British lawmakers are unaware or misinformed about how and where facial recognition technology (FRT) is being used, and the privacy threats it poses, according to a new Privacy International study. The rights group commissioned YouGov to poll 114 UK MPs about the technology, which uses AI to extract biometric data from facial images captured