• Scottish judges rule Lockerbie documents will remain secret

    Foreign secretary’s decision to withhold documents that could absolve Libyan Abdelbaset al-Megrahi of 1989 terror attack backed by courtScotland’s most senior judges have upheld a secrecy order signed by the foreign secretary, Dominic Raab, to withhold intelligence documents believed to implicate a Palestinian terror group in the Lockerbie bombing.Lawyers acting for the family of Abdelbaset al-Megrahi, the Libyan convicted of the bombing, believe the documents are central to a fresh

  • Green Beret Passed Secrets to Russia

    Green Beret Passed Secrets to RussiaA former Green Beret in the United States Army has admitted passing classified information to Russian intelligence agents.Peter Rafael Dzibinski Debbins was arrested in August 2020 and charged with conspiring to provide United States national defense information to agents of a foreign government. On November 18, the 45-year-old Gainesville, Florida, resident pleaded guilty to the charge and now faces a maximum penalty of life in p

  • Data Breach at Iowa Hospital A data breach at an Iowa hospital has exposed the Social Security numbers and private medical information of more than 60,000 patients. Mercy Iowa City began notifying patients on November 13 of a data breach that occurred in spring 2020 after an employee’s email account was accessed by a threat actor. The hospital detected the breach on June 24 when the targeted account began sending out phishing emails and spam. An investigation revealed that the hac

  • FireEye Acquires Respond Software

    FireEye Acquires Respond SoftwareIntelligence-led security firm FireEye yesterday announced the acquisition of Respond Software, a company that uses automation to assist customers to comprehend and investigate security incidents.The transaction closed on November 18, 2020, and is valued at approximately $186m in cash and stock. FireEye said that the acquisition of Respond Software will open new market opportunities to deliver eXtended Detection and Response (XD

  • #ISSE2020: Focus on 2020's Crypto Successes Rather than Efforts to Break it

    #ISSE2020: Focus on 2020’s Crypto Successes Rather than Efforts to Break itEfforts to break encryption in new crypto wars are ongoing, but there are many successes to recount in the past year.Speaking in the closing session the virtual ISSE Conference Professor Bart Preneel from the KU Leuven, where he heads the COSIC research group, said more and more research crypto has been published this year and he praised the work to enable contact tracing, but was critical of government and

  • CybExer Tasked With Enhancing Luxembourg’s Cyber-Defense Capabilities

    CybExer Tasked With Enhancing Luxembourg’s Cyber-Defense CapabilitiesCybersecurity firm CybExer Technologies has announced it has been tasked with building a cyber-range for the Luxembourg Directorate of Defense in order to grow the skills of its current and future cyber-personnel.The cyber-range is essentially an IT-systems simulation environment that aims to improve organizations’ cyber-defense capabilities by conducting regular training and testing.The company has been awarded a t

  • Faith App Pray.com Exposes Millions Through Cloud MisconfigA popular Christian faith app has unwittingly exposed the personal data of up to 10 million users dating back several years, after misconfiguring its cloud infrastructure, researchers have warned.Santa Monica-headquartered Pray.com claims to be the “#1 App for daily prayer and biblical audio content” and has been downloaded over a million times from the Play Store.Researchers at vpnMentor discovered four misconfigured AWS S3

  • Microsoft Announces Pluton Processor for Better Hardware SecurityMicrosoft has announced the launch of a security processor designed to provide stronger hardware and software integration for Windows PCs to remove entire vectors of attack. Named the Pluton and built in collaboration with AMD, Intel and Qualcomm, Microsoft claimed the processor will improve the ability to guard against physical and/or hardware attacks targeting identity and encryption keys to steal sensitive informa

  • US Senate Approves New Deepfake Bill

    US Senate Approves New Deepfake BillUS legislation mandating government research into deepfakes took a step closer to becoming law this week after it passed the Senate by unanimous consent.Sponsored by Democrat senator for Nevada, Catherine Cortez Masto, the Identifying Outputs of Generative Adversarial Networks (IOGAN) Act recognizes the need for such research as nation states and cyber-criminals hone their tools.“This bill directs the National Science Foundation (NSF) and the National In

  • Black Friday Alert as E-Commerce Attacks Surge in 2020Security researchers are warning of a spike in cyber-attacks against retailers this year which may impact the coming Black Friday and holiday season shopping spree.Imperva’s State of Security Within e-Commerce report was compiled using data from its various security products.It noted several attack trends this year likely to have been influenced by the greater numbers of shoppers heading online during COVID-19 lockdowns.First, it claime

  • UK unveils National Cyber Force of hackers to target foes digitally

    New unit aims to disrupt online activities of hostile states, terror groups and paedophilesBritain has unveiled its new National Cyber Force, a unit of offensive hackers that can target hostile states such as China and Russia, terror groups and even paedophiles by disrupting their online communications.The NCF, controlled by the spy agency GCHQ and the Ministry of Defence (MoD), has been secretly up and running since April with several hundred hackers based in Cheltenham and other military sites

  • Oregon County Hit by Ransomware Attack

    Oregon County Hit by Ransomware AttackAn Oregon county hit by wildfires and a fall surge in Covid-19 cases is now dealing with the fallout from a cyber-attack.Jackson County’s website is currently down following a recent ransomware attack on the county’s web-hosting service provider, Managed.com. The company took down all its servers on Monday after reportedly becoming the latest target of REvil. A status update issued by Managed.com on November 19 said: ”

  • Hard Rock Stadium Ups CybersecurityThe critical infrastructure of a famous Florida sporting and entertainment venue is being protected by a brand-new cybersecurity solution.Atos and Forescout Technologies today announced a jointly developed solution that allows Miami Gardens’ Hard Rock Stadium to offer fans, staff, and spectators a whole new level of cybersecurity.The joint solution of Forescout’s cloud-based network segmentation solution eyeSegment and Atos&r

  • #DxPsummit: CISOs Discuss Ransomware Strategies for Recovery and Resistance

    #DxPsummit: CISOs Discuss Ransomware Strategies for Recovery and ResistanceSpeaking as part of Druva’s Cloud Data Protection Summit, panel moderator and Druva CISO Drew Daniels focused on the theme of cyber-resiliency, specifically on the subject of ransomware and what the role of data protection is in combatting the threat.Asking the speakers for their perspectives on ransomware detection and recovery, Mike Towers, CISO at Takeda Pharmaceuticals, said he follows a six-point plan of:

  • Raytheon Employee Jailed for Exporting Missile Data to China

    Raytheon Employee Jailed for Exporting Missile Data to ChinaA former Raytheon employee has been imprisoned in the United States for exporting sensitive military data from America to the People’s Republic of China. Chinese national Wei Sun was employed in Tucson, Arizona, as an electrical engineer with Raytheon Missiles and Defense for 10 years. In February 2020, the 49-year-old pled guilty to violating the Arms Export Control Act (AECA) by taking a company-issu

  • HMRC Records 73% Growth in Email Phishing Attacks During #COVID19The UK’s HMRC detected a 73% rise in email phishing attacks in the six months that the COVID-19 pandemic struck the country, according to official data obtained following a FOI request by accountancy firm Lanop Outsourcing.It revealed that from March to September 2020, there was an average of 45,046 email attacks per month in the UK. This compares to an average of 26,100 in the two months preceding the introduction of COVID-1

  • UN and Europol Warn of Growing AI Cyber-Threat

    UN and Europol Warn of Growing AI Cyber-ThreatCyber-criminals are just getting started with their malicious targeting and abuse of artificial intelligence (AI), according to a new report from Europol and the UN.Compiled with help from Trend Micro, the Malicious Uses and Abuses of Artificial Intelligence report predicts AI will in the future be used as both attack vector and attack surface.In effect, that means cyber-criminals are looking for ways to use AI tools in attacks, but also methods via

  • MoD Receives Funding Boost and Confirms Increase in Cyber-Spending

    MoD Receives Funding Boost and Confirms Increase in Cyber-SpendingThe UK government has dedicated an extra £16.5bn to defense spending which will see a heavy investment in cybersecurity defense and offensive capabilities.The Ministry of Defence has been given a four-year funding settlement, which includes a 10% increase in its annual £40bn budget – despite other government departments having a single-year settlement due to the COVID-19 impact.According to BBC News, Pr

  • Researcher Drops Gender Discrimination Lawsuit Against Microsoft

    Researcher Drops Gender Discrimination Lawsuit Against MicrosoftComputer researcher Katie Moussouris has dropped her gender discrimination lawsuit against tech giant Microsoft.Issued in 2015, the lawsuit claimed that Microsoft unfairly discriminated against Moussouris (who worked at the company between 2007 and 2016) and other female employees because of their gender. It claimed that female workers were passed over for promotions, while less qualified male colleagues were promoted.“I

  • Publicly Available Exploit Code Gives Attackers 47-Day Head Start

    Publicly Available Exploit Code Gives Attackers 47-Day Head StartWhen exploit code is released into the wild, it gives attackers a 47-day head start on their targets, new research has warned.Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild.Over the succeeding 15 months, the team noted when a vulnerability was discovered, when a CVE was reserved, when a CVE was published, when a patch was release

  • Chinese Cloud Hopper Attackers Use Zerologon in New Campaign

    Chinese Cloud Hopper Attackers Use Zerologon in New CampaignChinese state-sponsored attackers are operating a major global campaign against multiple verticals exploiting the Zerologon vulnerability, according to new research from Symantec.The security giant claimed that the Cicada group (aka APT10, Cloud Hopper) is targeting Japanese companies and their subsidiaries in 17 countries with information-stealing attacks. Affected sectors include automotive, pharmaceutical, engineering and managed ser

  • #DxPsummit: How Zoom Met 2020’s Security Challenges

    #DxPsummit: How Zoom Met 2020’s Security ChallengesThis was the year that Zoom became a verb that everyone uses in context as it became “a critical service for everybody.”Speaking as part of Druva’s Cloud Data Protection Summit, Druva CMO Thomas Been talked to Zoom corporate CIO Sunil Madan about the challenges the company has faced this year.Madan said the mission of Zoom was to support businesses and to be frictionless and, in a secure way, get more things don

  • Attacks on Pharma Rise Amid Targeting of #COVID19 Vaccine Development

    Attacks on Pharma Rise Amid Targeting of #COVID19 Vaccine DevelopmentAttacks on the biotech and pharmaceutical industry have risen by 50% in 2020 compared to 2019, according to a new report from BlueVoyant.These findings come amid positive recent news regarding the development of COVID-19 vaccines. It is unsurprising therefore that the cybersecurity firm found that eight of the most prominent companies working to create a vaccine for this virus have faced disproportionate levels of targeted mali

  • Dubliner Jailed Over $2m Cryptocurrency TheftAn Irish cyber-thief has been jailed for his part in a SIM-swap conspiracy that robbed victims of their life savings.Conor Freeman was identified by US Homeland Security as a member of a criminal group that stole over $2m worth of cryptocurrency from multiple victims in 2018.Freeman, of Dun Laoghaire, Dublin, pleaded guilty to stealing cryptocurrency, dishonestly operating a computer to make a gain, and knowingly engaging in t

  • US Holiday Shoppers Fear Cyber-Scams

    US Holiday Shoppers Fear Cyber-ScamsAmericans are planning to do more of their holiday shopping online this year despite being concerned that they might fall victim to cyber-scams.Research by global computer security software company McAfee found that 36% of American consumers are planning on buying gifts online this year despite 60% feeling that cyber-scams become more prevalent during the holiday season.The findings were included in McAfee’s “2020 Holiday Season: State of Today&rsquo

  • Twitter Appoints "Mudge" as Head of Security

    Twitter Appoints “Mudge” as Head of Security Social media giant Twitter has created a new head of security position and hired a world-famous hacker to fill it.The appointment of 49-year-old American Peiter Zatko, known online by his hacking handle “Mudge,” was announced by Twitter on November 16. According to Reuters, guitarist and Berklee College of Music graduate Zatko has been given a broad mandate to review the security structure and practices of the networking site and recommend c

  • #ISC2Congress: Which Pen-Testing Approach is Right for Your Business?

    #ISC2Congress: Which Pen-Testing Approach is Right for Your Business?Speaking during the virtual (ISC)2 Security Congress Alex Haynes, CISO at CDL, explored the various pen-testing approaches available to organizations and outlined how companies can determine which is the best option for their business use cases.“The problem with pen-testing in the market is that there’s an ‘alphabet soup’ of terminology and it is very easy to get confused when there are all these marketi

  • #DxPsummit: Use Quarantine in Your Ransomware Recovery

    #DxPsummit: Use Quarantine in Your Ransomware RecoveryConsider using a strategy of quarantine when implementing a ransomware recovery strategy, as reinfection can easily occur.Speaking as part of Druva’s Cloud Data Protection Summit, Charles Green, sales engineer at Druva, said the shift of data outside the company perimeter and firewalls led to an increase in ransomware payments, as well as more cyber insurance options to cover those payments.He explained that there are a number of c

  • #ISC2Congress: Building a Resilient Cybersecurity Industry from #COVID19Learning lessons from the COVID-19 pandemic is vital to growing resiliency in the cybersecurity industry, according to Juliette Kayyem, former assistant secretary at the Department of Homeland Security, speaking during a keynote session at the virtual (ISC)2 Security Congress.She began by outlining the five stages of crises management, noting that COVID-19 bears many similarities with other crises. These consist of two prior

  • Increase in Ransomware Sophistication and Leverage of Legacy Malware Predicted for 2021

    Increase in Ransomware Sophistication and Leverage of Legacy Malware Predicted for 2021An increase in ransomware sophistication, commodity malware and abuse of legitimate tools are predicted to be the main threats for the next year.According to the Sophos 2021 Threat Report, there will be a gap between ransomware operators at different ends of the skills and resource spectrum, with big-game hunting ransomware families continuing to refine and change their tactics, techniques and procedures

  • Source link

    Is your business effected by Cyber Crime?

    If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

    Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

    Europe +31558448040
    UK +44 20 8089 9944
    ASIA +85239733884