• US Government Warns of Palo Alto VulnerabilityThe US government has warned of a critical flaw in Palo Alto Networks equipment that could enable attackers to take over its devices with minimal skill.The warning, issued by US Cyber Command, urged people to patch all devices affected by the vulnerability immediately. It said that foreign advanced persistent threat actors will attempt to exploit it soon.Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. For




  • New Cybersecurity Standard for IoT Devices Established By ETSIA new standard for cybersecurity in the Internet of Things (IoT) has been unveiled today by the ETSI Technical Committee on Cybersecurity. It establishes a security baseline for internet-connected consumer products and for future IoT certification schemes. It is hoped the standard, titled ETSI EN 303 645, will help prevent large-scale, prevalent attacks taking place against smart devices.Developed in collaboration with industry,

  • Theresa May says UK's new national security adviser has 'no proven expertise'

    Former prime minister adds to outcry over David Frost’s appointmentTheresa May has launched a forthright attack upon Boris Johnson’s government for the appointment of the EU negotiator David Frost as the UK’s national security adviser.The former prime minister accused the Cabinet Office minister Michael Gove of promoting someone “with no proven expertise” to a crucial role at the heart of the UK’s safety. Continue reading…

  • UK intelligence torture case to be held in secret after challenge fails

    Judges throw out demand by two MPs and human rights charity for public hearingA judicial review aimed at overturning a decision to ditch a judge-led inquiry into the involvement of British intelligence in torture and rendition will be heard in secret after a challenge involving two MPs failed.The Conservative David Davis and Labour’s Dan Jarvis had joined with human rights charity Reprieve to demand the case be heard in public after it emerged that a further 15 potential cases of post 9/11




  • Indian Government Bans TikTok and 50+ Chinese AppsThe Indian government has banned over 50 Chinese-made smartphone apps including popular social title TikTok over concerns they may be stealing user data.The 59 titles also include Twitter-like platform Weibo and WhatsApp clone WeChat, as well as a range of other browser, camera, news, entertainment and communications apps.A government statement noted that the decision was taken due to fears that the apps were “prejudicial to sovereignty and

  • InFraud Cybercrime Gang Member Pleads Guilty to ChargesA leading figure in a notorious cybercrime organization has pleaded guilty before a Nevada court to racketeering charges.Russian national Sergey Medvedev — aka “Stells,” “segmed” and “serjbear” — pleaded guilty to conspiracy charges under the Racketeer Influenced and Corrupt Organizations Act (RICO), according to the Department of Justice (DoJ).According to the indictment, the InFraud group he

  • US Suspends Sensitive Tech Exports to Hong KongThe US government has said it will suspend export of sensitive defense technologies to Hong Kong after China passed a controversial national security law in the Special Administrative Region (SAR).In a brief statement on Monday, commerce secretary Wilbur Ross argued that the new law meant that sensitive US tech may find its way into the hands of the People’s Liberation Army (PLA) or the fearsome Ministry of State Security (MSS), both of which

  • #COVID19 HMRC Phishing Scams Persist, Begin Targeting Passport DetailsFraudsters are continuing to exploit self-employed people with advancements in already-established COVID-related HMRC phishing scams.Uncovered by Griffin Law, the latest variation of this attack is now targeting the passport details of self-employed people, along with other information including personal and bank details.According to Griffin Law, the scam begins with a text message purporting to be from HMRC informing the




  • Businesses Lack a Workable Ransomware Recovery StrategyMore than a third of businesses do not have a ransomware emergency plan in place, or are not aware if one exists within their company.According to research from Ontrack of 484 organizations, 39% either did not have or were not unaware of a ransomware strategy, while 26% admitted they couldn’t access any working backups after an attack.“The threat of ransomware has never been greater” said Philip Bridge, president of On

  • UCSF Pays $1.14m Ransomware FeeThe University Of California San Francisco finally confirmed that it had forked over $1.14m to ransomware thieves last week, less than a month after discovering that critical academic data related to its COVID-19 research had been encrypted.The university said in a statement on Friday that it had detected a security incident affecting some of its School of Medicine servers on June 1. It had quarantined the affected IT systems at the time. The attackers managed

  • Researchers Find New Calendar-Based Phishing CampaignResearchers have once again spotted crooks using calendar invitations to mount phishing attacks. The Cofense Phishing Defense Center found the attack in enterprise email environments protected by Proofpoint and Microsoft, it announced last week.The phishing scam uses iCalendar, which is a media type that lets users store and exchange calendaring and scheduling information, including events and tasks. iCalendar files are usually delivered with

  • Criminals Exploit Pandemic with Brute-Force RDP AttacksESET is the latest security company to notice a sharp spike in RDP-based hacks over the last few months. The anti-malware company spotted a rise in the number of brute-force attacks using the remote access protocol, and said that cyber-criminals have been using it to distribute ransomware.The Remote Desktop Protocol is a proprietary Microsoft protocol that allows people to access Windows from outside the network. Companies often leave their

  • Boris Johnson's pick for national security post attacked as too political

    Former officials question David Frost’s suitability for role as neutral adviserSecurity experts and opposition MPs on Monday condemned David Frost’s appointment as Boris Johnson’s national security adviser, arguing that his political status and lack of direct experience would undermine his effectiveness.Lord Ricketts, the first person to be appointed to the role when it was created in 2010, said it was his job to provide “politically neutral advice” to the prime min

  • Malware Incidents Fall Amid Overall Rise in Security Events Last YearMalware incidents fell by 23% in 2019 despite an overall increase in security events, according to Orange Cyberdefense in its inaugural Security Navigator report. The findings suggest that businesses have grown investment in technologies that protect themselves from these kinds of threats, leading cyber-criminals to shift to other types of attack.Of the security events the cybersecurity company analyzed last year, only 22% were

  • IoT Botnet Developer Gets 13-Month SentenceA Washington man has been sentenced to 13 months behind bars for his part in developing, using and selling access to DDoS botnets based on the infamous IoT malware Mirai.Kenneth Currin Schuchman, 22, of Vancouver, was handed his sentence late last week after pleading guilty last September to one count of fraud and related activity in connection with computers, in violation of the Computer Fraud & Abuse Act.The botnets, known as Satori, Okiru, Masuta

  • Pentagon to give Trump options to reduce troops in Germany

    DefenceTalkDefenceTalkDefense Secretary Mark Esper will present President Donald Trump with a series of options Monday to withdraw thousands of US troops from Germany, with many moving to eastern…

  • Chinese Bank Forces Firms to Download Backdoored SoftwareOrganizations doing business in China have been warned that official looking software mandated for download by domestic banks may actually contain backdoor malware.Trustwave explained in a new report that it discovered several clients had unwittingly installed the GoldenSpy backdoor after agreeing to download the Intelligent Tax software, produced by the Golden Tax Department of Aisino Corporation.Although it worked as advertised, the soft

  • Campaigners Call for Computer Misuse Act Revision on 30th AnniversaryAn open letter has been sent to UK Prime Minister Boris Johnson, asking for an update to the Computer Misuse Act (CMA) as it marks its 30th anniversary of reaching royal assent..Coordinated by the CyberUp Campaign, a group of cybersecurity organizations are pushing for an update of the Computer Misuse Act to make it fit for the digital age.“In 1990, when the CMA became law, only 0.5% of the UK population used the internet

  • Online Learning Platform Exposes Data on One Million StudentsOver one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor.Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured.The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresse

  • Boost NHS mental health youth services to tackle radicalisation, say psychiatrists

    Specialists argue that spending on NHS is as important as counter-terrorism measuresLeading psychiatrists have urged the government to boost public resources for youth mental health to tackle an association between depression or anxiety and sympathies with violent protest and terrorism.Edgar Jones and Kamaldeep Bhui, professors of psychiatry at King’s College London and the University of Oxford, warned that the underfunding of mental health services has left young people with PTSD, anxiety

  • US Bill Proposes Ban on Feds’ Using Facial Recognition TechnologyUS lawmakers have introduced a bill that proposes banning federal law enforcement agencies from using facial recognition and biometric surveillance technology.The Facial Recognition and Biometric Technology Moratorium Act of 2020 was introduced yesterday by Senators Ed Markey and Jeff Merkley. If passed into law, the wide-sweeping bill would make federal funding for state and local law enforcement agencies contingent

  • Fraudster Jailed for Stealing Millions from US Seniors A despicable Brit has been jailed after stealing from America’s elderly to fund his extravagant millionaire lifestyle. Fraudster Gareth David Long was sentenced to 70 months in prison for running an elaborate scheme that claimed more 375,000 victims during a six-month period in 2013. Las Vegas resident Long operated a third-party processing company V Internet Corp from 2008 to 2013 that specialized in the creation and dep

  • $200m Spear Phished from Cryptocurrency Exchanges A newly detected threat group has stolen an estimated minimum of $200m from cryptocurrency exchanges in just two years.The dastardly deeds of cyber-criminal organization CryptoCore were discovered by security firm ClearSky Cyber Security. Recently published research by the company revealed that the threat group has been active since at least May 2018, primarily targeting victims in the United States and Japan. Crypto

  • Australian intelligence raids target lawmaker over China links

    DefenceTalkDefenceTalkAustralia’s spy agency and police raided a lawmaker’s home Friday as they probed alleged Chinese influence operations and Prime Minister Scott Morrison warned the…

  • Pentagon lists firms it says are backed by Chinese military

    DefenceTalkDefenceTalkThe Pentagon has published a list of 20 Chinese companies it says are backed by the military, in the latest instance of a running tit-for-tat economic battle between Washington…

  • Japan confirms scrapping US missile defence system

    DefenceTalkDefenceTalkJapan has scrapped the deployment of a multi-billion-dollar US anti-missile system, the government confirmed Thursday, days after saying the program had been suspended….

  • Microsoft: Patch IIS Bug Now to Protect Exchange ServersMicrosoft has warned Exchange customers to patch their servers urgently after reporting a surge in attacks exploiting an Internet Information Service (IIS) vulnerability.That flaw, CVE-2020-0688, was patched in February, but attackers are still finding victims compromised by such attacks. With access to the targeted server, hackers often deploy a web shell to steal data or perform other malicious actions in the future, explained Hardik Suri

  • European Commission: Still Work to Do on GDPRThe GDPR has successfully met its main objectives but work still needs to be done to improve cross-border investigations, increase regulator resources and address fragmented approaches across the EU, according to the European Commission.The review of the data protection legislation two years on highlights several areas for improvement.One of the most pressing is the need for harmonization across the region. This is because, although the regulation mus

  • Domestic Abuse Victims Exposed in Cloud MisconfigurationThousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.Researchers at vpnMentor led by Noam Rotem and Ran Locar found the voice recordings stored on a publicly accessible AWS S3 bucket.They were traced back to Aspire News, an application built by US non-profit When Georgia Smiled, which features an emergency help section via which domestic abuse victims

  • Police Seize Alleged Bitcoin Raider’s $90m in Assets Police in New Zealand have seized $90m worth of assets belonging to a man wanted for cybercrimes in France and the United States. Alexander Vinnik allegedly masterminded a Bitcoin laundering ring that handled billions of dollars via a digital currency exchange. He is also wanted for some minor crimes in his native Russia.Digital cash allegedly laundered by the exchange is believed to have included $4bn in funds stolen





  • Source link

    Write a comment:
    *

    Your email address will not be published.