The UK’s National Cyber Security Centre (NCSC) and its counterpart Five Eyes agencies have accused a China-based company acting as a front for the state of running a massive botnet comprising over 250,000 internet-connected devices, about 8,500 of them located in the UK. The compromised devices include enterprise network and security tools such as routers…
NCSC exposes Chinese company running malicious Mirai botnet Read More »
The China-backed advanced persistent threat (APT) actor tracked as APT40 has been busy evolving its playbook and has recently been observed actively targeting new victims by exploiting vulnerabilities in small office and home office (SoHo) networking devices as a staging post for command and control (C2) activity during their attacks This is according to an…
Chinese spies target vulnerable home office kit to run cyber attacks Read More »
By Published: 12 Jun 2024 The public cloud is a cloud computing model that enables resources such as applications, data storage, and virtual machines to be accessed remotely and on demand. While largely a benefit, it also leaves organisations open to public cloud security risks, particularly when they allow users to access on-demand services from…
How to ensure public cloud services are used safely and securely Read More »
Former bosses at Copeland Borough Council blame a 2017 ransomware attack for the authority’s failure to submit audited accounts for its final four years of business. As part of local government reform, Copeland was incorporated into the joint Cumberland authority on 1 April 2023.Auditors from Grant Thornton have now also lambasted Copeland for its response…
Sellafield local authority slammed over response to North Korean ransomware attack Read More »
The UK’s National Cyber Security Centre (NCSC) and US partner the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about the evolving threat from Russia-backed hacktivist threat actors targeting critical national infrastructure (CNI), after a number of American utilities were attacked. The NCSC has previously warned over the growth in mercenary activity by…
NCSC updates warning over hacktivist threat to CNI Read More »
Time may be running short for users of Citrix’s NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products who have not yet patched against two recently disclosed vulnerabilities to do so, after cyber researchers started to see elevated levels of activity targeting them. Disclosed on 10 October, and possibly exploited as long ago as August,…
Exploitation of Citrix NetScaler vulns reaching dangerous levels Read More »
The UK’s internet domain registrar, Nominet, has joined up with its counterparts from across Europe to launch a top-level domain information sharing and analysis centre (TLD ISAC) with the aim of strengthening cyber security capabilities and resilience through increased collaboration among TLD operators. The other authorities joining Nominet to launch the European TLD ISAC are…
Nominet and European counterparts link up on intelligence sharing Read More »
Encryption is a key component of everyday life for most people, whether messaging on WhatsApp, shopping online, reading articles over a secure HTTPS connection, or protecting their passwords when logging into an application or website. Within the organisation, preventing unauthorised access and safeguarding privacy relies on the encryption of most of the services used on…
Security Think Tank: A user’s guide to encryption Read More »
To measure the maturity of digital transformation, companies need to review the status of the so-called “three Ws”: workforce, workplace and workloads. That is, having a workforce – which includes all of a company’s business partners and stakeholders – capable of working from anywhere securely and with a good experience, using any workload or tool…
Users of Juniper Networks SRX series firewalls and EX series switches are being warned to patch four different vulnerabilities affecting the Junos operating system (OS) as a matter of urgency after exploitation was detected in the wild. Juniper disclosed the vulnerabilities on 17 August 2023, and issued patches for each of them. Left unaddressed, an…
Threat actors exploiting unpatched Juniper Networks devices Read More »
