A remote code execution (RCE) vulnerability in the React JavaScript library, which earlier today caused disruption across the internet as Cloudflare pushed mitigations live on its network, is now being exploited by multiple threat actors at scale, according to reports. Maintained by Meta, React is an open source resource designed to enable developers to build…
Cyber teams on alert as React2Shell exploitation spreads Read More »
Working in the cyber security industry has always been high-pressure but we have seen that pressure intensify. Advancing threats, expanded attack surfaces, rising workloads and a global skills shortage are all having a negative effect on the mental health of many cyber security professionals. According to Hack The Box’s 2024 research, a staggering 84% of…
We need to build psychological readiness into cyber security Read More »
If you crank up the Wayback Machine and load the websites of today’s biggest managed security service providers (MSSPs), you’ll get a neat reminder of a time before the huge proliferation in services that we see today. Most providers offered only a handful of services then, compared to the dozens they do now. If that…
Jack of all managed security services, or master of none? Read More »
In the wake of four young people being arrested over suspected involvement in the recent Marks & Spencer, Co-op and Harrods ransomware attacks, it is easy to rush to censure those responsible for the disruption caused. But are we being too hasty in our condemnation? In an era of ongoing skills shortages, high numbers of…
Financially motivated threat actors – including ransomware crews – remain the single biggest source of cyber threat in the world, accounting for 55% of active threat groups tracked during 2024, up two percentage points on 2023 and 7% on 2022, demonstrating that cyber crime really does, to a certain extent, pay. At least, this is…
Financially motivated cyber crime remains biggest threat source Read More »
In the wake of the abrupt termination of the Mitre contract to run CVE Programme, a group of vulnerability experts and members of Mitre’s existing CVE Board have launched a new non-profit with the intention of safeguarding the programme’s future. The CVE Foundation’s founders want to ensure the continuity, viability and stability of the 25-year-old…
CVE Foundation pledges continuity after Mitre funding cut Read More »
September 2020: An affiliate of the ransomware company REvil reveals the details of a cyber attack he carried out a few months earlier against the French company Elior. At the time, ransomware was already a significant threat, but nowhere near the scale it was about to take on. It was at this time, however, that…
Ransomware: from REvil to Black Basta, what do we know about Tramp? Read More »
By Published: 12 Jun 2024 The public cloud is a cloud computing model that enables resources such as applications, data storage, and virtual machines to be accessed remotely and on demand. While largely a benefit, it also leaves organisations open to public cloud security risks, particularly when they allow users to access on-demand services from…
How to ensure public cloud services are used safely and securely Read More »
Microsoft has learned an important lesson after having to clean up a major data leak resulting from an “overly permissive” shared access signature (SAS) token accidentally disclosed by one of its employees. The incident took place in June 2023, when a Microsoft researcher shared a URL for an Azure Blob store in a public GitHub repository…
38TB Microsoft data leak highlights risks of oversharing Read More »
