It has long been held that a surefire way for anybody to protect themselves – and their employer – from falling victim to a cyber attack was not to download any unexpected email attachments, but according to email security specialist Mimecast, cyber criminals seem to be moving away from this tactic. In the first six…
Phishing links becoming bigger threat than email attachments Read More »
Over the first seven-and-a-half months of 2024, the number of newly-disclosed common vulnerabilities and exposures (CVEs) soared 30% year-on-year from 17,114 to 22,254, according to data published by Qualys researchers. However, out of this huge number of flaws, barely a hundredth – 204 or 0.9% – were weaponised by threat actors, said Qualys, the majority…
2024 seeing more CVEs than ever before, but few are weaponised Read More »
On Friday 19 July 2024, the UK awoke to news of a fast-spreading IT outage, seemingly global in its nature, affecting hundreds – if not thousands – of organisations. The disruption began in the early hours of Friday morning in Australia, before spreading quickly across Asia, Europe and the Americas, with the travel industry among…
CrowdStrike update chaos explained: What you need to know Read More »
Hamas hacked into video streams from private security cameras in Israeli homes to gather intelligence before fighters descended on Israeli settlements near the Gaza strip on 7 October 2023, according to the Israel National Cyber Directorate (INCD). For Gaby Portnoy, director general of the INCD, the hacking was no surprise: “But it went deeper than…
Lessons from war: How Israel is fighting Iranian state-backed hacking Read More »
The China-backed advanced persistent threat (APT) actor tracked as APT40 has been busy evolving its playbook and has recently been observed actively targeting new victims by exploiting vulnerabilities in small office and home office (SoHo) networking devices as a staging post for command and control (C2) activity during their attacks This is according to an…
Chinese spies target vulnerable home office kit to run cyber attacks Read More »
Some of the most prominent malware-dropping botnets in operation today, including Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC and Trickbot, have been disrupted in a coordinated law enforcement action orchestrated through the European Union’s (EU’s) Europol agency. Operation Endgame, which enlisted the support of both the UK’s National Crime Agency (NCA) and the US’s FBI, as well…
In what is turning into a tumultuous period for the cyber criminal underground, the ALPHV/BlackCat ransomware crew has turned off its server infrastructure in an apparently self-imposed takedown, amid allegations that the group’s ringleaders had stolen millions of dollars from an affiliate that recently attacked an American healthcare services provider. The takedown at first appeared…
ALPHV/BlackCat gang vanishes amid ransomware ‘turmoil’ Read More »
Nation states have been identified shopping on Russian cyber crime forums for malware they can use to wipe computers of data in hostile hacking attacks. Russian-speaking hacking forums, including Exploit and XSS, run black markets in tools and services used by cyber criminals intent on making money by hacking computer systems and stealing data. According…
Nation states buying hacking tools from underground Russian cyber forums Read More »
The age of malware-driven cyber attacks has peaked, at least when it comes to incidents affecting small and medium-sized enterprises (SMEs), where over half (56%) of attacks observed in the third quarter were “malware-free”, meaning adversaries leveraged scripting frameworks and legitimate tools instead of deploying malware payloads. This is according to a quarterly SME threat…
Over half of SME cyber incidents now ‘malware-free’ Read More »
Automotive industry leaders are struggling with competing cyber risk and security priorities, and as such, many are increasingly concerned that their organisations will be unprepared for new, United Nations (UN)-backed vehicle safety regulations that come into force next year, leaving drivers exposed to unacceptable security risks. The United Nations Economic Commission for Europe World Forum…
As vehicle safety regulations loom, carmakers fret over cyber risks Read More »
