Security

0 Comments
At least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data. The Canadian Centre for Cyber Security (Cyber Centre) confirmed the compromises in its National Cyber Threat Assessment 2025-2026. The Cyber Centre noted that the threat actors targeted information
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA) has published its first ever international strategic plan, designed to boost international cooperation in combatting cyber threats to critical infrastructure. The plan acknowledges the complex and geographically dispersed nature of cyber risks, and the need for threat information and risk reduction advice to be shared rapidly with
0 Comments
Meeting compliance requirements with the EU’s Network and Information Security (NIS)2 Directive has forced many organizations to divert funds from other areas of the business, according to research from Veeam. The cybersecurity firm found that 95% of applicable firms had done so to meet the new requirements. Over a third (34%) of these EMEA-based businesses
0 Comments
The Irish Data Protection Commission (DPC) has issued a €310m ($336m) fine to LinkedIn Ireland Unlimited Company over violation of the EU’s General Data Protection Regulation (GDPR) in relation to the firm’s advertising practices. This decision came after a complaint initially made in August 2018 by a French non-profit organization, La Quadrature Du Net, to
0 Comments
The Change Healthcare ransomware attack has impacted the personal information of 100 million US citizens, updated figures from the US Department of Health and Human Services (HHS) have revealed. The figure means the attack, which began in February 2024, is the largest known data breach of US healthcare records ever recorded. The HHS Office for
0 Comments
Fortinet has confirmed that a critical zero-day vulnerability affecting its FortiManager network management solution is being exploited in the wild. In an October 23 security advisory, the cybersecurity provider shared more information on CVE-2024-47575, a vulnerability allowing threat actors to use a compromised FortiManager device to execute arbitrary code or commands against other FortiManager devices.  This
0 Comments
Nearly 70% of business leaders believe their employees lack critical cybersecurity knowledge, a sharp increase from 56% in 2023.  The figure comes from Fortinet’s latest 2024 Security Awareness and Training Global Research Report, which also suggests that AI-driven cyber-attacks are becoming more difficult for employees to detect. Over 60% of respondents expect a rise in employees
0 Comments
Transak, a fiat-to-crypto payment gateway provider, has reported a security incident which has impacted 92,554 of its users. Attackers gained unauthorized access to one of the firm’s employee laptops through a sophisticated phishing attack. The firm said that the attacker used compromised credentials to log in to the system of a third-party KYC vendor that
0 Comments
Australian businesses now have a list of best practices to refer to when using commercial AI products. The Office of the Australian Information Commissioner (OAIC) published on October 21 guidance on the use of commercially available AI products. The document explains in detail organizations’ obligations when using personal information in the context of off-the-shelf AI
0 Comments
Microsoft has uncovered a macOS vulnerability that can enable attackers to gain access to users’ protected data, and warned active exploitation may be taking place. The flaw, dubbed “HM Surf,” allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology to access sensitive user data, including browsed pages and the device’s camera,
0 Comments
Most of Internet Archive’s services have resumed after a series of distributed denial-of-service (DDoS) attacks took the world’s largest digital library’s website offline several times over the past few days. In a blog post published on October 18, the non-profit confirmed that many services are now up and running, including its Wayback Machine, Archive-It, scanning
0 Comments
Meta’s Instagram has announced new security measures to protect people on its platform from sextortion scams. Sextortion is a crime where scammers threated to expose intimate imagery of their victims if they do not comply with the criminal’s demands, typically financial payment. These features included hiding follower and following lists from potential sextortion scammers, preventing
0 Comments
North Korean threat actors have adopted new tactics to escalate fake IT worker insider attacks, including extorting their former employers, researchers from Secureworks have found. The cybersecurity firm said the development, attributed to the Nickel Tapestry threat group, marks a significant deviation from previously established tactics. In many earlier North Korea fake IT worker schemes,
0 Comments
Cyber-threats are escalating beyond the collective ability to defend against them, new UK National Cyber Security Centre (NCSC) head Dr Richard Horne has warned. In his first international speech at Singapore International Cyber Week, Horne said that increased dependence on technology is widening the gap between the escalating threats to societies, critical services, and businesses,
0 Comments
A new sophisticated malicious campaign is using an undetected Cerberus Android banking Trojan payload, according to cybersecurity provider Cyble. In a new report published on October 14, Cyble Research and Intelligence Labs (CRIL) identified 15 malicious samples posing as Chrome and Play Store apps from mid-September through the end of October. These samples use a multi-stage
0 Comments
Japanese game developer Game Freak, the firm behind the Pokémon franchise, has suffered a security breach exposing the data of 2606 employees and partners. The leak first appeared on forum 4chan in early October and is now circulating on social media and online forums under the name ‘TeraLeak’, following the naming trend of the 2020
0 Comments
The world’s most famous digital library has suffered a series of cyber-attacks that rendered its site, including its Wayback Machine, temporarily unavailable and exposed the data of 31 million users. On October 8, 2024, Internet Archive founder, Brewster Kahle, confirmed on X that archive.org was hit by a distributed denial-of-service (DDoS) attack before announcing a
0 Comments
The Australian government has introduced the country’s first standalone cybersecurity law to Parliament. The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment. The Cyber Security Bill 2024 covers a range of areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical
0 Comments
Sellafield Ltd has been fined £332,500 ($437,440) for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England. The fine was issued by Westminster Magistrates Court following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20
0 Comments
The Police Service of Northern Ireland (PSNI) has been criticized for procedural failings that exposed the personal data of its officers and other staff. Meanwhile, a fine of £750,000 ($984,000) has been issued by the Information Commissioner’s Office (ICO). The data protection watchdog highlighted the significant harm and distress caused to personnel by the incident,
0 Comments
Meta has announced what it claims to be a “first-of-its-kind” information-sharing agreement with UK banks in a bid to arrest a growing social media fraud epidemic. The Fraud Intelligence Reciprocal Exchange (FIRE) will see high street lenders share threat intelligence with the social media giant so that it can take more targeted action to remove