Security

0 Comments
Millions of Brits have fallen victim to fraud over the past three years, costing the wider economy an estimated £16bn ($21bn), according to a new study sponsored by Santander UK. The banking giant enlisted the help of cross-party think tank the Social Market Foundation (SMF) to poll 28,000 respondents across 15 European countries, to better understand
0 Comments
Cyber-resilience efforts are lagging among global organizations, partly because they’re failing to get CISOs involved in strategic technology investments, according to PwC. The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report. It found that just 2% of responding organizations have implemented cyber resilience actions across
0 Comments
The US government and global partners have urged action to strengthen the security and resiliency of undersea cable infrastructure, thereby protecting global communications and data from compromise. This includes incorporating cybersecurity best practices in the design of undersea cable infrastructure, reducing the risk of these services being hacked.   The joint statement, endorsed by the
0 Comments
A man has been arrested on suspicion of involvement in the hack of UK railway stations, which resulted in Islamophobic messages being displayed to passengers attempting to connect to public Wi-Fi. The British Transport Police (BTP) revealed that the suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail.
0 Comments
Security experts have repeated warnings not to use work email addresses to sign-up to third-party sites, after finding that thousands of US Congress staffers could be exposed to account hijacking and phishing. Secure mail provider Proton teamed up with Constella Intelligence to search on the dark web for over 16,000 publicly available email addresses associated
0 Comments
Telegram boss Pavel Durov has committed the platform to working more closely with law enforcement, while also cracking down on illegal activity. The Russian-born founder and CEO of the messaging platform said IP addresses and telephone numbers of those who break the app’s rules will be shared with police “in response to valid legal requests.” This is
0 Comments
UK data protection regulator the Information Commissioner’s Office (ICO) has welcomed a decision by LinkedIn to stop training its generative AI (GenAI) models on UK users’ information. Executive director for regulatory risk, Stephen Almond, argued that for organizations to extract maximum value from GenAI, the public must be able to trust that their privacy rights
0 Comments
HSBC claims to have successfully trialed the first application of quantum-secure technology for buying and selling tokenized physical gold. One year after the bank started tokenizing gold bullions using distributed ledger technology (DLT), HSBC announced on September 19 that it successfully tested quantum-secure methods to protect these assets against potential future quantum computing attacks. For
0 Comments
Whoever the next US president is, they will have cyber policy measures to consider implementing in order to protect the US from both nation-state adversaries and cybercriminals. In its fourth annual report on implementation, published on September 19, the US Cyberspace Solarium Commission 2.0 (CSC 2.0) has provided the incoming administration and Congress with a
0 Comments
Security researchers have found new evidence of TeamTNT activity dating back to 2023, despite a commonly held belief that the group “evaporated” in 2022. TeamTNT was a prolific threat actor known for cryptojacking attacks, which use victims’ IT resources to illegally mine for cryptocurrency. The likely German-speaking actor first emerged in 2019 and became infamous for
0 Comments
AT&T has agreed to pay $13m to the US telco regulator to settle a long-running investigation into whether it failed to protect customer data stored in the cloud. The Federal Communications Commission (FCC) explained that the incident stemmed from a supply chain breach in January 2023 when threat actors exfiltrated AT&T customer data from a
0 Comments
Ransomware attacks are surging in the UK, with threat actors possibly encouraged by the propensity of victim organizations to pay up, according to a new study from Cohesity. The security vendor polled over 3100 IT and security decision-makers in eight countries and multiple sectors to compile its Global cyber resilience report 2024. It revealed that,
0 Comments
Socia media giant Meta is resuming its controversial plans to use Facebook and Instagram user posts to train generative AI (GenAI). The practice is effectively banned in the EU at present after the Irish Data Protection Commission (DPC) requested the firm pause its project, in a move Meta branded as “a step backwards for European
0 Comments
A case involving a medical record hack affecting hundreds of patients and employees at a Pennsylvania healthcare company has been settled for a record-breaking $65m. Filed in March 2023, the case involved nearly 135,000 patients and employees of Lehigh Valley Health Network (LVHN), an independent healthcare network based in Pennsylvania. The plaintiffs, represented by class-action
0 Comments
Read more about disinformation campaigns targeting the US Presidential Elections Malicious actors are spreading false claims that US voter registration databases have been breached, according to a new alert issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The agencies said the claims are designed to manipulate public opinion and undermine confidence
0 Comments
Ireland’s data protection authorities have launched a probe into Google’s AI model, and whether it complies with GDPR. The Irish Data Protection Commission (DPC), An Coimisiún um Chosaint Sonraí, is the EU’s lead privacy regulator for Google. The DPC has opened a cross-border statutory inquiry into Google Ireland, under Section 110 of the Data Protection
0 Comments
Nearly all (95%) version upgrades of open source software contain at least one breaking change that causes other components to fail, with patches having a 75% chance of causing a break, according to Endor Labs. The security vendor revealed the findings in its third annual Dependency Management Report, which is based on Endor Labs vulnerability
0 Comments
Microsoft heaped more work onto sysadmins this week after fixing four zero-day vulnerabilities being actively exploited in the wild. First on the list is CVE-2024-43491 – a CVSS 9.8 remote code execution (RCE) bug in Microsoft Windows Update which requires no privileges or user interaction, and of low attack complexity. “This vulnerability emerged due to a
0 Comments
SonicWall customers have been urged to patch a critical vulnerability in their firewalls after security researchers warned it is being actively exploited in ransomware attacks. The CVSS 9.3-rated vulnerability (CVE-2024-40766) was originally published on August 22 by the security vendor, before an update on September 6 claimed it was being actively exploited. “An improper access
0 Comments
Read more about the international crackdown on spyware US Moves to Ban “Anti-Democratic” Spyware US Cracks Down on Spyware with Visa Restrictions Governments and Tech Giants Unite Against Commercial Spyware Global scrutiny on hack-for-hire services and spyware tools has heightened over the past few months, with many countries strengthening their legal response to human rights
0 Comments
A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI. Researchers at software supply chain security firm JFrog believe that the attack, dubbed “Revival Hijack,” could affect 22,000 existing Python packages. That, in turn, could lead
0 Comments
Civil society and journalists’ groups in Europe are calling on the EU to take tougher action against spyware applications. The Center for Democracy and Technology (CDT Europe), and the fellow organizations in a “co-ordination group”, argue that spyware “poses a significant threat to EU democratic values, public debate and healthy civic spaces.” In a joint
0 Comments
The ransomware group BlackByte, believed to be a spin-off of the infamous Conti group, has been observed by cybersecurity experts exploiting a recently disclosed VMware ESXi vulnerability to gain control over virtual machines and escalate privileges within compromised environments.  The pivot, discovered by Cisco Talos Incident Response, shows BlackByte’s ability to quickly integrate new vulnerabilities