0 Comments
The US National Institute of Standards and Technology (NIST) has updated its guidance on supply chain cybersecurity. The revised publication, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, gives organizations key practices to adopt as they manage cybersecurity risks across their supply chains. In particular, it advises organizations to consider vulnerabilities in the components of a
0 Comments
by Paul Ducklin LISTEN NOW Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. [00’23”] Fun Fact. What comes after “123”? [01’57”] World Password Day. (We still need it!) [04’20”] GitHub authentication troubles. [11’55”] This Week in Tech History. Sasser, the sassy Windows worm. [15’55”] Firefox hits
0 Comments
The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations’ most valuable data The conflict in Ukraine has highlighted the risks of cyberespionage and sabotage, which typically involve Advanced Persistent Threat (APT) groups. In this special edition of Week in security, Tony looks
0 Comments
Here’s what you should know about some of the nastiest mobile malware – from malicious software that takes phones and data hostage to RATs that allow hackers to control devices remotely These days, the device in your pocket can do far more than call or send text messages. Your smartphone stores almost every aspect of
0 Comments
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named “Raspberry Robin,” Red Canary researchers noted that the worm “leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.” The earliest signs of the
0 Comments
Privacy and data security concerns have been raised over a plan to link South African phone users’ biometric data to their SIM cards. The proposal by the Independent Communications Authority of South Africa (ICASA) was among a list of draft regulations published by the watchdog for public commentary in March. If approved, it would give
0 Comments
A former executive of eBay has pleaded guilty to taking part in a disturbing cyber stalking campaign waged against a married couple from Massachusetts. The couple’s terrifying experience began after they wrote about eBay in an online newsletter aimed at eBay sellers, which they edited and published.  Under the campaign, parcels with horrifying contents were anonymously sent
0 Comments
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so
0 Comments
Spyware has been detected on the cell phones of Spain’s prime minister, Pedro Sánchez, and the country’s defense minister, Margarita Robles. In a press conference given Monday morning, the Spanish government said that the phones had been infected with Pegasus spyware and extracted data from both devices.  The minister for the presidency, Félix Bolaños, said that the
0 Comments
A Texas school district employee has tendered their resignation after being caught secretly mining cryptocurrency on school premises.  Pings picked up by Galveston Independent School District’s firewall a couple of weeks ago aroused the suspicion of the district’s IT department. An investigation into the activity determined that multiple cryptocurrency mining machines were operating on the
0 Comments
India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. “Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours
0 Comments
The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) are coming together to tackle cyber threats facing the bioeconomy.  The partnership, which aims to protect economic activity in the United States involving the use of biotechnology and biomass in the production of goods, services or energy, was announced on Thursday.