Over two-thirds of UK firms have fallen victim to a cyber-attack over the past year, with many claiming they don’t get enough guidance from the government on how to combat threats, according to RedSeal. The security vendor polled over 500 UK IT professionals from mainly SMBs to better understand their cyber-resilience levels. Some 68% claimed

by Lisa Vaas In a year in which facial recognition has made massive strides to invade personal privacy and settle in as a favored tool for government surveillance, Microsoft isn’t just open to government regulation; it’s asking for it. On Thursday, in a speech at the Brookings Institution, Microsoft President Brad Smith warned about facial

According to the EU GDPR (General Data Protection Regulation) Implementation Review Survey conducted by IT Governance, six months after the GDPR went into effect, the majority of organizations are failing to implement the mandatory regulations. The study included 210 responses from participating organizations ranging in size from fewer than 10 to more than 1,001 employees from across

by Lisa Vaas VTech, the Hong-Kong-based smart-toy maker has hit another bump in the road. This time around, it’s a serious security flaw in the software of VTech’s flagship tablet, the Storio Max, which is called the InnoTab Max in the UK. The flaw could allow hackers to remotely take control of the device and

A series of cyber-robbery attacks have been targeting financial organizations in Eastern Europe, according to new research from Kaspersky Lab. Researchers found that the series of attacks, dubbed DarkVishnya, have affected at least eight banks in the region, with estimated losses running into the tens of millions of dollars. Based on data collected through Kaspersky Lab’s

by John E Dunn If you’re among the holdouts still running Flash, you have some more updating homework to do. Adobe has issued an out-of-band patch after researchers spotted a Flash zero-day flaw being exploited in the wild. The discovery was made by Qihoo 360 which on 29 November noticed a targeted APT (Advanced Persistent

Over two-fifths of organizations have fallen victim to a so-called Business Process Compromise (BPC) attack, despite widespread ignorance from senior execs about the threat, according to Trend Micro. The security giant polled over 1100 IT decision makers responsible for security across the UK, US, Germany, Spain, Italy, Sweden, Finland, France, Netherlands, Poland, Belgium and the

by Paul Ducklin On the Naked Security podcast this week: Marriott’s huge and scary data breach, a bug in software management software could be a data thief’s goldmine, and a self-righteous “hacker” prints out an advert on 50,000 internet printers. With Anna Brading, Mark Stockley, Matthew Boddy and Paul Ducklin. LISTEN NOW (Audio player above

Speaking at Black Hat Europe in London, Nahman Khayet, security researcher and Shlomi Boutnaru, CTO at Rezilion, explored the current cybersecurity skills shortage and its link to the education system. Khayet explained that there are three main characteristics of security experts, which are ‘thinking outside the box,’ ‘adversarial thinking’ and ‘technical knowledge.’ He also cited

by Danny Bradbury Kubernetes, a tool that powers much modern native cloud infrastructure, just got its first big security bug – and it’s a mammoth one. The flaw could give an attacker unfettered access to the software applications that rely on the tool to operate. Kubernetes is a software tool that manages large numbers of

Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its

by John E Dunn Are the underpinnings of HTTPS security as foolproof as everyone assumes they are? The answer should be a resounding ‘yes’ unless, that is, you happen to be one of a small group of researchers who spend their time formulating what have come to be known as Bleichenbacher or Vaudenay padding oracle

Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files. Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help them recover from ransomware like Dharma/Crisis, for which there is no known

by Lisa Vaas A battle for who owns the YouTube crown for top channel has been waged over the past few months between fans of Swedish video game commentary celebrity Felix “PewDiePie” Kjellberg and of the Bollywood label T-Series. This is getting serious: It’s one thing when a fan launches a PewDiePie “Bro Army,” structured

There has been an increase in the volume of cybercrime incidents reported to English police of 14% over the past two financial years, according to a new report. Think tank Parliament Street filed Freedom of Information (FOI) requests with the country’s police forces, asking for a breakdown of Computer Misuse Act crimes which involve hacking,

by Lisa Vaas Fifteen US prison inmates have been indicted for posting pictures of girls on dating sites and sextorting hundreds of military personnel who fell for the phony profiles after sending nude photos to their victims. To cap off the scam, the prisoners posed as the girls’ fathers and threatened to report them for

Hackers are deep in the spirit of exploiting the holidays for financial gain, which is why it’s unsurprising that yet another new type of spear phishing attack has emerged, in which attackers are posing as CEOs to trick office managers, executive assistants and receptionists into sending them gift cards, according to email security researchers at Barracuda

by John E Dunn The US Department of Justice has charged eight men from Russia and Kazakhstan with running a vast ad-fraud scheme that milked a total of $36 million from advertisers. Three of the accused – Aleksandr Zhukov, Sergey Ovsyannikov and Yevgeniy Timchenko – have been arrested in different countries pending extradition to the

New research from the Ponemon Institute, in partnership with DocAuthority, found that IT security departments are underestimating the value of business documents by hundreds of thousands of dollars. In a newly published report, the Ponemon Institute found that despite being responsible for their management and protection, IT security departments are undervaluing a range of business

by Mark Stockley Marriott has today revealed that its Starwood guest reservation database has been subject to unauthorised access “since 2014”. The scope of the data breach is huge, covering nearly five years and approximately 500 million guests. The company has created a website to deal with the breach at info.starwoodhotels.com (note that at the time of

Hotel chain Marriott has confirmed widespread reports of a significant data breach with the sensitive details of 500 million customers possibly compromised. In an online statement, the company said: “On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security

by Lisa Vaas A popular massage-booking app has spilled the beans on 309,000 customer profiles, including comments from their masseurs or masseuses on how creepy their customers are. The app’s wide-open, no-password-required database was discovered by researcher Oliver Hough, who tipped off TechCrunch. Hough said in a tweet on Tuesday that the breach was caused

Two Iranian men have been indicted for a string of ransomware attacks over the past three years, causing $30m in losses to over 200 organizations, mainly in the US. Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of operating the infamous SamSam ransomware variant which targeted notable organizations including the Hollywood

by Paul Ducklin We’re sure you know what ransomware is by now. ICYMI, ransomware is malicious software that scrambles your files with a randomly generated cryptographic key… …and then sends the one and only copy of that decryption key to the crooks. Who promptly offer to sell it back to you so that you can

The US authorities are claiming victory after dismantling two global cybercrime rings and indicting eight men on charges connected with running a major ad fraud operation. Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko were charged with wire fraud, computer intrusion, aggravated identity theft, money laundering

by Danny Bradbury Just what is going on over in Redmond? Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with a November Patch Tuesday update that promptly borked it. On 13 November, Microsoft released a security update, KB4461529, which fixed four security vulnerabilities.

‘Tis the season for cyber-scams, according to the new Holiday Threat Report from Carbon Black. The report compared cyber-attack data over the last two years and found that once cyber-attacks spike on Cyber Monday, they will likely remain elevated throughout the holiday season. The holiday season of 2016 saw a 20.5% surge in attempted attacks, but

Law enforcement agencies across the EU have successfully shut down more than 33,600 internet domains distributing counterfeit or stolen items, according to a press release published today by Europol. Europol announced that its Intellectual Property Crime Coordinated Coalition (IPC3) seized 33,654 domain names that had been selling contraband, including counterfeit pharmaceuticals, pirated films, television shows,

Facebook has again made headlines after the UK Parliament leveraged its legal right to demand documents alleged to include confidential email exchanges between top executives, as well as correspondences with CEO Mark Zuckerberg, according to The Guardian. The documents are believed to contain the details of Facebook’s data and privacy controls prior to the Cambridge Analytica

Uber has been hit with a £385,000 fine by the UK’s data protection regulator after a notorious breach in October/November 2016 which affected over 2.7 million customers and drivers. The Information Commissioner’s Office (ICO) branded the incident the result of “a series of avoidable data security flaws.” The hackers managed to obtain username and password combinations previously