Industry News

28.08.15 - Man arrested after posting Facebook videos of him tampering with traffic cameras
Have you ever wished that hackers would find a way to attack the massive license plate reader databases that the government's tracking us with?
26.08.15 - Most corporate risk due to just 1% of employees
Just 1 percent of employees are responsible for 75 percent of cloud-related enterprise security risks
26.08.15 - Thomson's apology for data breach "not good enough"
ICO is investigating security lapse, while email recall success is called into question
25.08.15 - Unmanaged Apple devices pose a liability to corporations
Research from Centrify says a lack of encryption and weak or shared passwords on Apple devices are exposing sensitive corporate and customer details in the workplace.
25.08.15 - Aviva 'revenge' phone hacker jailed for 18 months
A man has been jailed for 18 months for hacking into 900 phones belonging to the insurance company Aviva.
24.05.15 - Samsung smart fridge leaves Gmail logins open to attack
Failures in exploit discovery process are cold comfort for IoT fridge owners
23.08.15 - Thomson holiday data breach reveals 500 customer details
Personal details revealed after email sent in error
23.08.15 - Wi-Fi at DEF CON - dealing with the worlds most dangerous network
The wireless network at the DEF CON hacker conference has been called the most dangerous in the world. Members of the press were warned beforehand that "This is a Hacker Con, so consider the public network at DEF CON profoundly hostile! ... keep your Wi-fi and Bluetooth disabled as much as possible."
21.08.15 - Microsoft will explain only 'significant' Windows 10 updates
Microsoft is offering the choice between terrible or woeful security
21.08.15 - Google ordered to remove news links by UK authority
Google has been ordered to remove nine links to news stories by the UK's Information Commissioner's Office (ICO) under the "right to be forgotten".
21.08.15 - UK Dating Site Possibly Compromised
There is a new trend in town and it revolves around hackers compromising the personal information of members of various dating sites.
20.08.15 - Ashley Madison: Leaked accounts fallout deepens
Data from the Ashley Madison website breach has flooded on to the web, leaving thousands of people fretting about the potential consequences.
20.08.15 - Bank of England encourages increase of cyber-attack protection
After bank governor Mark Carney warned that cyber-attacks were a key risk to the financial sector, questionnaires were sent along to the UK's largest firms asking about their defences against online threats.
20.08.15 - Five myths of industrial control system security
Despite growing awareness of cyber-based attacks on industrial control systems, many IT security models continue to adhere to the outdated belief that physically isolating systems and 'security by obscurity' is enough, says David Emm.
18.08.15 - Healthcare helps data breaches soar 16%
Advocates of tougher information protection laws have received a boost in the shape of new figures showing data breaches in the UK to be firmly on the rise.
18.08.15 - Security researchers reveal car hack after two-year injunction
Researchers have demonstrated how a flaw in a car security system could allow a vehicle to be stolen. The system is used in the cars of several manufacturers including Volkswagen, Audi, Fiat, Honda, and Volvo. However, details of the vulnerability have up until now been blocked thanks to an injunction in a UK court.
07.08.15 - FORUM: Managing risk arising from BYOD and telecommuting
FW moderates a discussion on managing risk arising from BYOD and telecommuting between Mike Gillespie at Advent IM Ltd, Sam Pfeifle at IAPP, and Raj Samani at Intel Security.
06.08.15 - Android security breach puts millions at risk of smartphone hijacking
Security firm Check Point discovers flaw that allows malicious apps to gain privileged access to devices
06.08.15 - Cyber attacks 'as big a threat to new warships as missiles and torpedoes'
The new Type-26 Global Combat Ship has been designed to protect its weapons, engines and systems from cyber warfare.
06.08.15 - ICO fines nationwide money lender The Money Shop £180,000
The ICO has issued a £180,000 civil monetary penalty to The Money Shop after the company lost computer servers containing details of several thousand customers.
05.08.15 - A skateboard with Bluetooth? Yep, that can be hacked with FacePlant
Two security researchers have revealed that they have found a way to hack into the Bluetooth controllers of electric skateboards, seizing control, and potentially sending their riders crashing to the ground.
04.08.15 - 5 most vicious cyberattacks on global governments
After a hack on the German federal prosecutor's office, we review other damaging hits.
04.08.15 - Auto industry on collision course with cyber hackers
The car industry is fast approaching a dangerous crossroads. As automakers embrace the digital age, there is growing evidence that cyber security may have been left behind in the race to incorporate the latest technology into new models.
04.08.15 - Security Think Tank: Security needs to be part of change management processes
‘Collaboration’ is a buzzword in the world of cyber security. International collaboration is seeing countries working together to successfully bring down cyber terrorists and hackers. Domestic collaboration is seeing leading businesses and governments striving to implement common cyber security practices such as ISO27001, PCI-DSS and Cyber Essentials.
04.08.15 - Windows 10 Spammers Hit Users with Ransomware
Security experts are warning Windows fans not to fall for a new spam campaign designed to trick users waiting for the new version of the OS to open an attachment crammed with ransomware.
03.08.15 - Calls mount for Hillary Clinton criminal investigation amid email data breach fears
Critics say former secretary of state’s actions compare unfavorably to David Patreaus’
03.08.15 - Europol takes down Italian Darknet service used to share child porn
Europol has helped to close a Darknet hidden web service used by cybercriminals to share material depicting the sexual abuse of children, in addition to selling services used for fraud, computer hacking and drugs.
03.08.15 - Windows 10 Spammers Hit Users with Ransomware
Security experts are warning Windows fans not to fall for a new spam campaign designed to trick users waiting for the new version of the OS to open an attachment crammed with ransomware.
01.08.15 - This hospital drug pump can be hacked over a network – and the US FDA is freaking out
Doctors told to stop using kit as open ports put patients at risk
31.07.15 - ecurity company failed to encrypt its customers’ most sensitive data.
Forget about Financial services and Online shopping websites, but at least we expect from Security Firms and Antivirus vendors to keep our personal and Sensitive data Encrypted and Secured.
31.07.15 - UK Supreme Court to re-consider compensation rights under Data Protection Act
This week, Google has been granted permission to appeal to the UK Supreme Court as part of the decision in Google Inc. v. Vidal-Hall & Others (2015). This is about rights to claim compensation for breaches of the Data Protection Act.
31.07.15 - Cyber attack hits RBS and NatWest online customers on payday
Banking group says Distributed Denial of Service attack prompted flood of complaints from customers
30.07.15 - Chinese hackers behind OPM megabreach also pwned United Airlines
Possibility of Beijing-sponsored triple hack makes industry sit-up, gulp, take notice
30.07.15 - See how a self-aiming sniper rifle can be remotely hacked
I’m not clear why any regular member of the public would really need a sniper rifle, let alone one which has a computer running Linux embedded inside it.
29.07.15 - Black Vine: Formidable cyberespionage group targeting aerospace, healthcare since 2012
Earlier this year, the second largest health insurance provider in the US publicly disclosed that it had been the victim of a major cyberattack. The attack against Anthem resulted in the largest known healthcare data breach to date, with 80 million patient records exposed.
29.07.15 - Only 41 per cent of local government employees believe they’re protected against cyber-crime threat
Only 41 per cent of local government employees believe that their current IT security practices would offer suitable protection against cyber crime, a new report has suggested.
29.07.15 - Is your data safe with new Argos mobile trade-in?
When you trade-in your device for Argos vouchers, will you also be handing over your personal & corporate data?
27.07.15 - TV5Monde in chaos as data breach costs roll into the millions
French broadcaster TV5Monde is still without Internet and other key IT functions three months after a nation-state hacker took control of its TV channels and hijacked social media accounts. Meanwhile, the data breach costs are mounting up
25.07.15 - Fiat Chrysler recall: Hackers expose Jeep security flaw
Fiat Chrysler has issued a safety recall affecting 1.4m vehicles in the US, after security researchers showed that one of its cars could be hacked.
24.07.15 - What made the world's first cyber weapon so destructive?
21st century warfare - In 2009, a malicious computer program smashed through a nuclear plant in Iran. The 'worm' – now known as Stuxnet – took control of 1,000 machines involved with producing nuclear materials, and instructed them to self-destruct.
23.07.15 - Surveillance of MPs' data challenged
Three politicians will challenge the lawfulness of the intelligence services' bulk interception of electronic data at a hearing later.
23.07.15 - HMRC launches Cyber Security Command Centre
HM Revenue and Customs (HMRC) might not be everybody's best friend but it is ahead of the curve on information security. The tax office recently launched a new cyber-security command centre and is engaging in a clever new phishing training programme.
23.07.15 - 'British Gas' and 'Home Office' email ransomware warning
A new spate of ransomware attacks is threatening to lockdown yet more computers, according to the National Fraud Intelligence Bureau (NFIB).
23.07.15 - Smartwatches a new frontier for cyber attack, HP study shows
Ten smartwatches tested by HP Fortify contained significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns
23.07.15 - Japan to train thousands on cyber-security ahead of 2020 Olympics
Japan will train approximately 50,000 people in the public and private sectors on cyber-security ahead of the 2020 Summer Olympics in Tokyo, according to local reports.
22.07.15 - Government to monitor social media activity
The government will start monitoring social media feeds with Facebook, Twitter and blogs. With the project, they will attempt to oversee public opinion by employing several companies that possess the proper data gathering tools to take on this huge task for analysis.
22.07.15 - Lottery IT security boss guilty of hacking lotto computer to win $14.3m
Iowa state lottery's IT security boss hacked his employer's computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw.
22.07.15 - Pakistan wants to copy GCHQ and eavesdrop on world+dog's comms
Pakistan's intelligence agencies want to snoop on all communications crossing its borders.
22.07.15 - Drone pilots warned after close call with passenger jet
A "near miss" between a passenger jet and a drone has prompted warnings about safe use of the hobby aircraft.
21.07.15 - Information security governance maturing, says Gartner
Increasing awareness of the impact of digital business risks, coupled with high levels of publicity regarding cyber security incidents, is making IT risk a board-level issue, says Gartner.
21.07.15 - Average DDoS attack size increasing, Arbor warns businesses
While extremely large DDoS attacks grab the headlines, it is the increasing size of the average attack that is affecting enterprises, warns Arbor Networks
21.07.15 - Zero-day in Fiat Chrysler feature allows remote control of vehicles
Fiat Chrysler owners should update their vehicles' software after a pair of security researchers were able to exploit a zero-day vulnerability to remotely control the vehicle's the engine, transmission, wheels and brakes among other systems.
20.07.05 - “Cyber risk is Number One concern for UK insurers” outlines new CSFI/PwC Survey
According to the annual ‘Banana Skins’ survey of perceived risks to the sector conducted by the Centre for the Study of Financial Innovation* (CSFI) and PwC, cyber risk tops the list of concerns for UK insurers.
20.07.15 - Ashley Madison infidelity site's customer data stolen
Customer data has been stolen from Ashley Madison, a dating website for married people who wish to cheat on their spouse.
20.07.15 - Drones hamper US firefighting efforts
US firefighters have condemned drone owners who flew their craft near forest fires and grounded helicopters being used to douse flames.
18.07.15 - CVS shutters photo website in credit-card hack attack scare
Updated US drugstore chain CVS has shut down its online photo printing service after it was compromised by hackers, who may have swiped people's bank card details.
17.07.15 - NCCU head: Up-skilling officers on cyber-crime our biggest challenge
Dr Jamie Saunders, director of the National Crime Agency's National Cyber Crime Unit (NCCU), says that UK police is making strides in bringing cyber-criminals to justice, but admits more can be done to up-skill officers, improve reporting mechanisms and to help local forces.
17.07.15 - Update: DRIPA declared unlawful
Any future surveillance and data access on UK citizens is expected to require prior approval from an independent administrative or judicial body in accordance with EU law following a ruling in the Divisional Court today that the Data Retention and Investigatory Powers Act 2014 (DRIPA) is unlawful.
16.07.15 - UK minister: Cyber-security a 'priority' for government, but no ban on encryption
16.07.15 - UK minister Ed Vaizey has dismissed media reports that the Conservative government plans to ban encryption, whilst also promising that cyber-security remains a 'priority' in Whitehall.
16.07.15 - Morrisons employee leaked details of store staff
After being warned against using the mailroom to send out private parcels, former Morrison employee, Andrew Skelton, 43, leaked bank and personal data of nearly 100,000 supermarket staff.
16.07.15 - European passenger data rules cleared for take-off
Draft EU rules on sharing and protecting passenger name records (PNR) of people flying in and out of Europe have been approved by the civil liberties committee. They would not apply to flights between EU countries.
16.07.15 - UK leads critical infrastructure cyber security, but change still needed
There is a need for cultural change at energy companies to ensure everyone understands the importance of cyber security, says National Grid security manager
16.07.15 - UK government launches cyber-security initiatives for SMEs and students
The UK government today launched a new set of initiatives designed to improve SME information security, public and private sector cooperation and to encourage more people to join the industry.
16.07.15 - Darkode hacking forum forced offline
Darkode - a notorious hacking forum used by Lizard Squad and other cybercriminals - has been shut down after an investigation carried out by authorities in 20 countries.
15.07.15 - The obstacles to software-as-a-service adoption in banking
Security tops the reasons why banks don't use software as a service for banking-specific applications
15.07.15 - Epic Games forums hit by hack; some user data stolen
In an email to forum members, the game maker said its gaming communities had been "compromised by a hacker," leading to the theft of registration data, such as usernames, email addresses, and passwords.
15.07.15 - British Gas bows to criticism over blocking password managers
British Gas has acknowledged pressure coming from the cyber-security profession and agreed to take another look at its policy toward password managers.
15.7.15 - Collaboration key to defeat cyber threats, says Cert-UK
The Cisp uniquely provides the opportunity to see what is happening across all industry sectors, join the dots and share insights, says Cert-UK
14.07.15 - Anyone still running Windows Server 2003 is now at risk
Businesses still running Windows server 2003 are vulnerable to attack from hackers looking to exploit security holes
14.07.15 - Sixty-five THOUSAND Range Rovers recalled over DOOR software glitch
Jaguar Land Rover is recalling no less than 65,000 of its SUVs due to a software problem that caused the cars' doors to unlock themselves - potentially while in motion.
14.07.15 - Android users not securing devices, survey shows
Nearly half of Android users polled are not using a security app on their smartphone, with same proportion saying they did not know they needed a security app
14.07.15 - Look beyond the darknet to manage supply chain risk
Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company.
14.07.15 - Information security advice for Team Sky following Chris Froome 'data breach'
Cycling's Team Sky has called in lawyers to investigate the possible theft of performance data for team leader Chris Froome.
13.07.15 - OPM repercussions might never be fully understood, says former White House cybersecurity advisor
The data breaches at the Office of Personnel Management (OPM) affected approximately seven percent of the U.S. population, and while the exact number of victims was quantified last week, the total theoretical impact of the breaches likely won't be known for years.
13.07.15 - Mandarin Oriental says 10 properties impacted in credit card breach
Mandarin Oriental Hotel Group said Friday that 10 of its properties were affected in a malware attack on its credit card systems.
13.07.15 - Stuxnet-style attack on US smart grid could cost government $1 trillion
A new report into the insurance implications of a wide-scale cyber-attack on the US energy sector reveals just how costly the breach would be for government and insurers.
10.07.15 - UK sales teams are the most exposed to cyber attacks, study reveals
UK sales staff, callcentre agents and customer services teams are among the most highly targeted by cyber attacks, yet few firms give these groups IT security training, a study shows
10.07.15 - NYSE shutdown caused by engineers loading wrong software to system
New York Stock Exchange admits three-and-a-half-hour suspension of trading was related to a new software update and was not the result of cyber-attack
10.07.15 -Hacking Team Warns Hacked Data And Codes Can Be Used By Cybercriminals And Terrorists
It has not taken long for unscrupulous individuals to take advantage of the 400 GB of data dumped online after the cyber attack on Hacking Team's servers
10.07.15 - Three UK politicians 'hacked' using insecure WiFi services
Internet security provider F-Secure has exposed the risk of using public WiFi hotspots by carrying out an experimental hack on three British politicians.
09.07.15 - ICO will look into Edinburgh City Council data breach
Watchdog says it is aware of hack that lost 13,000 people's emails
07.07.15 - Met Police chief admits cyber-crime difficulties
Metropolitan Police Commissioner Sir Bernard Hogan Howe admits that the UK police are still "skimming the surface" when it comes to tackling cyber-crime, a view that is shared by security experts.
30.06.15 - Security Think Tank: Keep it simple and risk-based to secure collaboration
How can businesses of all sizes ensure that employees are able to collaborate effectively without the risk of compromise to the company IT network or systems?
26.06.15 - Stolen logins for US government agencies found all over the web
CIA and Google Ventures-backed private company Recorded Future says stolen government login credentials have been spotted all over the web, leading to the possible exposure of logins for 47 US government agencies spread across 89 unique domains.
25.06.15 - Report claims the Sony cyberattack was pretty much all Sony’s fault
Last November, Sony Pictures Entertainment became the victim of one of the largest cyberattacks in U.S. history, with a group calling itself Guardians Of Peace infiltrating the company’s networks, stealing terabytes of data, and then wiping it from the system. The attack was a massive blow for the company...
25.06.15 - Cyber crime: PSNI say hack attack almost shut NI firm
A Northern Ireland company employing 20 people was almost forced to close after its computer systems were hacked by an international crime gang, police have revealed.
25.06.15 - Data breaches could cost UK businesses £20bn
Mid-sized and large businesses could be in line for fines totalling £20bn if they fail to protect their customers from data breaches, research from Experian has revealed.
22.06.15 - Cyber attack leaves Polish airline grounded, passengers stranded for hours
An unknown group of hackers infiltrated an airline's flight plans and temporarily grounded an estimated 1,400 passengers at Warsaw’s Frederic Chopin airport on Sunday.
22.06.15 - Hackers steal data using gadget inside pitta bread
Secret encryption keys can be stolen using a cheap gadget so small it could be concealed inside some pitta bread
W22.06.15 - wearable fitness trackers tested for data leakage and poor security
Independent IT security testing authority has put nine different fitness trackers under the microscope, in order to explore how well they are protecting users' data.
21.06.15 - Lib Dems launch investigation into Norman Lamb campaign
The Liberal Democrats have launched an investigation into allegations Norman Lamb's leadership campaign team may have breached data protection rules.
19.06.15 - Canada government websites taken down in cyber attack
Hacking group Anonymous takes responsibility for bringing down the website for government services and the Canadian spy agency’s site
12.06.15 - RIMS Cyber Survey 2015: 51% of members have stand-alone cyber insurance policies
Every day the reports of cyber attacks become more alarming. According to a federal employee union, as reported by AP, on June 11 the recent cyber attack of Office of Personnel Management data gave the hackers access to personal identifiable information about every government employee. No one can be sure what’s next, but one thing is for sure: risk managers have to be prepared for a cyber incident sooner rather than later.
11.06.15 - Indie review of UK surveillance laws: As you were, GCHQ
The response to multiple threats faced by the UK “depends on entrusting public bodies with the powers they need to identify suspects”, said David Anderson QC, the Independent Reviewer of Terrorism Legislation, in his long-awaited review of the country’s anti-terrorism laws, while giving GCHQ no reason to stop mass-surveillance.
10.06.15 - Met Police failed on cyber crime, says top fraud officer
The chief of the Metropolitan Police Service's fraud squad Falcon admits the Met's policing of online fraud and cyber crime has not been good enough in the past
10.06.15 - Brabantia bins customer passwords as it admits data breach
Bins manufacturer Brabantia must be wondering if it can rescue its reputation from the trash after revealing its database was hacked. In a letter published on its website, it admitted the customer database had been “subject to unauthorised access”.
09.06.15 - Computer Science department in ‘serious’ data security breach
The Department of Computer Science has launched an investigation after confidential information about students was made publicly available online.
08.06.15 - Most infosec pros forget to change keys after a breach
Most security professionals don't know how to respond if the keys are compromised during a breach
05.06.15 - US government hack: China denies responsibility for cyber attack that stole personal details of four million employees
China has denied involvement in what could be the biggest cyber attack in US history after the details of up to four million current and former government employees were stolen. Officials in Washington have already claimed the hackers responsible were based in China, with one security expert calling it an “attack against the (American) nation”.
04.06.15 - Android ransomware poses as FBI warning, demands $500 to unlock phone
Ransomware posing as an FBI warning has been sent to thousands of Android smartphones and tablets with hackers demanding a US$ 500 (£324) fee to unlock victim's devices. The news comes as security researchers have also uncovered a criminal ring that offers ransomware as a service, allowing hackers to easily create their own extortion malware.
04.06.15 - MS scolds businesses for failing to eradicate 7-year-old malware
Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates. “The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini-conference in London on Thursday.
04.06.15 - Evil Wi-Fi captive portal could spoof Apple Pay to get users’ credit card data
Researchers at Wandera, a mobile security company, have alerted Apple to a potential security vulnerability in iOS that could be used by attackers to fool users into giving up their credit card data and personal information. The vulnerability, based on the default behavior of iOS devices with Wi-Fi turned on, could be used to inject a fake "captive portal" page that imitates the Apple Pay interface.
04.06.15 - Attackers targeting medical devices to bypass hospital security
A preview copy of a report from TrapX Labs, which will be released later this month, highlights three successful attacks against healthcare organizations. The incidents prove that defending assets in a healthcare environment isn't as easy as some would have you think. In fact, given the wide range of devices on a given network, it can be nearly impossible.
04.06.15 - New Firefox, Chrome SRI script whip to foil man-in-the-middle diddle
Scripting will in the next few months become safer with Mozilla and Google adopting a validation mechanism to prevent against man-in-the-middle attacks. The Subresource Integrity (SRI) check is being developed by boffins at Google, Mozilla, and Dropbox under the World Wide Web Consortium.
04.06.15 - Twin brothers accused of leading phishing gang busted by Russian police
In the history of cybercrime, some of the worst offenders, the biggest breaches, and the baddest malware have come from Russia. Some recent examples of major hacks carried out by Russian cybergangs include the compromise of the White House email system and the emails of President Obama; the breach of the IRS and thousands of US taxpayers' accounts; and the amassing of more than a billion username and password combinations that spurred fears of the "biggest hack in history."
03.06.15 - FBI, Europol and NCA gunning for top 200 black hats making exploit kits for criminals
Law enforcement agencies need to mount a coordinated effort to shut down the exploit developers and hosting sites powering organised crime, according to experts from the FBI, Europol and the UK's National Crime Agency (NCA). The experts made the claim during a panel discussion at InfoSec 2015, when FBI assistant legal attaché Michael Driscoll listed taking down the "core group" of 200 black hats creating exploit kits as one of the biggest challenges facing law enforcement.
03.06.15 - Banking industry comes under fire for number of data breaches reported to ICO
According to Egress Software Technologies, there has been a huge rise in reported data breach investigations in the banking industry. Egress, a provider of encryption services, made a Freedom of Information request to the ICO to obtain the figures, which showed a 183 per cent rise in reported Data Protection Act breach investigations in the financial services industry over the last two years.
02.06.15 - The drivers and inhibitors of cyber security evolution
A study shows European organisations are shifting their cyber security investment from traditional prevention and protection to detection and response capabilities – but the pace of change is much greater in some organisations than others.
02.06.15 - Cost of UK cyber breaches up to £3.14m
The average cost of the worst breaches at large UK organisations is between £1.4m and £3.14m, according to the government’s 2015 information security breaches survey conducted by PwC. This represents an increase of 233% to 273% from a year ago, while the cost of breaches for small businesses is between £75,000 and £311,000, up by between 115% and 270% from 2014.
29.05.15 - IFSEC speaker slots for Mike Gillespie
Dates at the upcoming IFSEC event in London. Advent IM MD Mike Gillespie shares some speaker slots.
28.05.15 - We don't cover stupid, says cyber insurer that's fighting a payout
In 2013, California healthcare provider Cottage Health System discovered that security on one of its servers had been disabled, leaving tens of thousands of patients' files potentially open and exposed on the internet. Those files included patients' names, addresses, dates of birth, and in a few cases, their diagnosis, lab results and procedures performed.
28.05.15 - Wi-Fi access point scans can betray a person's location
Many Android applications collect information on Wi-Fi access points, which researchers contend can be used to figure out where a person is more than 90 percent of the time.
28.05.15 - Irish firms neglect cyber security legal requirements
Irish businesses are leaving themselves open to possible litigation and fines by not fulfilling basic legal requirements, a cyber risk study has found. The study, conducted by Red C for A&L Goodbody, found a significant majority of companies are not fulfilling basic legal requirements when it comes to cyber security.
28.05.15 - ‘Profoundly wrong’ Investigatory Powers Bill slammed for ‘treating everyone as a suspect’
The government's new Investigatory Powers Bill has been attacked by academics and lawyers who have criticised it for "treating everyone as a suspect" and being "profoundly wrong".
28.05.15 - How Polycom video conferencing helps NATO defend against cyber attacks
Polycom video conference services play a "crucial role" in helping NATO defend against cyber attacks from malicious outside agents by allowing the inter-governmental military alliance to quickly exchange information about potential threats.
27.05.15 - Ransomware – the background and what you need to know
Ransomware first appeared in the early part of latter 20th Century, with the first reported version being the AIDS Trojan Horse which was created and released in the USA. Since then the development has rapidly increased, resulting in over 250,000 variants of Ransomware identified as of 2013. There are currently both encrypting and non-encrypting versions of Ransomware circulating and/or infiltrating systems. Although there are some subtle differences between the two versions the main difference is that non-encrypting Ransomware causes minor restrictions/access to services or systems by displaying undesirable images or inaccurate system re-activation alerts requiring the user to pay a ransom to have the images removed. Encrypting Ransomware as the name implies, encrypts your hard drive and demands a ransom be paid in order for you to receive the de-crypt key and be able to access your data freely again, more of that later.
27.05.15 - Hackers compromise 100,000 IRS tax accounts with pre-stolen data
The Internal Revenue Service (IRS), the US government agency tasked with collecting American citizens' tax dollars, has been targeted by criminals with access to the personal information of around 100,000 taxpayers.
27.05.15 - Phones' accelerometers allow you to be tracked on the metro
We know that we can be tracked using GPS data from mobile phones, which can triangulate location from nearby cell towers. In fact, US courts have been grappling with whether or not the Fourth Amendment protects geolocation data gleaned from our own phones, among other sources.
27.05.15 - I.R.S. Data Breach May Be Sign of More Personalized Schemes
The plot to steal information on 100,000 taxpayers from the Internal Revenue Service and hijack nearly $50 million in refunds not only reveals a previous security breach but hints at a wider fraud that may bedevil Americans in the future. Some security and tax experts warned that this latest data theft might be a prelude to more targeted schemes aimed at duping taxpayers into handing millions of dollars over to criminals or to help thieves circumvent the agency’s security filters next year and beyond
27.05.15 - What Data Breaches Now Cost And Why
The actual cost of a data breach is all about industry sector and location, location, location. Healthcare and education sectors incur the highest breach costs of all industries, and Germany and the US cost victim organizations more than anywhere else in the world. Such incidents in Brazil and India cost the least, according to the new Ponemon Group 2015 Cost of a Data Breach Study: Global Analysis.
27.05.15 - Watch Out! This Boobytrapped Text Message Will Turn Off Your iPhone
If you send a specific string of symbols and Arabic characters to another iPhone user, you can really ruin their day. The problem, which occurs when you receive a notification of a new iMessage either on a locked iPhone or as a drop-down iOS notification, causes iPhones to restart, and is preventing some users from accessing other legitimate messages that have been sent to them.
26.05.15 - Android ransomware poses as FBI smut warning
Cybercrooks have launched a new wave of Android ransomware that poses as a pretty convincing FBI-imposed porn-surfing warning. Over 15,000 spam emails, including zipped files, have hit the inboxes of Android users in recent days, according to Romanian security software firm Bitdefender.
22.05.15 - Researchers raise privacy concerns about Bluetooth Low Energy devices
Researchers at Context Information Security have raised privacy concerns about a growing number of devices using Bluetooth Low Energy (BLE) technology. Incompatible with traditional Bluetooth, BLE was developed by the Bluetooth Special Interest Group (SIG) as a personal wireless technology that is rapidly finding its way into personal devices.
22.05.15 - Is data protection the new health and safety?
Paul Motion, partner with bto solicitors’ data protection defence team
22.05.15 - Security warning over Android phone reset systems
Using the "factory reset" option to wipe Android phones may leave behind valuable data, warn security experts. The reset function may also fall short when used to remotely wipe a phone that has been lost or stolen, report Cambridge University researchers. For their analysis the researchers bought used Android phones to see what sort of data remained on the handsets.
21.05.15 - Data Breach Liability: Confidentiality vs. Privacy
IT service providers, particularly cloud service providers, increasingly are resisting unlimited liability for breaches of privacy and data security obligations in their customer agreements. Instead, they offer unlimited liability for breaches of confidentiality, asserting the customer’s risk of a data breach would be covered as a breach of confidentiality, and arguing that unlimited liability for breaches of data protection obligations is simply double dipping.
21.05.15 - Cyber-attack leaves millions of British students without access to online resources
Millions of staff and students at over 150 centers of further education were left without access to their online resources following a cyber-attack on the University of London Computer Centre.
21.05.15 - Security experts worry about 'spear phishing' in wake of CareFirst breach
Security experts weighing in on Wednesday's breach of health insurer CareFirst, which impacted 1.1 million current and former customers, said the compromised information could be used for everything from medical identity fraud to future attacks geared toward extracting even more data from victims. What's more, they believe this is only the beginning for breaches of this nature.
21.05.15 - PCI establishes small merchant task force
The PCI Security Standards Council (PCI SSC) is creating a dedicated global taskforce to improve payment data security for small businesses, combating their frequent lack of technical knowledge or resources to apply PCI Standards to protect payment data against cyber-threats
21.05.15 - Securing the Artificial Pancreas
Millions of lives potentially depend on the resilience to cyber attacks of a new generation of “artificial pancreas” and other medical devices. But medical devices are open to cyber attacks, many studies have demonstrated that a large number of medical systems could be affected by security flaws that could be exploited by hackers.
21.05.15 - The 1990s calling: buffer overflow attack "cripples router" claim
The technology behind a popular printer sharing feature on many consumer and professional grade routers has been shown to be vulnerable to what the team behind the discovery are calling a 1990s-style stack buffer overflow attack.
21.05.15 - Novel malvertising attack leads to drive-by ransomware
Zscaler researchers explained on its blog that it has seen a large number of sites, dressed up as search engines, that lead to malicious content including sites hosting the Magnitude Exploit Kit.
21.05.15 - Financial services firms take 98 days to detect cyber threats – retailers take 197 days
Financial services firms take an average of 98 days to detect advanced cyber threats, while retailers take a whopping 197 days, according to a new Ponemon Institute Survey sponsored by security software provider Arbor Networks.
20.05.15 - 'Practical' ICO may not issue huge data breach fines
Speaking at the European Conference of Data Protection Authorities in Manchester on Tuesday, the Information Commissioner Christopher Graham spoke at length on the challenge facing ICO and other bodies, focusing specifically on their need to adapt to new legislation, and ensure privacy for all users, while technology changes are afoot.
19.05.15 - Privacy and data protection? Just 1% of public would go to Information Commissioner’s Office
Just one percent of the UK public would go to the Information Commissioners’ Office (ICO) for advice on personal data, according to a paper published today. When asked who they would go to for advice on protecting their data, only 1 percent named the ICO while almost half (45 percent) of the 1,222 respondents said they ‘don’t know’, a poll by ComRes found.
18.05.15 - ICO fines Welsh police for sensitive data breach
After the loss of a highly-sensitive DVD testimony, the ICO has issued a fine totaling £160,000 to South Wales Police and has asked the police force to sign an undertaking that ensures new, enforced policies that will stop future breach incidents. The DVD, which has still not been recovered, contains an interview recorded in 2011 that recounts the graphic and disturbing testimony of a victim of sexual abuse. Just two months after the recording, the DVD went missing, but the breach remained unreported for as long as two years due to "lack of training," the ICO told
15.05.15 - Malware Found In Some GTA V Mods
If you’ve been using mods on GTA V, your computer might be at risk of a virus. The mods “Angry Planes” and “No Clip” have been found to contain a keylogger called “Fade.exe”. The presence of the malware was confirmed on and was first discovered on GTAForums, which also contains instructions on how to remove the virus from affected machines. Even if you haven’t installed these two specific mods, however, you should be careful and check your computer for a file called “Fade.exe” just to be safe.
15.05.15 - New Russian Hacks Target US Banks
Cybersecurity experts at root9B, staffed by veterans from the U.S. State Dept. and Dept. of Defense, have discovered that a powerful Russian cyber hacking group linked to Kremlin-backed cyber-espionage is making preparations for a large-scale attack on global banks.
14.05.15 - Cyber security cited as No1 risk to financial markets, says DTCC
Almost half of the respondents (46 per cent) to the Depository Trust & Clearing Corporation’s (DTCC) latest Systemic Risk Barometer Study cited cyber security as their top concern and 80 per cent of respondents rated it as a top five risk overall.
14.05.15 - Hackers drain money from Starbucks accounts linked to users’ credit cards
Hackers steal money from Starbucks mobile customers using linked credit cards, nearly 16 million customers who use the company app are at risk.
12.05.15 - Anonymous-tied DDoS botnet shows insecure routers are legion
Tens of thousands of home routers have been infected with malware, and are being used by hackers to launch distributed denial-of-service (DDoS) attacks, including by the hacktivist group Anonymous.
12.05.15 - Jamie Oliver website hit by malware for a third time
The website of British TV chef, Jamie Oliver has been hit for a third time by malware that potentially infects the computers of visitors to the site. It is the third attack on in four months. The security company that found the exploit, Malwarebytes says the attack, which redirects users to malicious software, is similar to the previous two. A spokesperson for Jamie Oliver said they were working "to find the issue".
12.05.15 - Breaking Bad Ransomware Hits Aussie PC Users
Security researchers are warning PC users in Australia to beware of new Breaking Bad-themed ransomware demanding up to $1000 AUD ($796 USD) to decrypt essential computer files. The attacks typically arrive in the form of a malicious zip archive which takes the name of a famous delivery firm as its file name, according to Symantec.
08.05.15 - Surgical robots hacked by researchers to alter commands and disrupt functions
Security vulnerabilities in surgical robots have been exposed by researchers, who hacked next generation systems to prove that they could be hijacked remotely. Researchers from the University of Washington (UW) carried out a series of cyberattacks on teleoperated (remotely operated) surgical robots using non-private networks.
07.05.15 - Criminalising hackers hurts security
"I often use ‘hacker' and ‘security researcher' interchangeably." So said cyber security expert Keren Elazari in an open interview with ITWeb on Twitter yesterday.
07.05.15 - £1.5 million investment in new cybercrime hub for East Scotland
Detective Superintendent Stevie Wilson. Credit: Steward Attwood, The Herald. A new hub to tackle the growth in cyber-crime is to be established in the East of Scotland.
07.05.15 - £1.5 million investment in new cybercrime hub for East Scotland
Detective Superintendent Stevie Wilson. Credit: Steward Attwood, The Herald. A new hub to tackle the growth in cyber-crime is to be established in the East of Scotland.
07.05.15 - DMU joins forces with Airbus Group to protect critical national infrastructure from cyber attacks
De Montfort University Leicester (DMU) has launched a research programme with Airbus Group to develop a new digital forensic capability for the Supervisory Control and Data Acquisition (SCADA) industrial control systems that underpin the UK’s critical national infrastructure.
07.05.15 - Cyber attack on Biznews: How it happened, why you could be next
In this special podcast, Alec Hogg talks to the CIO of Internet Solutions, Kovelin Naidoo. Internet Solutions were the pioneers of the Internet in SA. How many years ago, was that? That’s about 21 years ago, so we’ve come a long way.
07.05.15 - Top cyber attack vectors for critical SAP systems
SAP is run by over 250,000 customers worldwide, including 98 percent of the 100 most valued brands. Despite housing an organization’s most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches.
06.05.15 - UK cyber security: insure against 'rapid, highly damaging and public' threats
Cyber attacks present a daily threat to UK businesses and have become more destructive in recent years with data breaches and hacks frequently making front page news. Consider the Sony Pictures hack following controversy over the film The Interview, the Kaspersky Labs $1bn cyber robbery or points stealing from British Airways' air-miles accounts. Data security has become a fundamental issue for companies and this raises the question: what can they do?
06.05.15 - Microsoft Word Intruder - the malware that writes new malware for you
Malware construction kits aren't new. Back in the early 1990s, for example, DOS-based tools such as VCL (Virus Creation Laboratory) and PS-MPC (Phalcon-Skism Mass Produced Code Generator) lowered the barrier of entry to virus "writing".
06.05.15 - Mobile threats on the rise, Q1 2015 report shows
Some of the most noteworthy findings in the Kaspersky Lab “IT Threat Evolution Report for Q1 of 2015” involve mobile devices, Patrick Nielsen, senior security researcher at Kaspersky Lab, told in a Wednesday email correspondence.
06.05.15 - Unlimited fines may now be imposed by UK Magistrates’ Court Data Protection offences
Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates’ Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 (‘DPA’). Under s.55 DPA, an individual can be convicted of a criminal offence if he or she obtains or discloses personal data without the consent of the data controller. Before 12 March, a £5,000 fine cap existed, but this has now been removed, allowing for fines of any amount to be imposed at sentencing.
06.05.15 - Is cyber-warfare really that scary?
On 7 December 1941, Japanese aircraft attacked the American naval base at Pearl Harbor, Hawaii. The attack was surprising, devastating, and drew the US into World War Two.
06.05.15 - Firms ‘at risk of data breach’
Irish companies are at risk of large-scale data breaches that could leave them open to significant liabilities, a legal expert has warned. Following a number of high-profile breaches in recent times, barrister Michael Vallely, who specialises in IT law, says companies here face similar risks.
05.05.15 - Bogus Hotel Booking Scams Cost Americans Millions
Hotel booking scams are on the rise partly because 1 in 3 vacations is set up online, with many hotel and airline reservations punched in on those tiny, hard-to-read smartphone screens.
1.05.15 - Fake "Account Locked" notices are delivering CTB-Locker
Active spam campaigns delivering fake notices about temporarily locked accounts have been spotted in the last few days delivering a deadly malware combination: the Dalexis downloader and the CTB-Locker (aka Critroni) ransomware.
30.04.15 - Police still 'ill-equipped' to deal with cyber-crime
Police are still playing catch-up with cyber-crime, and are particularly struggling with poor reporting, a lack of data and the InfoSec skills shortage, said Ian Maxted, safer cyber coordinator at the Gloucestershire Constabulary, at 44CON in London yesterday.
29.05.15 - Ryanair's been hacked for millions via Chinese bank
Ryanair has been targeted by hackers who have stolen nearly $5m (£3.25m) from the airline's bank account. The cash was taken from the budget airline by electronic transfer via a Chinese bank, the Irish Times reports. Ireland's Criminal Assets Bureau is investigating the crime, which took place last week, and is working with authorities in Asia.
29.05.15 - Facebook login system blocked by Great Firewall of China causing DDoS panic
Internet users in China have been unable to connect to a number of popular foreign websites over the last few days, apparently due to what security reporter Brian Krebs describes as a "screw-up" by government censors.
29.04.15 - Windows XP support deal not renewed by government, leaves PCs open to attack
The government has not renewed its £5.5m Windows XP support deal with Microsoft despite thousands of computers across Whitehall still running the ancient software, leaving them wide open to cyber attacks.
28.05.15 - Zombie apps haunt BYOD workplaces
According to a new study of around 3 million apps on employee smartphones, 5.2 percent of iOS apps and 3.9 percent of Android apps are actually dead, removed from their respective app stores and no longer supported. Every single enterprise studied had at least some zombie apps on user devices. These zombie apps can be harmful in a couple of ways, according to Domingo Guerra, president and founder at Appthority, the mobile app security company that did the research.
28.05.15 - Preparing for Warfare in Cyberspace
The Pentagon’s new 33-page cybersecurity strategy is an important evolution in how America proposes to address a top national security threat. It is intended to warn adversaries — especially China, Russia, Iran and North Korea — that the United States is prepared to retaliate, if necessary, against cyberattacks and is developing the weapons to do so.
27.04.15 - Cyber-security and why shipping needs to be worried
Cyber-security is fast becoming a hot-button issue in shipping, perhaps because it is one on the agenda everywhere. On 1 April US president Barack Obama signed an executive order authorising sanctions against malicious overseas hackers as well as companies that knowingly benefit from cyber-espionage. "Cyber-threats pose one of the most serious economic and national security challenges to the United States,” he warned.
24.04.15 -
A student who tried to cheat his way to a better degree by hacking into the university computers and changing his marks has been jailed. Imran Uddin, 25, who was studying science, bought keyboard spying equipment on the internet which he then connected to a number of university computers.
24.05.15 - CCTV in the Workplace survey finds 60% of employees fear “theft, physical attack and trespassers”
The CCTV in the Workplace survey questioned 1,017 UK workers and was carried out by independent research provider The Leadership Factor in January this year. Although the Government’s current CCTV network is outdated and hugely costly to local authorities, the views of the workers polled in the survey prove there’s a real need for effective CCTV solutions.
23.04.15 - Massive TalkTalk data breach STILL causing customer scam tsunami
A fresh wave of scammers appear to be targeting TalkTalk customers, following a massive data theft earlier this year, The Register has learned. In February, TalkTalk admitted to suffering a major breach into its users' sensitive information, which may have led to some customers handing over bank data to hackers. In an email to subscribers, the company said: "We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly."
23.04.15 - Cash register maker used same password – 166816 – non-stop since 1990
RSA 2015 Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale (PoS) systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. The enraged pair badged the PoS vendor by its other acronym, labelling it a "piece of shit" and heaping scatological scorn on a bunch of other borked sales systems. Fraudsters would need physical access to the PoS in question to exploit it by opening a panel using a paperclip.
23.04.15 - Update: Credit card terminals have used same password since 1990s
While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password. The vendor wasn't named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.
23.04.15 - Trust in council data security 'dangerously low', finds poll
Almost a third of people don’t trust their council to protect personal data online, with outsourcing raising key concerns - a poll has revealed. A survey of 2,000 Britons found less than one in 10 believe local authorities are well equipped to deal with a cyber attack while 31% have no faith in their town hall to guard important information.
22.04.15 - Twitter's new anti-abuse filter hides harassing tweets from your mentions
Twitter is cracking down on abusive accounts, announcing an updated violent threats policy, as well as a new filter that could block threatening messages before they are even seen by the intended victims. The move comes after leaked internal memos from CEO Dick Costolo back in February showed the social network thought it should be doing more to reduce trolling on the service.
22.04.15 - Costa Coffee Club warns of possible database intrusion
A Naked Security reader just sent us a "possible breach" warning he received. This one's from the Costa Coffee Club, a loyalty programme from Costa, a UK franchise that runs a chain of... guessed it, coffee shops. The loyalty card is of the conventional sort: you get 5p of credit to use in-store for for every pound you spend.
21.05.15 - Stolen CentCom computers were found on eBay
A CentCom official ordered an inventory, putting it in the hands of a Riverview man who now admits to being the thief. Scott Duty's signed federal plea agreement spells out those details and more, in anticipation of a hearing next month in which he is expected to plead guilty to stealing government property.
20.04.15 - Institutional investors back away from hacked businesses
KPMG’s survey of global institutional investors found that 79% of investors would be discouraged from investing in a business that has been hacked. The research surveyed 133 institutional investors with more than USD $3 trillion under management. Malcolm Marshall, global head of KPMG’s cyber security practice, says: ‘Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.’
16.04.15 - Infosec taking the strain as threats evolve and skills gap widens
Analyst forecasts of a 1.5 million shortfall of information security professionals by 2020 come amid reports of rising salaries, an ageing workforce and the inability to fill existing positions.
16.04.15 - Dropbox users continue to unwittingly leak tax returns and other private data
Readers with good memories will recall a worrying privacy hole was found in Dropbox after publicly accessible links to private personal information stored on the service leaked out to unauthorised users.
16.04.15 - Target announces $19 million data breach settlement with MasterCard
(Reuters) - Target Corp (TGT.N) said it had agreed to reimburse about $19 million (13 million pounds) to financial institutions that had issued MasterCard-branded cards that were a part of the massive data breach at the retailer in 2013.
16.04.15 - APT group hacks cyber-spy gang in spy-on-spy pwnage
Cyber-spy groups, whose numbers are growing with little constraint, have begun hacking each other. Hellsing, a small and technically unremarkable cyber-espionage group, was subjected to a spear-phishing attack by another threat actor last year, before deciding to strike back with its own malware-infected emails. The aftermath of the dust-up was uncovered by security researchers from Kaspersky Lab, who estimate further incidents along the same lines are likely.
15.04.15 - UK law firms investigated 187 times for data protection breaches
UK law firms were investigated 187 times by the Information Commissioner in 2014 for possible breaches of the Data Protection Act (DPA), a Freedom of Information (FoI) data by encryption firm Egress Software Technologies has revealed. It might be assumed that legal firms would be especially careful with personal data but that didn’t stop 173 firms generating the heavy caseload for the ICO.
15.04.15 - There's TOO MANY data-leaking healthcare firms, growls Symantec
Security software company Symantec is being drenched in calls from breached health organisations that have lost devices or suffered an information security snafu.
15.04.15 - Britain hit hard as cyber-attacks rise 40 percent
Around five in six large organisations were subject to some form of cyber-attack in the past year and things look set to get worse, says the latest Internet Security Threat Report from Symantec.
15.04.15 - Banks hide cyber crime losses, says City of London Police
Banks are obscuring the true amount of money lost to cyber fraudsters preferring to write off cyber incidents as losses, according to the City of London Police. Banks assess the losses sustained from customers leaving, because of security fears, greater than covering the cost of cyber crime.
14.04.15 - Global cyberattacks on big business up 40 percent in 2014
Cyberattacks and cybercrime against large companies rose 40 percent globally in 2014, according to Symantec's annual Internet Security Threat study published Tuesday. Five out of every six large companies – those with over 2,500 employees – were targeted with spear-phishing attacks or e-mail fraud in 2014, up 40 percent on year, the report showed. Attacks on small- and medium-sized companies, which accounted for 60 percent of targeted attacks, increased 26 and 30 percent, respectively.
14.04.15 - Security risk potential linked to young, mobile users
Wireless supplier Aruba Networks has warned enterprises to take action to secure their corporate networks after publishing a mobile security risk report that found CIOs are unprepared for the impact of the high-risk, security-agnostic Generation Mobile workforce.
12.04.15 - Cyber-defence to be integral to Nato capabilities
Cyber-defence has to become an integral part of military capabilities, said General Sir Richard Barrons, Commander of Nato's Joint Forces Command, during a visit last week to the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence on Friday.
10.04.15 - Europol leads takedown of Beebone botnet
In a move that reflected the level of co-operation between anti-malware forces, Europol's European Cybercrime Centre (EC3), the Joint Cybercrime Action Taskforce (J-CAT), the FBI, the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell (IC4), ShadowServer, Kaspersky and Intel Security all joined forces under the control of the Dutch National High Tech Crime Unit. Brian Honan, of security consultants BH Consulting said the way the takedown was orchestrated was a model for the future. “There was an exceptionally high level of co-operation, something that can be difficult to achieve.”
02.04.15 - Smart home hacking is easier than you think
Scary stories of hacking Internet of Things devices are emerging, but how realistic is the threat?
02.04.15 - Tor Wants to Know How to Make the Darknet Mainstream
For many, Tor is synonymous with its hidden services, the encrypted and anonymous .onion websites that make up the d