News

The University of Hertfordshire has been hit by a critical cyberattack resulting in online classes being shut down. The university released a statement on Wednesday evening (14th April) that an attack by cybercriminals had resulted in all its online services and systems being taken offline. “Shortly before 22:00 last night, the university experienced a cyber-attack which has impacted all of our systems, including those in the Cloud such as Canvas, MS Teams and Zoom,” the...

A report released this week by Outpost24, that examined the security posture of web applications amongst the Top 10 US Credit Unions, has revealed that they all have security issues. Using Outpost24’s attack surface discovery tool called Scout, Outpost24 was able to analyse each Credit Union’s public-facing web security environments against the seven most common attack vectors used by hackers during reconnaissance, to ascertain a risk score that is measured 1-100. The attack vectors are labelled as...

Yesterday the University of Hertfordshire was targetted by a cyberattack which resulted in the universities entire IT network being taken down, as well as all access to cloud-based services being blocked. The attack started on Wednesday night at 22:00, when the universities Wi-Fi network was taken down alongside the email system and the universities student portal. Since the attack students have also reported that they have not been able to access Office 365 services, such...

Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network. The attack took place in November 2020, when Capcom was targeted by the Ragnar Locker ransomware. The attack resulted in Capcom...

The FBI has been removing web shells from compromised Microsoft Exchange serves following court authorisation. However, owners of the Microsoft Exchange servers were never informed or able to approve of the FBI's actions. In February, the hacking group HAFIUM exploited several vulnerabilities in Microsoft Exchange's servers. The group installed web shells in compromised Exchange servers which allowed them to remotely access the servers. Following the attack, Microsoft released a security update that patched the exploited...

Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by  the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also presents the widespread risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues.  Open source software provides the foundation for the vast majority of applications across all industries. Unfortunately, these industries, to varying degrees, are struggling to manage the associated risk. As a matter of fact,...

Microsoft has recently launched a cyberattack simulator that allows security researchers to study AI-driven attacks in simulated network environments. The simulator is named CyberBattleSim and can be accessed through an open-source license that uses a Python-based Open AI Gym toolkit. The sim can be used to train automated agents through reinforcement learning algorithms. Microsoft's 365 Defender Research Team launched the CyberBattleSim as part of their efforts to use AI and machine learning in their security...

A new report by criminologists at the University of Surrey and cybersecurity researchers at HP has found that nation-state attacks have risen considerably in the last three years. The report also revealed that both enterprises and businesses are amongst the most targetted organisations by nation-state attackers. The research analyses nation-state attacks taking place between 2017 and 2020. The report discovered that around a third of organisations targeted by the attacks were businesses. The industries that...

Iran's main nuclear facility suffered a cyberattack on Sunday, leading to a large scale blackout at Natanz, which Israel now appears to be taking responsibility for. Tehran's nuclear energy chief described the attack as an act of terrorism, and demands a response against the perpetrators. The incident occurred shortly after the official restarted spinning advanced centrifuges at the Natanz reactor. The goal was to speed up the production of enriched uranium, in an event that...

The new update to the NHS COVID-19 track and tracing app has been blocked by both Apple and Google, due to its failure to comply with the terms of a recent agreement. The new update would urge users to upload logs of venue check-ins via a barcode scan if they tested positive for COVID-19. The goal was to use this to warn other individuals in case of infection. However, both Apple and Google had banned...