Cyber Bites

The European Parliament announced a "provisional agreement" with the aim of bolstering cybersecurity and resilience of both public and private sector entities in the European Union. It's expected that the revised directive, dubbed "NIS2" (short for network and information systems), will take the place of pre-existing legislation originally established in 2016. The revision puts in place ground rules that require companies in energy, transport, financial markets, health, and digital infrastructure sectors to abide by management measures...

27% of security professionals say their mental health has worsened over the past year. The study, carried out by Tines, also revealed that security professionals believe that their mental state has impacted their productivity. Tines, an automation specialist, surveyed more than 1000 security professionals in the US and Europe for its State of Mental Health in Cybersecurity report. The report is being published to coincide with Mental Health Awareness Week in the UK and an equivalent event...

The UK's National Cyber Security Centre (NCSC) has released a free tool designed to help organisations check whether their email security settings are sufficient. The Email Security Check service was released yesterday by the NCSC, an offshoot of the UK spy agency GCHQ. The tool works to look up publicly available information on anti-spoofing standards such as DMARC to ensure they are configured properly. DMARC works to prevent scammers from abusing legitimate domains to distribute phishing emails....

A joint advisory issued by the Five Eyes nations has urged organisations to secure their supply chains as the war in Ukraine continues. The document, ‘Protecting Against Cyber Threats to Managed Service Providers and their Customers,’ was released jointly by relevant government agencies from the Five Eyes security alliance. The authorities are: The UK’s National Cyber Security Centre (NCSC), the US’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of...

Over 70% of critical national infrastructure (CNI) providers in the UK have seen an increase in cyberattacks since Russia's invasion of Ukraine, new research from Bridewell suggests. Bridewell, a security services provider, polled over 520 security decision-makers in the communications, utilities, finance, government and transport and aviation sectors in order to better understand their concerns and exposure to cyber threats. 78% of those polled said they were worried about the threat of cyberattacks against the...

Paz Estaban, head of the Spanish National Intelligence Centre (CNI), has been sacked for reportedly using Pegasus spyware to spy on leaders of the Catalan independence movement. Estaban and the CNI were also criticised for failing to prevent the phones of Prime Minister Pedro Sanchez and other high ranking officials from being infected by Pegasus spyware. Defence Minister Margarita Robles, one of those targeted by the initial spyware campaign, told reporters: “Of course there are...

Lincoln College has announced that it will close this week, likely as a result of a ransomware attack that took months to resolve. While the disruption caused by COVID-19 played a role in the college's closure, the cyberattack, which prevented access to recruitment and fundraising services for months, seems to have been the final nail in the coffin. NBC has reported that Lincoln College in the first college or university in US history to close partly...

The National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed today. The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative ahead of today's flagship CYBERUK summit. According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails. It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular....

Rodrigo Chaves, President of Costa Rica, has declared a national emergency following a series of cyberattacks on government bodies. According to BleepingComputer, Conti has published the majority of the 672 GB of data appearing to belong to Costa Rican government agencies. Chaves signed the declaration into law on Sunday, May 8th, the same day that the former Minister of Finance effectively became the nation's 49th and current president. Conti ransomware had claimed the attacks on...

Authorities in the US have offered up to $15 million in rewards for information leading to the identification, arrest, and/or conviction of any individual affiliated with Conti ransomware variant attacks. The money, offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP), is split into two pots: up to $10m for information on the identity or location of any individual who holds or has held a "key leadership position" in Conti; and up...