News

Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network. The attack took place in November 2020, when Capcom was targeted by the Ragnar Locker ransomware. The attack resulted in Capcom...

The FBI has been removing web shells from compromised Microsoft Exchange serves following court authorisation. However, owners of the Microsoft Exchange servers were never informed or able to approve of the FBI's actions. In February, the hacking group HAFIUM exploited several vulnerabilities in Microsoft Exchange's servers. The group installed web shells in compromised Exchange servers which allowed them to remotely access the servers. Following the attack, Microsoft released a security update that patched the exploited...

Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by  the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also presents the widespread risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues.  Open source software provides the foundation for the vast majority of applications across all industries. Unfortunately, these industries, to varying degrees, are struggling to manage the associated risk. As a matter of fact,...

Microsoft has recently launched a cyberattack simulator that allows security researchers to study AI-driven attacks in simulated network environments. The simulator is named CyberBattleSim and can be accessed through an open-source license that uses a Python-based Open AI Gym toolkit. The sim can be used to train automated agents through reinforcement learning algorithms. Microsoft's 365 Defender Research Team launched the CyberBattleSim as part of their efforts to use AI and machine learning in their security...

A new report by criminologists at the University of Surrey and cybersecurity researchers at HP has found that nation-state attacks have risen considerably in the last three years. The report also revealed that both enterprises and businesses are amongst the most targetted organisations by nation-state attackers. The research analyses nation-state attacks taking place between 2017 and 2020. The report discovered that around a third of organisations targeted by the attacks were businesses. The industries that...

Iran's main nuclear facility suffered a cyberattack on Sunday, leading to a large scale blackout at Natanz, which Israel now appears to be taking responsibility for. Tehran's nuclear energy chief described the attack as an act of terrorism, and demands a response against the perpetrators. The incident occurred shortly after the official restarted spinning advanced centrifuges at the Natanz reactor. The goal was to speed up the production of enriched uranium, in an event that...

The new update to the NHS COVID-19 track and tracing app has been blocked by both Apple and Google, due to its failure to comply with the terms of a recent agreement. The new update would urge users to upload logs of venue check-ins via a barcode scan if they tested positive for COVID-19. The goal was to use this to warn other individuals in case of infection. However, both Apple and Google had banned...

It has been revealed today that social media platform LinkedIn is the latest to suffer a website scraping attack at the hands of cyber criminals. Data belonging to over 500 million of its users has been posted online and is reportedly being sold to hackers. The news comes only days after it was revealed that over half a billion Facebook users had their data posted online following website scraping. Facebook has been downplaying the incident...

Mike McGuire a senior lecturer in criminology at the University of Surrey has conducted a study, called Nation States, Cyberconflict and the Web of Profit using publicly available reports into state-sponsored attacks along with interviews with various experts. The study reveals that the world is coming increasingly close to nation state retaliating against cyber-attacks with violence. In his report, McGuire reveals that there has been a 100% increase in "significant" state-backed attacks over the past...

Analysts stumbled across a scraped data set from LinkedIn, in which the data from over half a billion users is being sold online. This marks the second major cybersecurity incident in the past week. The information scraped includes the full names, email addresses, phone numbers, professional titles and other work-related data. CyberNews analysts have been able to confirm that the data found on the online forum for hackers can be associated with LinkedIn user accounts,...