News

Have I been Pwned reported that the data breach exposed users' email addresses, hashed passwords, usernames, and IP addresses. Of the 500,000 users of the hacking forum, 297,744 have been affected; however, the forum operators have not yet notified their users. The founder of Have I Been Pwned has confirmed the authenticity of the stolen data. Troy Hunt stated that the carding site recognised the leaked email addresses through the "forgot password" feature. It failed,...

VISA has issued a warning about the increase of web shells being used by threat actors to steal credit card details. VISA has seen a rise in the number of threat actors using web shells on compromised servers in order to extract credit card details stolen from customers making payments online. VISA has said that in the last year they have seen growing trends in web shell usage, especially for web skimming attacks where the...

In March a number of European Union organisations, including the European Commission, were hit by a cyber-attack. A spokesperson from the European Commission has revealed that the incident, thought to have taken place last week, impacted the IT infrastructure of several EU institutions. The spokesperson told BleepingComputer, "we are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution."  They also...

Active cyberattacks have been reported on known security vulnerabilities in widely deployed SAP applications, giving the attackers access for full take over and the ability to infest an organisation completely. Researchers warn that these attacks could lead to full control of unsecured SAP applications. An alert issued by SAP informs that threat actors are carrying out various attacks, which include the theft of sensitive data, financial fraud, disruption of mission-critical business processes among other operational...

The European Cybersecurity Blogger Awards has returned in 2021 to recognise the best blogs and podcasts in the cybersecurity industry, as voted by themselves or peers and judged by a panel of experts. Nominations have now opened until the 14th of May.  The winners will be revealed during a virtual meet-up event on Tuesday, 9th of June.   This year will see the eighth European Cyber Security Blogger Awards hosted by Eskenzi PR and sponsored...

A zero-click vulnerability has been discovered in Apple's macOS Mail which allows attackers to take over a users account by adding or modifying any arbitrary file in Apple Mail’s sandbox environment. The bug known as CVE-2020-9922 can be exploited by sending an email with two .ZIP files attached. Once a user has received these emails Apple's Mail app will parse it to find any attachments which have x-mac-auto-archive=yes in the header, and automatically unpack the...

A number of US agencies, such as the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA), have issued a joint warning that advanced persistent threat (APT) groups are exploiting vulnerabilities found in Fortinet FortiOS. The groups are exploiting the vulnerabilities in order to compromise both government and commercial organisations using the software. The alert warned that the cybercriminals have been scanning for systems that have not patched Fortinet FortiOS vulnerabilities. The vulnerabilities...

By Chris Sedgwick, director of security operations at Talion Cryptocurrencies are a topic that touches many areas; not only finance and investing but technology and even political arenas. Although apolitical in itself, it is the structure behind these cryptocurrencies that make them a much talked about subject amongst political purists from across the political spectrum. This structure can be boiled down to the following; think of cryptocurrencies as a ‘big spreadsheet’, and when you ‘mine’...

At the LORCA Live online event, Rob Meyerson, founder and CEO at Delalune Space claimed that the commercial space industry needs support from the cybersecurity sector in order to build trust and resilience. Former employee of NASA and Blue Origin, Meyerson is now focused on investing in new businesses that aim to operate in the space sector. This more recently includes cybersecurity. As a society, we are already reliant on the space industry to run...

Already, DDoS attacks have set a new record and taken the extortion trend that started in August 2020 to the next level. Akamai, an internet security company has already reported the largest known DDoS (RDDoS) attack. The company has said the attack was more complex than previously seen incidents of DDoS attacks. In February of 2021, Akamai dealt with "three of the six biggest volumetric DDoS attacks" that have ever been recorded. The most recent...