News

The US International Revenue Service has urged tax professionals to select multifactor authentication options whenever possible in order to reduce the risk of exposing sensitive information. Amidst the Covid-19 crisis, the IRS stressed the importance of this security practice for those working remotely or social distancing. "Cybercriminals continue to find new ways to try accessing tax professional and taxpayer data. The multi-factor authentication option is an easy, free way to really step up protection of...

It is common practice for businesses to implement some kind of central tool to manage smartphones and tablets. Normally, this is done through solutions referred to as mobile device management (MDM), which can ensure mobile devices are configured properly for business use. MDMs can also be used to mandate certain built-in device security settings, such as device lock-screen and pin code length. It would be a mistake, however, to assume that this provides adequate enterprise-grade...

With over 50 million registered users, OkCupid is one of the largest players in the online dating game, aided by the social distancing measures imposed by governments across the globe in response to the coronavirus pandemic. An expanding user base and the wealth of information contained in dating apps accounts makes them a particularly ripe target for cybercriminals. Cybersecurity firm Check Point Research has disclosed a set of vulnerabilities that, if exploited, would have allowed...

In a report published today, ESET researchers have outlined the threats and the trends that characterised the second quarter of 2020. Perhaps unsurprisingly, researchers found that Covid-19 themed phishing attacks are alive and well, and continued into Q2, confirming how the coronavirus pandemic has defined this year in cybercrime. ESET researchers also discovered a new cyber espionage toolkit tailored for collecting and exfiltrating sensitive documents from air-gapped systems. Dubbed Ramsay, the toolkit provides a series...

Security firm FireEye released yesterday a report on the activity of filo-Russian disinformation focussed group Ghostwriter. According to FireEye's report, the group seems to have upped its game since it first started operating in 2017, and has now begun hacking the content management systems of news organisations. Generally aimed at undermining NATO, the hacking campaign has been spreading fake news about NATO soldiers spreading coronavirus, a planned invasion of Belarus and US military aggression. Although...

(ISC)² has announced today that it will add Global Knowledge to its portfolio of Official Training Providers for the UK, thus expanding the range of leading training organisations offering (ISC)2 certification preparation training. Global Knowledge will be providing exam preparation training for the full range of (ISC)2 certifications to its UK customer base, delivering pathways to new sectors and audiences, increasing the size of the UK channel presence for (ISC)2 and responding to increased demand and...

The trend of ransomware attacks turning into data breaches continues. Cybercriminals have taken the habit of exfiltrating a company's data before encrypting their databases with ransomware, so as to double up on their profits with the sale of the stolen information. Dussman Group, one of the largest multi-service providers in Germany, is the latest enterprise to have its database of sensitive information exposed due to a ransomware attack hitting one of its subsidiaries, Dresdner Kühlanlagenbau...

According to security firm Recorded Future, Chinese hackers have infiltrated the Vatican's computer network in an apparent espionage effort. This happened ahead of sensitive negotiations with Beijing, which currently recognises five religions, including Catholicism. However, the Communist Party has recently attempted to tighten its control over religious groups, perceived as a threat to the stability of the Party. The New York Times reported that the series of intrusions began in early May. One attack was...

To track levels of diversity and inclusion in the cyber security industry, the National Cyber Security Centre (NCSC) and KPMG UK, supported by Professor Nick Jennings, Vice-Provost (Research and Enterprise) of Imperial College London, have compiled Decrypting Diversity 2020, the first joint report in an annual series aimed at promoting diversity in security teams. A diverse workforce minimises the risk of leaving blind spots. After all, attackers do not come from one single background, so the more...

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a...