News

John Lewis has added cyber crime cover to its home insurance policies for the first time – but questions have been raised over whether the protection is any use or just a gimmick designed to boost sales. The cover protects the firm’s home insurance customers against online fraud, hacking, identity theft, so-called push payment scams and computer viruses for up to £50,000. John Lewis is the first major insurance brand to sell this type of...

Part of the British Transport Police's (BTP) website has been hacked, the force has confirmed. BTP said it was made aware of "a threat to the newsroom section" of its website - hosted by an external supplier. The main page was unaffected but clicks on the "latest news" link are directed to a Tumblr blog run by the force. Checks carried out by BTP, the National Cyber Security Centre and the National Crime Agency found...

Cyber-attacks in the UK spiralled upwards by 140% in 2018, according to a recent cyber-threat landscape report. According to the paper, a rise in botnet activity also saw 40% of small and mid-sized businesses impacted by at least one cyber-attack over the 12-month period. A new study from computer and network security company eSentire has found that cyber-attacks in the UK spiked by a colossal margin over the course of last year. According to the...

CrowdStrike, the cyber security company that uncovered Russian hackers inside the servers of the Democratic National Committee following the 2016 US election, announced plans to list on the Nasdaq exchange on Tuesday.  The California-based company, which was valued at more than $3bn at its last funding round in June, joins the ranks of the so-called “unicorns” that have headed for public markets in 2019. Ride-hailing app Uber listed last week, following in the footsteps of...

Hackers compromised the script used by Best of the Web to display their trust seal on their customers' websites and to add two key logging scripts designed to sniff keystrokes from visitors. As Sanguine Security researcher Willem de Groot found out, "The security seal as sold by @bestoftheweb contains even 2 different keystroke loggers. One was added on Apr 24th, the other last week." After de Groot disclosed his discovery to Best of the Web, the company...

Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor. The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work. Speculative execution helps processors predict to a certain degree what an application or operating system might need next and in the near-future, making the app run...

Microsoft released its monthly batch of security updates known as Patch Tuesday, and this month's security release includes fixes for 79 vulnerabilities in a wide range of Microsoft products. The two headliners of this month's patches are CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a security advisory for dealing with the latest wave of Intel CPU flaws that came to light only a few hours before. The zero-day is an elevation of...

Connecticut-based Southeastern Council on Alcoholism and Drug Dependence is notifying 25,148 patients that their data was potentially breached during a February ransomware attack. On February 18, SCADD officials said they discovered some disruptions the network. A review determined a ransomware attack had compromised some of its systems. SCADD worked with a third-party forensics team to investigate. The investigation determined the compromised data included patient names, addresses, Social Security numbers, medical histories, and treatments. Officials said...

The city of Washington’s entire communications system was shut down by a malware attack last week. Now, 11 Investigates uncovered nearly half a dozen local police departments that are dealing with a separate hack involving their records. Whitehall and Munhall police operate independently in just about every way imaginable. But those departments, along with at least three others, are dealing with the same problem: a malware attack on their records systems. Source: WPXI

An unprotected Elasticsearch server was found publicly exposing personally identifiable information belonging to nearly 90% of Panama citizens, a security researcher found last week. Bob Diachenko, cyber threat intelligence director at Security Discovery, found the data sitting in a server, where it was publicly available and visible in any browser. The database held 3.4 million records containing detailed information on Panamanian citizens, labeled "patients," as well as 468,086 records labeled "test-patient." He reports the exposed...