News

This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days. High rates of “known” (i.e. patchable) vulnerabilities which have...

The tech giant Microsoft has claimed that encouraging women into cybersecurity jobs is "mission critical" to addressing the labour shortage in the cybersecurity industry. The company's corporate vice president of security, compliance, identity and management, Vasu Jakkal argues that diversity is sorely needed in the industry in order to address the evolving threat landscape and relieving overburdened IT teams. A lack of female representation in cybersecurity is fuelling unequal pay and insufficient support for women,...

The prolific Conti ransomware collective spent millions on salaries, tools and services throughout 2021. The recent leak of the pro-Russia group's internal chats by a Ukrainian researcher, analysed by security vendor BreachQuest, has revealed fascinating insights into the workings of the operation. The group's structure is not dissimilar to that of a legitimate business, with an HR and recruitment lead, someone in charge of its data leak blog, a training specialist, a blockchain lead and...

Professor John Goodacre, challenge director – Digital Security by Design, UKRI, and Professor of Computer Architectures, The University of Manchester, told attendees at the last leg of the DSbD roadshow in Wales that the UK is on the path to "cyber disaster". He claimed that the current approach of discovering and patching vulnerabilities is growing unsustainable as the digital revolution storms on - particularly in regards to the growth of IoT devices. “Even with the...

A global leader in WordPress security and threat intelligence, Patchstack, recently released a whitepaper highlighting the sorry state of WordPress security in 2021. Reported vulnerabilities grew 150% in 2021 from the previous year. Perhaps most alarmingly, 29% of the critical flaws in WordPress plugins never received an update. WordPress is used in 43.2% of websites and is the most popular content management system on the planet, making the report worrying reading.  

A new FBI report has revealed that at least 52 critical national infrastructure (CNI) entities have been compromised by a ransomware variant. The FBI has claimed that organisations across 10 CNI sectors had been impact as of January this year.# Key sectors include manufacturing, financial services, government and IT. A prolific ransomware variant has compromised at least 52 critical national infrastructure (CNI) entities, a new FBI report has revealed. The group has change it's tools,...

A group with ties to China tracked as TA416 but widely known as Mustang Panda has targeted European diplomats since August 2020. The most recent activity employs refreshed lures to coincide with the Russian invasion of Ukraine. A new report by Proofpoint found that TA416 leads cyber-espionage campaigns against the EU, focusing on long-term goals rather than opportunistic gains. The group has not changed their methods since the campaign began, making easy work for analysts.

https://vimeo.com/683449370/53eb067506   Armis, unified asset visibility and security company, announced the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and even destroy APC Smart-UPS devices and attached assets, researchers have warned.   Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centres, industrial facilities, hospitals, and more....

Threat actors have breached the South Korean tech giant Samsung Electronics and stolen several source codes. The source codes in question are instrumental in the operation of the organisation's Galaxy devices. In a statement to SamMobile on Monday, the company revealed that it had strengthened its security measures after identifying a breach “relating to certain internal company data.” As yet, the company is not aware of the full scope of the breach but Samsung has...

The worlds largest digital newspaper and magazine distributor has been hit with a cyberattack, leaving users without access to more than 7000 publications. PressReader is headquartered in Vancouver, Canada, but has offices in both Dublin, Ireland and Manila, Philippines. The organisation began experiencing network outages on Thursday, affecting its Branded Editions website and apps, alongside the PressReader site. PressReader's local, regional and international newspapers and magazines online, on mobile devices and in print have all...