News

The Department of Homeland Security has announced a new Cyber Safety Review Board bringing together cybersecurity experts from public and private organizations to "review and assess significant cybersecurity events." The board was part of the executive order that President Joe Biden signed last year. Experts have long called for a federal organisation for cybersecurity incidents similar to the National Transportation Safety Board, which investigates airplane crashes and transportation incidents.  Alejandro Mayorkas, Homeland Security secretary, said...

KP Snacks, purveyor of iconic British snacks such as Skips and Butterkist, has been hit with a ransomware attack threatening to impact deliveries at least until the end of March. The company announced that Conti, an incredibly effective Russian-speaking group, is behind the attack. As is typical for the gang, they stole data in a double-extortion operation, posting “proof” of the steal on their leak site. Jamie Akhtar, CEO and founder of Cybersmart said, “as...

Despite business backing and a recruitment push, new research suggests most tech security decision-makers are struggling to address the skilled professional shortage. Stott and May, a global cybersecurity recruitment firm has joined forces with venture investor Forgepoint Capital to compose the Cyber Security in Focus. Responses from cybersecurity directors, security operations directors and VPs of product security across the globe are all featured. 87% of respondents admitted to skills shortages, with over a third (35%) claiming...

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to the tune of $326 million in cryptocurrency. Wormhole is a platform enabling users to transfer cryptocurrency across different blockchains. It  locks the original token in a smart contract and mints a wrapped version of the stored token that is trans. Avalanche, Oasis, Binance Smart Chain, Ethereum, Polygon, Solana, and Terra blockchains are all supported by the platform. Wormhole announced yesterday that they shut...

Zero trust-type security has become the standard for any self-respecting security software provider and is a step in the right direction in the never-ending battle against the bad hacker actors of the worlds. Unfortunately, it doesn’t seem the be the final answer to storing corporate data securely for an enterprise and its users. Zero trust is essential for enterprises to restrict access controls to networks, applications and environments without sacrificing performance or usability. Even those...

The American web infrastructure and website security company Cloudflare has announced the launch of a new public bug bounty program. Rushil Shah, a Product Security Engineer at Cloudflare said, "today we are launching Cloudflare's paid public bug bounty program," "We believe bug bounties are a vital part of every security team's toolbox and have been working hard on improving and expanding our private bug bounty program over the last few years." The new public bug...

A cloud misconfiguration has leaked personal details of countless airport staff throughout South America, a new report suggests. An Amazon Web Services S3 bucket was found without any authentication required to access its contents. A team at AV comparison site Safety Detectives found the problem and notified the owner, Swedish security giant Securitas on October 28 2021. The firm secured the database on November 2. Safety Detectives believe the S3 bucket contained around 1.5 million...

Scammers are conducting phishing campaigns using fake advertisements on recruitment platforms. The FBI issued the warning today through a public service announcement (PSA) on their Internet Crime Complaint Centre (IC3). "The FBI warns that malicious actors or 'scammers' continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," the FBI says. "These scammers lend credibility to their scheme by using...

Iranian hackers are now using new malware to conduct cyber espionage campaigns and steal data. In some cases they drop ransomware in an attempt to avoid detection. Researchers at Cybereason attribute the two separate campaigns to an Iranian hacking group known as Phosphorous. Moses Staff, another state-backed group, is also believed to be involved. It is believed that Phosphorous carried out a number of espionage campaigns against organisations in the US, Europe and the Middle...

One in seven ransomware extortion data leaks are revealing technology data critical to business operation, researchers say. In recent years, ransomware has catapulted in severity from its early days as barebone encryption and basic demand for payment. Historically, ransomware was used to infect systems and extort payments from the general public, typically in cryptocurrency such as Bitcoin (BTC). In recent years however, operators have taken to "big game hunting", targeting large organisations for a hefty...