News

Password security has many well-debated weaknesses but one that gets surprisingly little attention is how organisations can know whether and when theirs have been compromised by outsiders. This lack of interest is surprising. Almost all cyberattacks today, including ransomware attacks, exploit stolen or leaked credentials (a password + username), which makes any compromise a critical incident in the making.  The traditional defence is to change them on a schedule basis on the assumption that a compromise is likely at some point, but this has always...

The Cybersecurity and Infrastructure Security Agency (CISA) this week have added seventeen actively exploited vulnerabilities to the Known Exploited Vulnerabilities Catalog. These latest vulnerabilities bring the catalog up to a total of 341 vulnerabilities, and 10 of the newest 17 must be patched by the first week of February. In the list of 17 vulnerabilities, two are especially interesting: CVE-2021-32648 and CVE-2021-35247. The vulnerability tracked as CVE-2021-32648 must be patched by the first week of...

The government has claimed that its newly introduced Online Safety Bill will make the UK "the safest place in the world to be online", but some have criticised the bill, warning that it doesn't go far enough to combat things like cyber-flashing, child abuse or violence against women and girls.   The BBC reported that MPs said the bill's definition of illegal content must be re-framed, and more should be done to define the risk...

This week, Americans have been warned to watch out for maliciously crafted QR codes aimed at stealing credentials and financial information. The FBI posted this warning on their Internet Crime Complaint Center (IC3) last week. In the statement, the law enforcement agency said: "Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information." Hackers are switching legitimate QR codes posted or advertised by businesses with their own,...

It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal...

A new scam website has been impersonating Nintendo's official website, pretending to sell discounted Nintendo Switch consoles. Last week, the Japanese video game company warned customers to be wary of the scam.  Nintendo rarely warns customers of such issues, so it has been said that this gives insight into the severity of the scams. On Friday, Nintendo tweeted, "We have confirmed the existence of a fake website that impersonates Nintendo's homepage". Nintendo has said that...

In Q4 of 2021, DHL was threat actors' preferred brand to imitate when launching phishing campaigns. This pushed Microsoft into second place and Google into fourth. These findings were unsurprising as the last three months of the year include holidays such as Black Friday, Cyber Monday and Christmas; holidays that hackers frequently exploit as victims let their guard down. As these holidays see an increase in online purchases and package deliveries, scams impersonating the international...

Eight people have been charged by Moscow court for their alleged involvement in the REvil ransomware gang, Russian News Agency (TASS) reported. The arrests were made as part of a larger raid on Friday across 25 locations in Moscow, St. Petersburg and Lipetsk. The men were charged on Saturday with violating Part 2 of Article 187 of Russia's Criminal Code, referring to the "illegal circulation of payments." As a result, they are facing up to seven...

Researchers at Broadband Genie have found that millions of Wi-Fi routers in the UK are left vulnerable to threats because their owners don't take the basic security measures to protect them. Broadband Genie surveyed 1,320 broadband users, with 88% stating that they have never updated their Wi-Fi router's firmware, while 84% have never even bothered changing the router's admin password. When asked why they were not taking these precautions, 73% revealed that they simply didn't...

A London-based cyber fraudster who targeted 670 women, including one who was terminally ill, has been arrested by UK police and pleaded guilty to fraud and money laundering charges. Taking more than £20,000 from his marks, Osagie Aigbonohan operated out of a flat in Abbey Wood, London.   Police arrested Aigbonohan in July 2021 after he was found with a fake driving licence and overstaying his visa in the UK for two years. “Romance fraud...