News

New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees. The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA. An insider threat is defined by Imperva as originating from “inappropriate use of legitimate authorised user accounts” by either their...

Jeremy Fleming, the head of GCHQ, has praised the new government counter-disinformation cell focused on Kremlin propaganda. Fleming spoke at the Australian National University in Canberra yesterday, arguing that President Putin had massively miscalculated his invasion Ukraine. He revealed that Russian soldiers are “refusing to carry out orders, sabotaging their own equipment and even accidentally shooting down their own aircraft." Fleming has also argued that Ukraine's social-savvy President Zelensky has inspired information campaigns worldwide with...

Hackers breached the IT systems of  Illuminate Education in January, gaining access to the personal data of around 820,000 current and former New York City public school students. Illuminate Education is a taxpayer funded software based in California. It is best known for creating the widely-used IO classroom,Skedula and PupilPath platforms, current used by New York City's Department of Education to log attendance and grades. The Department announced the hack on Friday, revealing that information dating back...

A new critical remote code execution bug, dubbed "SpringShell" by some in the community, has been identified by security researchers. The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer. Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to perform logging, and anyone using software built on Spring, which is a large population of enterprise Java software.” “It stems...

My1Login has announced it has been hired by London Central & West Unscheduled Care Collaborative, a leading provider of urgent healthcare to the NHS 111 service, to overhaul its staff identity access through My1Login’s Identity-as-a-Service (IDaaS) solution.   The platform integrates with their existing computer login and removes the need for users to manage any additional application passwords, enabling the transition to a passwordless environment. This means clinicians only need to sign into their computer...

Researchers at Lacework have revealed that the Log4Shell vulnerability was exploited as an initial attack vector in 31% of cases monitored by the company over the past six months. The software vendor’s latest Lacework Cloud Threat Report highlights typical risks in today's digital landscape. The findings confirm what security experts suspected, that the Log4j bug was used extensively by threat actors since its emergence in December last year. “Over time, we watched scanning activity evolve into more...

The National Cyber Security Centre (NCSC) of the UK has urged organisations to reconsider the risks associated with "Russian-controlled" parts of their supply chains. Ian Levy, technical director of the NCSC argued that "Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall...

Sky Mavis' Ronin Network, which supports its Axie Infinity game, has suffered the largest cryptocurrency theft in history. The organisation announced yesterday that the Ronin network had been hacked to the tune of 173,000 Ethereum, or roughly $594 million, and $25 million in US dollars. Comparitech has ranked the incident as the largest crypto-heist of all time.

A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyberattack. The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US. It has also been revealed that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber attack in the past 18 months, or anticipate one in the future. Russia and...

A new bill with bipartisan support has been proposed by US lawmakers, with the intention of enhancing the cybersecurity of America's healthcare and public health (HPH) sector. The Healthcare Cybersecurity Act (S.3904) was proposed by US senators Jacky Rosen and Bill Cassidy on Thursday. The proposal is likely a reaction to the White House warning over the increased risk of cyberattacks hitting the US amidst the Russian invasion of Ukraine. “Health centres save lives and...