Top 10 Stories

A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand's infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called GhostSecret. View full story ORIGINAL SOURCE: The Register

BBC 5 live Investigates was able to buy a false, five-star recommendation placed on one of the world's leading review websites, Trustpilot. It also uncovered online forums where Amazon shoppers are offered full refunds in exchange for product reviews. Both companies said they do not tolerate false reviews. View full story ORIGINAL SOURCE: BBC

The Department of Health and Social Care has agreed a deal with Microsoft that will enable all NHS organisations to use Windows 10 in a bid to improve defences against future cyber attacks. View full story ORIGINAL SOURCE: Digital Health

Army researchers have discovered what experienced information security teams already know: actual human interaction isn't a key to success when you already know your role on the team. At the National Cyberwatch Center's Mid-Atlantic Collegiate Cyber Defense Competition in March and April 2017, the team of researchers decided to conduct a study observing the competing teams. The CyberDawgs of the University of Maryland Baltimore County won the MACCDC before going on to win the Nationals a few weeks...

The Financial Conduct Authority (FCA) has awarded a £40m contract to 17 companies to monitor its cyber defences as it seeks to strengthen its online security in the wake of a series of high-profile attacks. View full story ORIGINAL SOURCE: The Daily Telegraph

University qualifications in cybersecurity are important but are only a start to keeping up with the changing cybersecurity threat, according to a corporate cybersecurity executive and educator who is currently leading nearly 3500 attendees through an online cybersecurity skills course focused on phishing countermeasures. View full story ORIGINAL SOURCE: CSO

Amid rising threats, including a recent attack on several U.S. power and natural gas suppliers, energy companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least a third less than financial institutions, according to Precision Analytics LLC and The CAP Group LLC, security consultants that work within the industry. View full story ORIGINAL SOURCE: Bloomberg

Earlier this month, Oracle patched a critical vulnerability in its WebLogic server – but someone identifying himself as an Alibaba security researcher reckons Big Red botched the patch. The bug in question was fixed in Oracle's x 254-strong quarterly patchfest that was headlined by Java and Spectre fixes. View full story ORIGINAL SOURCE: The Register

The Department for Work and Pensions (DWP) has allocated £14.7 million towards GDPR compliance, new research has found, with less than a month to go until the new data regulations come into force. The DWP is forecast to spend that sum over the course of 2018, with this money predominately being used for a programme of education and awareness, as well as a review of existing records storage arrangements. View full story ORIGINAL SOURCE: IT...

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that in Microsoft's Windows 7 and Server 2008 R2 mitigations for the Meltdown design flaw in Intel chips, released in January and February, Microsoft made the...