SecurityWeek
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
SecurityWeek
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
Infosecurity News
Ukraine Police Dismantle Major Ransomware Group
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma
Cyber Security News
CISA & NCSC Discloses Guidelines for Secure AI System Development
New security flaws in AI systems must be taken into account in addition to the usual cyber security risks,security is frequently neglected.
SecurityWeek
US, UK Cybersecurity Agencies Publish AI Development Guidance
New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
Infosecurity News
KyberSwap Says Hackers Stole $55m in Crypto
Decentralized exchange offers $5m bounty
Infosecurity News
UK Publishes First Guidelines on Safe AI Development
NCSC and CISA effort endorsed by 18 countries
Security Affairs
The hack of MSP provider CTS potentially impacted hundreds of UK law firms
The cyber attack that hit the managed service provider (MSP) CTS potentially impacted hundreds in the United Kingdom.
CyberSecurity Dive
The top cybersecurity events and conferences in 2024, according to security pros
Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
Infosecurity News
Cyber-Attack Disrupts UK Property Deals
A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
Infosecurity News
Black Friday: Phishing Emails Soar 237%
Global brands impersonated to capitalize on busy shopping period
The Record
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS
The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
The Record
Vanderbilt University Medical Center investigating cybersecurity incident
Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Infosecurity News
North Korean Supply Chain Threat is Booming, UK and South Korea Warn
The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Infosecurity News
University of Manchester CISO Speaks Out on Summer Cyber-Attack
University of Manchester CISO Heather Lowrie shared how the institution tackled a major data breach earlier in 2023
CyberNews
AI could shorten work week to four days within decade – for some
Same pay, longer weekends? That could be a reality as soon as 2033 – at least for those working in the more affluent areas of the US and the UK.
Infosecurity News
Microsoft Launches Defender Bug Bounty Program
Ethical hackers could win cash prizes of up to $20,000
Infosecurity News
Europol Launches OSINT Taskforce to Hunt For Russian War Crimes
New unit will scour the internet for evidence
Infosecurity News
India Faces Surge in IM App Attacks With Trojan Campaigns
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
SecurityWeek
Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme
The Tor network has removed many relays associated with a cryptocurrency scheme, citing risk to integrity and users.
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
The Record
UK regulator demands websites let users ‘Reject All’ cookies
Top websites in the United Kingdom have 30 days to comply with the country’s privacy laws or they will “face the consequences,” the Information Commissioner's Office said.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
Bleeping Computer
Rhysida ransomware gang claims British Library cyberattack
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage.
CyberNews
Clearview AI $10M fine still under dispute as UK regulator appeals
The Information Commissioner's Office has appealed a tribunal decision to overturn a fine levied against it over data privacy.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
Bleeping Computer
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.
SecurityWeek
Key GOP Lawmaker Calls for Renewal of Surveillance Tool as He Proposes Changes to Protect Privacy
A Key GOP lawmaker has called for the renewal of surveillance tool as he proposes changes to protect privacy
The Record
‘Sex life data’ stolen from UK government among record number of ransomware attacks
The latest data released by the Information Commissioner’s Office (ICO) includes an attack that breached data on the sex lives of up to 10,000 people, from an unspecific government department.
The Record
UK privacy authority to appeal decision overturning $10 million fine on Clearview AI
The Information Commissioner’s Office (ICO) said it agreed with some aspects of a ruling from October, but ultimately wants to clarify whether Clearview AI can characterize certain activities as working with "law enforcement."
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
Security Affairs
Samsung suffered a new data breach
Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual.
Infosecurity News
Half of Ransomware Groups Operating in 2023 Are New
WithSecure report highlights widespread code reuse
CyberNews
Hive reborn: new ransomware group emerges from the ashes
Hive lost its aura in January 2023, when the FBI and other law enforcement agencies in Germany penetrated Hive’s computer network.
Infosecurity News
European Police Take Down $9m Vishing Gang
Fraudsters operated from Ukrainian call centers
CyberNews
Samsung notifies UK store customers of data breach
Samsung Electronics, a South Korean multinational tech corporation, has notified some of its customers of a data breach that exposed their personal data to a hacker.
Bleeping Computer
New Samsung data breach impacts UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Samsung hit by new data breach impacting UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
Infosecurity News
UK Privacy Regulator Issues Black Friday Smart Device Warning
Consumers urged to think before they buy connected technology
The Record
UK National Cyber Force operations to become ‘more embedded’ with policing
The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
Ars Technica
AI outperforms conventional weather forecasting for the first time: Google study
AI models may soon enable more accurate forecasts with higher speed and lower cost.
SecurityWeek
UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
Britain’s cybersecurity agency said artificial intelligence and "deepfakes" pose a threat to the country’s next national election
Infosecurity News
NCSC: UK Facing “Enduring and Significant” Cyber-Threat
Critical infrastructure providers under pressure from state-backed groups
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
DarkReading
'Hunters International' Cyberattackers Take Over Hive Ransomware
Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.
Infosecurity News
Cyber-Attack Could Have “Devastating” Impact on Aussie Exports
Port operator struggles to recover from serious incident
Bleeping Computer
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
Cyber Security News
Top 10 Best Google Alternatives in 2024
Best Google Alternatives: 1. DuckDuckGo 2. Search Encrypt 3. Qwant 4. Startpage 5. Mojeek 6. Bing 7. Gibiru 8. Ask 9. SearX 10. Yahoo!
Infosecurity News
MPs Dangerously Uninformed About Facial Recognition – Report
Privacy International warns UK is “sleepwalking into public mass surveillance”
Infosecurity News
UK Shoppers Lost Nearly £11m to Fraud Last Festive Season
NCSC warns of AI-generated scams in run-up to Christmas
CyberNews
Black Friday warning as ‘grinch bots’ target retailers
Advanced bargain-stealing bots make up more than half of automated retail traffic, says cybersecurity analyst Imperva.
CSO
Generative AI could erode customer trust, half of business leaders say
Businesses leaders admit their company needs to improve security and compliance measures as demands of customers, investors, and suppliers increase.
The Record
UK government fails to bring forward promised cyber laws in King’s Speech
Legislation that would have, in the government’s own words, “better protected” essential services in the country — including in the water, energy and transport sectors — is now unlikely to be introduced to Parliament until 2025, and probably won’t take effect until 2026 at the earliest.
Infosecurity News
Over Half of Users Report Kubernetes/Container Security Incidents
Many say it led to a subsequent data breach
Infosecurity News
Security Agency Publishes Post-Quantum Guidance For Firms
NCSC wants to ease transition to quantum safety
Latest Hacking News
Canada Bans Kaspersky, WeChat On Govt Devices Suspecting Spying
The Government of Canada officially bans using WeChat and Kaspersky apps on government devices, citing privacy risks. Users can no longer download the apps on government-issued mobile devices. Canada Bans Kaspersky And WeChat According to a recent
CSO
Most cloud moves found rushed as adopters underrate associated risks: Report
More than half of security leaders surveyed didn’t understand the security risks associated with shifting to the cloud.
CSO
UK NCSC issues new guidance on post-quantum cryptography migration
The UK National Cyber Security Centre has refreshed its guidance to help system and risk owners plan their migration to post-quantum cryptography (PQC).
Infosecurity News
UK AI Safety Institute: A Blueprint for the Future of AI?
The UK Frontier AI Taskforce is evolving to become the UK AI Safety Institute
The Record
UK agency warns post-quantum cryptography migration will be ‘very complicated’
The National Cyber Security Centre says that more than just mathematics will be necessary to meet the threat that quantum computers pose to traditional public-key cryptography.
The Record
Corrupt police intel analyst jailed for tipping off criminal about EncroChat hack
Natalie Mottram, 25, was arrested in June and now begins a prison sentence of more than three years for misconduct in public office, perverting the course of justice and unauthorized access to computer material.
Bleeping Computer
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
CSO
Governments should not pay ransoms, International Counter Ransomware Initiative members agree
CRI members affirm the importance of strong and aligned messaging discouraging paying ransomware demands.
Infosecurity News
The People Hacker: AI a Game-Changer in Social Engineering Attacks
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
Infosecurity News
UK Banks Warn Quantum Will Imperil Entire Payment System
Industry wants government to set up a new taskforce
Ars Technica
“Catastrophic” AI harms among warnings in declaration signed by 28 nations
"Bletchley Declaration" sums up first day of UK's international AI Safety Summit.
SecurityWeek
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
The AI Safety Summit focused on cutting-edge “frontier” AI that some scientists warn could pose a risk to humanity’s very existence.
CSO
28 countries reach landmark agreement on “safe and responsible” AI development
Leading AI nations have reached a world-first agreement at Bletchley Park establishing a shared understanding of the opportunities and risks posed by artificial intelligence.
Infosecurity News
28 Countries Sign Bletchley Declaration on Responsible AI
The 28 signatories of the Bletchley Declaration agreed on an international network of scientific research on ‘frontier AI’ safety
Infosecurity News
NHS Trust Slammed After IT Snafu Delays Thousands of Referrals
Regulator highlights major data handling errors
Bleeping Computer
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28.
CSO
Cybersecurity workforce shortage reaches 4 million despite significant recruitment drive
A new study suggests cybersecurity skills gaps can be worse than total workforce shortages.
Infosecurity News
Regulator Reveals Large Disparity in APP Fraud Reimbursement
Warns of inconsistent outcomes for customers who report fraud
Infosecurity News
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
ISC2’s CEO says the c-suite appears to be more concerned with economic risk than cyber risk
Computerworld
What exactly will the UK government's global AI Safety Summit achieve?
With the first global AI Safety Summit beginning in the UK on Nov. 1, questions remain over whether the event will facilitate a meaningful outcome and if there will ever be a global consensus on AI regulation.
Computerworld
Biden lays down the law on AI
The White House today issued a long-awaited executive order that hammers out clear rules and oversight measures to ensure artificial intelligence is kept in check, while also providing paths for it to grow.
Ars Technica
Biden issues sweeping executive order that touches AI risk, deepfakes, privacy
Order details US admin's approach to AI safety, media authenticity, job loss, and more.
Infosecurity News
Biden Issues Executive Order on Safe, Secure AI
The order is designed to help ensure Ai systems are safe, secure and trustworthy
SecurityWeek
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers a danger to corporate brand image, and an insider threat? Or can they be used to strengthen cybersecurity and compliance?
Infosecurity News
Surveillance Commissioner Blasts Cops for Data Retention
Fraser Sampson says UK police have three million photos of innocent people
Bleeping Computer
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
Infosecurity News
Security Agency Rolls Out Protective DNS for Schools
Local authorities urged to sign up today
-1.webp)
Cyber Security News
Beware of Fake Google Chrome Update that Installs Malware
One of them is the fake Chrome update malware, which has been around for several years and is still active.
Infosecurity News
UK IT Pros Worried About C-Suite Training Gap Ahead of AI Safety Summi
93% of professionals express concerns about their company’s C-suite ambitions for generative AI
CSO
UK Prime Minister announces world’s first AI Safety Institute
AI Safety Institute will examine, evaluate, and test new types of artificial intelligence
Infosecurity News
UK Parliament Opens Inquiry into Cyber-Resilience
Critical infrastructure providers will come under the spotlight
Infosecurity News
Humans Need to Rethink Trust in the Wake of Generative AI
Generative AI poses a high risk of misinformation and disinformation, according to ISACA survey, with 77% of professionals saying it is the top concern
The Record
UK government accused of ‘vandalism’ over abolishing biometrics safeguards
The British government’s plans to remove safeguards around biometrics and public space surveillance were described on Thursday as “shocking” and “tantamount to vandalism” by an outgoing commissioner.
CSO
Wildfires, cyberattacks, and cheating students turned off the internet in the third quarter
Submarine cable damage, natural disasters and cyberattacks triggered third quarter internet outages worldwide, according to a report from Cloudflare.
CSO
Businesses face “silent infiltration” of generative AI as use spirals out of control
Business leaders appear to have lost control over the deployment of generative AI despite just 28% of organizations expressly permitting its use.
Bleeping Computer
Ransomware isn’t going away – the problem is only getting worse
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks.
Infosecurity News
Purchase Scams Surge as Fraud Losses Hit £580m
APP fraud remains a major challenge for UK banking sector
CSO
Cisco patches IOS XE vulnerabilities actively being exploited
CVE-2023-20198 and CVE-2023-20273 affect Cisco IOS XE software if the web UI feature is enabled.
Bleeping Computer
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
Bleeping Computer
Palestine crypto donation scams emerge amid Israel-Hamas war
As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses.
The Record
Behind the FTC’s plan to hire child psychologists to help regulate social media firms
Alvaro Bedoya, a commissioner at the Federal Trade Commission (FTC), is known for his expertise in digital privacy — a skill which is serving him well now, as the commission works to better understand the effects of social media, particularly on children.
Bleeping Computer
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
DarkReading
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
Infosecurity News
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
WithSecure has found strong indicators that DarkGate attacks are being perpetrated by attackers also using the Ducktail infostealer
Bleeping Computer
India targets Microsoft, Amazon tech support scammers in nationwide crackdown
India's Central Bureau of Investigation (CBI) raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud.
Infosecurity News
US Charge Man with Running Stolen Credentials Marketplace
Authorities believe the E-Root marketplace listed more than 350,000 computer credentials for sale
DarkReading
FBI: Hackers Are Extorting Plastic Surgery Providers, Patients
The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.
Infosecurity News
Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats
The Five Eyes intelligence agencies want start-ups dealing with cutting-edge technology to bolster their protections against nation-state threats
The Record
Clearview AI wins appeal to overturn $10 million UK privacy fine
A U.K. tribunal determined that facial recognition company Clearview AI's activities were 'beyond the material scope' of Europe's General Data Protection Regulation.
The Record
UK warns nuclear power plant operator of cybersecurity failings
EDF failed to “meet its commitment to provide us with a comprehensive and fully resourced cyber security improvement plan,” according to the U.K. chief nuclear inspector’s annual report.
The Record
Eastern European energy and defense firms targeted with MATA backdoor
Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of a malware framework previously linked to North Korean threat actors.
Infosecurity News
Rising AI-Fueled Phishing Drives Demand for Password Alternatives
FIDO Alliance’s Online Authentication Barometer showed that AI-powered phishing is prompting users to switch passwords for MFA
Infosecurity News
A Third of Organizations Not Ready to Comply with NIS2
A new survey found that three-quarters of organizations in the UK are yet to address the five key requirements for compliance
SecurityWeek
Equifax Fined $13.5 Million Over 2017 Data Breach
UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach.
The Record
UK appoints Neal-Hopes as commander of National Cyber Force
Tim Neal-Hopes, an Air Vice-Marshal in the Royal Air Force, was announced as the new commander of the United Kingdom’s National Cyber Force (NCF) on Monday.
The Record
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats on Friday afternoon.
Infosecurity News
UK Regulator Fines Equifax £11m for 2017 Data Breach
The UK FCA held Equifax Ltd responsible for failing to protect UK consumer data held by its US-based parent company
The Record
UK fines Equifax $13.6 million for 2017 data breach
The UK arm of credit reporting firm Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017.
DarkReading
Brands Beware: X's New Badge System Is a Ripe Cyber-Target
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
ZDNet
Ransomware victims continue to pay up, while also bracing for AI-enhanced attacks
Most organizations have paid up in a ransomware attack, with more than half shelling out over $100,000, and most see generative AI offering malicious hackers more ways to launch attacks, according to a recent survey.
Infosecurity News
Half of Small Businesses Hit by Cyber-Attack Over the Past Year
A new survey from accounting software provider Sage showed that most SMEs have developed a cybersecurity posture but struggle to keep up with the threats
Infosecurity News
Fifth of UK Cybersecurity Pros Work Excessive Hours
Workload is biggest concern for industry professionals
Infosecurity News
Half of CISOs Now Report to CEO as Influence Grows
Trend is more pronounced in Europe than America
SecurityWeek
Cable Giant Volex Targeted in Cyberattack
UK-based cable manufacturing giant Volex has been targeted in a cyberattack that involved unauthorized access to IT systems and data.
The Record
UK opposition leader targeted by AI-generated fake audio smear
Private sector analysts said an audio clip of Labour Party leader Keir Starmer was likely a deepfake. British government officials urged the public to ignore it.
Computerworld
Homeland Security confirms your privacy is no longer safe
The US Department of Homeland Security reports that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did.
The Record
Snap AI chatbot scrutinized by UK watchdog over how it processes kids’ data
The British data privacy authority on Friday announced a preliminary enforcement notice against the American camera and social media company Snap Inc. for potentially failing to adequately assess the privacy threat posed by “My AI,” a generative AI chatbot embedded in its app.
The Record
China-based spies are hacking East Asian semiconductor companies, report says
Researchers at EclecticIQ attributed the campaign to a China-based group known as Budworm or APT27. The hacking campaign involved lures citing a major Taiwan microchip manufacturer.
The Record
MGM Resorts says cyberattack cost $100 million, resulted in theft of customer info
Filings with the Securities and Exchange Commission reveal the cost of a recent cyberattack that disrupted operations at MGM's Las Vegas casinos.
DarkReading
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
CSO
Google, Yahoo announce new email authentication requirements for 2024
Bulk Gmail and Yahoo Mail email senders will be required to strongly authenticate their emails following well-established best practices such as DMARC, SPF, and DKIM.
SecurityWeek
Red Cross Publishes Rules of Engagement for Hacktivists During War
ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives, or making threats of violence
SecurityWeek
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries.
DarkReading
Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.
Infosecurity News
EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W
The open letter, signed by 50 leading cybersecurity figures, urges the EU to reconsider its proposals around vulnerability disclosure requirements
The Hacker News
API Security Trends 2023 – Have Organizations Improved their Security Posture?
For businesses, API breaches spell disaster. Find out how inadequate security measures can lead to financial losses and customer data leaks.
Infosecurity News
CyberEPQ Course Triples Student Intake for the Coming Year
Government funding will help more sixth-form students get into cyber
SecurityWeek
Motel One Discloses Ransomware Attack Impacting Customer Data
Motel One says customer addresses and credit card information were compromised in a recent ransomware attack.
SecurityWeek
Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
Twenty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in September 2023, fewer than last month
Infosecurity News
Fifth of Brits Suspect Monitoring at Work
Privacy regulator warns employees to stay within the law
The Record
UK passport database to be used to identify suspects from CCTV footage
The United Kingdom's crime and policing minister, Chris Philp, says the government is putting technology in place to take advantage of existing legal authorities to access the passport database.
DarkReading
KillNet Claims DDoS Attack Against Royal Family Website
The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.
Bleeping Computer
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.
SecurityWeek
Number of Internet-Exposed ICS Drops Below 100,000: Report
The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019.
Infosecurity News
Royal Family Website Downed by DDoS Attack
Russian Killnet group suspected of a DDoS attach that took the Royal.uk offline for 90 minutes
Infosecurity News
US and UK Lead Fight Against Civil Society Cyber-Threats
Joint meeting brings together eight like-minded countries
CSO
UK data regulator orders end to spreadsheet FOI requests after serious data breaches
The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information
Infosecurity News
Privacy Regulator Orders End to Spreadsheet FOI Responses
UK ICO issues call after damaging police leak
DarkReading
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
CSO
UK data regulator warns that data breaches put abuse victims’ lives at risk
The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse.
Infosecurity News
US and Japan Warn of Chinese Router Attacks
BlackTech group blamed for cyber-espionage operation
Infosecurity News
UK Logistics Firm Forced to Close After Ransomware Breach
Kettering-based KNP Logistics Group was hit in June
Infosecurity News
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo
Bleeping Computer
US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
Infosecurity News
Regulator Warns Breaches Can Cost Lives
ICO says handling of domestic abuse victims’ data must improve
Infosecurity News
Attacks on EMEA Financial Services Double in a Year
Region also experiences most DDoS events
Infosecurity News
NCSC Launches Cyber Incident Exercise Scheme
UK security agency opens scheme to certify assured providers
Infosecurity News
Half of Cyber-Attacks Go Unreported
Almost half of organizations have failed to report cyber-attacks to the appropriate authorities in 2023
The Hacker News
Essential Guide to Cybersecurity Compliance
Wondering which cybersecurity compliance standard is right for your business? Explore GDPR, SOC 2, and ISO 27001 to see which aligns best with your ne
SecurityWeek
The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a threat, as security initiatives can take longer than the residency of a CISO, and constant churn can leave gaps in security.
Infosecurity News
Pension Firms Report 4000% Surge in Breaches
Financial services targeted remorselessly over past year
The Record
UK logistics firm blames ransomware attack for insolvency, 730 redundancies
KNP Logistics was listed earlier this year by the Akira ransomware group.
CSO
Baffle releases encryption solution to secure data for generative AI
Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline.
Ars Technica
Getty Images subscribers to get access to AI image generator
Getty will indemnify customers against lawsuits and pay artists on "recurring basis."
The Record
British Army general says UK now conducting ‘hunt forward’ operations
Lt. Gen. Tom Copinger-Symes speaks with The Record about the U.K.'s new National Cyber Force (NCF) and his outlook for conducting offensive cyber operations outside of Britain.
The Record
Hong Kong crypto business Mixin says hackers stole $200 million in assets
Mixin, which runs a decentralized network for transferring cryptocurrency and other digital assets, said the breach happened through a cloud service provider.
DarkReading
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
Infosecurity News
UK Security Agency Publishes New Crypto Designs
NCSC hopes research will inform future standards
The Record
NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000
Attorney General Letitia James and Marymount Manhattan College announced the agreement, which is part of the response to a 2021 incident.
Infosecurity News
UK-US Confirm Agreement for Personal Data Transfers
The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data between the UK and US
Infosecurity News
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat
Infosecurity News
Bot Attack Costs Double to $86m Annually
Netacea warns of growing threat from malicious automation
Cyber Security News
Magento Security Checklist: 8 Steps To a Secure Magento Store - 2023
Magento Security Checklist : 1. Update to the Latest Version 2. Ensure a Strong Password 3. Limit Magento Admin Login Attempts 4. Switch 2FA.
The Record
IRS, Dutch and UK experts teach Ukrainian law enforcement how to catch sanctions evaders
The three countries completed their latest training session with Ukrainian law enforcement officers in an effort to help them trace cryptocurrency and blockchain transactions.
The Record
British government quietly sacks entire board of independent AI advisers
The U.K. has disbanded the Centre for Data Ethics and Innovation's (CDEI) advisory board as the government switches focus to a Frontier AI Taskforce prompted in part by the rise of ChatGPT.
Bleeping Computer
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
Computerworld
UK's controversial online safety bill set to become law
The Online Safety bill, now passed by Parliament, has stirred criticism regarding provisions that will require tech companies to monitor encrypted messages.
CSO
Online Safety Bill passes final parliament debate, set to become UK law
Despite widespread criticism and scrutiny, the UK government is within touching distance of delivering its controversial new internet safety rules.
SecurityWeek
California Law Restricting Companies' Use of Information From Kids Online Is Halted by Federal Judge
A federal judge has halted implementation of a California data collection law intended to protect the privacy of minors.
Infosecurity News
Brits Lose $9.3bn to Scams in a Year
One in 10 have suffered from fraud in past 12 months
SecurityWeek
UK Minister Warns Meta Over End-to-End Encryption
Britain's interior minister warned Meta that out end-to-end encryption on its platforms must "not to come at a cost to our children's safety"
SecurityWeek
Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
SecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations.
SecurityWeek
Cybersecurity M&A Roundup for First Half of September 2023
A dozen cybersecurity-related merger and acquisition M&A deals were announced in the first half of September 2023.
The Record
UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption
Parliament has finished its work on the Online Safety Bill, ending a legislative saga that focused the U.K.'s attention on how far the government should go to control certain online behaviors.
The Record
FTC denies blame for Xbox plans leaked in unredacted filing
The Federal Trade Commission (FTC) on Tuesday said it wasn’t culpable for the leak of sensitive plans for gaming platform Xbox that were recently exposed in legal filings.
Ars Technica
Chinese hackers have unleashed a never-before-seen Linux backdoor
SprySOCKS borrows from open source Windows malware and adds new tricks.
SecurityWeek
OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
OpenTitan is a project aimed at bringing the success of open source software to the silicon design space – specifically a silicon-level root of trust
SecurityWeek
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules
European regulators slapped TikTok with $368 million fine for failing to protect children’s privacy and breaching strict data privacy rules.
Cyber Security News
Caesars Entertainment Hacked: Over 6TB of Data Stolen
Caesars Entertainment Inc. has reportedly paid a substantial sum to hackers who infiltrated the company's systems and threatened to release sensitive data.
Infosecurity News
Manchester Police Officers’ Data Breached in Third-Party Attack
Officers working undercover or in sensitive roles like intelligence could be exposed
Bleeping Computer
Manchester Police officers' data exposed in ransomware attack
United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier.
Ars Technica
A phone call to helpdesk was likely all it took to hack MGM
Slot machines and hotel room key cards stopped working at MGM casinos on the Strip.
The Record
Manchester police officers’ data stolen following ransomware attack on supplier
Greater Manchester Police (GMP) said that neither financial information nor home addresses were exposed in the incident, but there is concern about organized crime groups acquiring personal details about officers.
Infosecurity News
Chilling Lack of Cyber Experts in UK Government: Parliamentary Inquiry
The parliamentary inquiry heard there are “particular shortages” of cybersecurity experts in the civil service, with pay restraints a major factor