FBI reports for 2019 show BEC (Business email compromise) attacks generating far better returns for cyber criminals than ransomware. BEC attacks do not require the same level of technology or human resource as do ransomware attacks, nor do they generate …
The number of identified criminal gangs targeting Critical National Infrastructure had, by the end of 2020, increased to 15 – from just 5 in 2018. These gangs target Industrial Control Systems (ICS) and Operations Technology (OT) in the electric energy …
There are good reasons for retiring old, out-of-date software – particularly when the vendor is encouraging you to switch to its newer, more secure version. A number of large organisations – including the Reserve Bank of New Zealand, the University …
The ICO, for the second time in its history, has used the Computer Misuse Act (CMA) to achieve a prison sentence for someone who abused a position of trust to exfiltrate personal data from her employer in order to sell …
A different approach than the SolarWinds breach to deploying malware within legitimate software: purchase a legitimate app on, for instance, the Google Play store, infect it with malware, and then issue an update to its millions of users. By the …
The scale of the Solar Winds attack demonstrates the depth of resources available to some attackers: https://www.securityweek.com/many-solarwinds-customers-failed-secure-systems-following-hack?microsoft
A Florida water plant was hacked last week, by a probably not-very-sophisticated attacker who was able to take advantage of the continued use of Microsoft 7 as an operating system to increase the levels of caustic soda in the city’s …
The new ePrivacy rules took a big step forward on on Wednesday. The EC has agreed its position on ePrivacy Rules – it is now in the hands of the Portuguese presidency to start talks with the EU Parliament. Confidentiality …
A relatively old crime that is becoming more commonplace and high profile: Sim-swapping. This article describes the crime and how to protect against it – and the victims can be ordinary people as well as businesses: SIM swap fraud: How …
Articles about very recent breaches which were facilitated by inadequate penetration testing, inadequate defence in depth and inadequate staff training: Web hosting provider shuts down after cyberattack | ZDNet and Hackers Accessed UScellular Customer Data and Ported Numbers After Breaching …