If the UK Government gets its way, IT service vendors and other cloud-based service providers may soon be required to adopt new measures to strengthen their cybersecurity, amid rising concerns about supply chain risks. The Department for Digital, Culture, Media and Sport (DCMS) has floated plans to make mandatory compliance with the National Cyber Security Centre's Cyber Assessment Framework...

A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats. According to the GAO report, the current plan for addressing threats to K-12 schools was developed and issued in 2010 and has not...

The U.S. Department of Justice charged a British man for his alleged role in stealing $784,000 worth of cryptocurrency using SIM swap attacks. According to the unsealed indictment , Joseph James O'Connor – also known as "PlugWalkJoe" – conspired with others to steal approximately $784,000 worth of cryptocurrency from a Manhattan-based cryptocurrency company. It's alleged that O'Connor, who is in...

The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute force credential attacks targeting Remote Desktop Protocol (RDP) to gain access...

The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. The government's Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, following a series of BlackMatter ransomware attacks since July 2021 targeting US critical infrastructure, including two American organisations working in the...

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half. Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to enhance their threat intelligence and improve anti...

Organisations who find their networks hit by a ransomware attack may soon have to disclose within 48 hours any payments to their extortionists. That's the intention of the Ransom Disclosure Act , a new bill proposed by US Senator Elizabeth Warren and Representative Deborah Ross. Ransomware victims are not currently required to report attacks or ransom payments to federal authorities , but the new...

REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, operating as a ransomware-as-a-service (RAAS) business model that sees it share its profits with affiliates who break into networks and negotiate with victims on the group's behalf. But now there are reports that a...

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory , the Department of Treasury's Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks. In its updated...

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones , i.e. children and elders. Criminals have...

In a security advisory , Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content. According to Microsoft, attacks exploiting the...

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations , warning about an increase in the number of attacks coinciding with weekends and holidays. With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network defences, and "engage in preemptive...

Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million , the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards. It may help to consider the legal consequences of poor cybersecurity. While the...

What's happened? The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking U.S. companies since November 2020. How are companies being attacked by the OnePercent gang? The gang emails targeted individuals inside an organization using social engineering tricks to dupe the unwary into opening a malicious Word document contained within an attached...

Got a grudge against an Instagram user? Well, scammers may just have the perfect service for you - at quite an affordable price. As Joseph Cox at Motherboard reports , the criminal underground has stepped beyond the likes of offering ransomware-as-a-service and DDoS-attacks-for-hire to advertise an easy way for anyone to target an Instagram account and have it banned - for $60 or less. Motherboard...

A new ransomware gang that calls itself BlackMatter has launched itself on the dark web, and is actively attempting to recruit criminal partners and affiliates to attack large organisations in the United States, UK, Canada, and Australia. As experts at Recorded Future describe , the BlackMatter gang is advertising for "initial access brokers" - individuals who can gain unauthorised access to...

Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter's history. In July 2020, the Twitter accounts of public figures and well-known organisations were compromised, allowing malicious hackers to post tweets to millions of unsuspecting followers. Compromised accounts included those of then-Presidential candidate Joe Biden, Bill Gates, Elon Musk...

The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure. The news of the reward comes at the same time as the White House ann o unced it was setting up a ransomware task force following a series of...

Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry. In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe. Attached to the emails are Word documents containing macros that plant malicious code...

Storage drive maker Western Digital is telling owners of its WD My Book Live device to disconnect it from the internet after reports that some have had their data erased by malicious software. According to an advisory issued by the firm, malicious attackers are compromising the devices – commonly used to back up data such as home movies, photographs, and important documents – resulting in their...