EU Council Adopts Cybersecurity Strategy – Security news
EU Council Adopts Cybersecurity Strategy The Council of the European Union announced today that it has officially adopted a new cybersecurity strategy.The strategy, which looks ahead to the next decade, was presented to the council in December 2020 by the European Commission and the high representative for foreign affairs.It contains a framework for how to defend businesses, organizations, and EU citizens from cyber-attacks and promote secure information systems. The strategy
CSA and ISACA Announce First Auditing Credential for Cloud Security Systems The Cloud Security Alliance (CSA) and ISACA have announced the availability of the first credential for auditing the security of cloud security systems.The introduction of the Certificate of Cloud Auditing Knowledge (CCAK) comes amid a huge surge in the adoption of the cloud in the past year, as organizations scrambled to facilitate mass remote working.Developed by the CSA and ISACA, the CCAK credential and training prog
MangaDex Site Could Be Offline for Weeks After AttackPopular manga reader MangaDex has decided to rebuild its website after suffering a major breach which compromised its source code and potentially a customer database.The “scanlation” site enables fans of certain titles to read them in their own language for free. However, last Wednesday it discovered an unauthorized individual had managed to gain access to an administrator account, after stealing a session token by exploi
Dark Web #COVID19 Vaccine Ads Surge 350%The black market in coronavirus-related pharmaceuticals and tests continues to grow, with researchers detecting a 350% increase in adverts for supposed ‘vaccines’ over the past three months.Check Point Research revealed new data today claiming that the number of dark web ads for COVID-19 vaccines has trebled since January, with Johnson & Johnson ($600), AstraZeneca ($500), Sputnik ($600) and SinoPharm ($500) brands all on offer for a few hu
#IMOS21: Overcoming the Defender’s DilemmaSpeaking at the opening keynote session of the Spring Infosecurity Magazine Online Summit, security awareness advocate Javvad Malik explored what he referred to as the “defenders dilemma” – along with outlining strategies for overcoming the issue.Malik explained that due to various reasons including budget/resourcing challenges, competing business priorities and incomplete data, the defender’s dilemma is that most
Shell Latest to Fall to Accellion FTA ExploitsShell has become the latest big-name firm to reveal it was affected by a data breach targeting vulnerabilities in legacy file transfer software.In a brief statement that came to light this week, the oil giant admitted it is a customer of Accellion’s File Transfer Appliance (FTA) product.It said it had addressed the exploited vulnerabilities and begun an investigation into the incident. As per other organizations breached in this way, it claimed
Jumio Secures Whopping $150m Investment from Private Equity FirmIdentity verification firm Jumio has secured a $150m investment from private equity business Great Hill Partners, it has announced.The growth capital represents the largest funding round in the history of digital identity and will fuel innovation and automation within the company, Jumio outlined.The investment will be used to dedicate additional resources to automating identity verification solutions, expand the breadth of the
Delhi Police Bust Call Center ScammersPolice in India have arrested 34 people for allegedly impersonating Apple and McAfee employees to con foreign nationals out of their money.The defendants were detained during a March 20 raid on two fake call centers located in the same building in Uttam Nagar, a mostly residential area in southwestern New Delhi.Delhi Police’s Cyber Crime Unit (CyPAD) have linked the call centers to approximately 8,000 victims in Canada, the United Kingdom, and the United Sta
UK Heading for “Catastrophic” Digital Skills Shortage There has been a substantial decline in students enrolling on IT courses in recent years, meaning the UK is facing a “catastrophic” digital skills shortage, impacting the cybersecurity sector.This is according to a new report by the Learning & Work Institute, which showed that the number of students enrolling in ICT at GCSE level fell by 40% from 2015 to 2020. While this is partly as a result of the phasing out of
New Cybersecurity Programs to Protect US Energy The United States is launching three new research programs to protect the security of America’s energy system. The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER), which announced the new programs, said that they will help “to safeguard the US energy system from growing cyber and physical hazards.”Potential vulnerabilities in the global supply chain will be addressed b
UK Govt Department Loses 306 Mobiles and Laptops in Two YearsA UK government department has lost a total of 306 mobile and laptop devices since 2019, according to official figures.The data, obtained under a Freedom of Information (FoI) request by Parliament Street Think Tank, revealed that the Department for Business, Energy and Industrial Strategy had 234 mobiles and 72 laptops lost or stolen during the calendar years of 2019 and 2020.In 2019, 26 laptops were reported stolen and 17 lost. This f
Firms Urged to Patch as Attackers Exploit Critical F5 BugsSecurity experts are urging F5 customers to patch a critical vulnerability in the vendor’s BIG-IP and BIG-IQ networking products after warning of mass exploitation attempts in the wild.CVE-2021-22986 is a flaw in the products’ REST-based iControl management interface which could allow for authentication bypass and remote code execution.With a CVSS rating of 9.8, it was patched on March 10 along with several other bugs that could be
FBI: State and Local Governments Losing Millions to BECThe FBI has warned state and local government organizations to be on the lookout for business email compromise (BEC) scams after revealing that millions have already been lost during the past two years.Losses from BEC campaigns ranged from $10,000 to $4m between November 2018 and September 2020, according to a new Private Industry Notification.Attackers are targeting state, local, tribal and territorial (SLTT) government entities, masqu
Musk Denies Tesla Security Claims After Chinese Military BanElon Musk has hit out at claims that Tesla vehicles are a security risk, after the Chinese military reportedly banned them from its facilities.The tech billionaire and founder of the electric car company told attendees at a Beijing conference held by the government that it would be game over for his firm if such allegations were true.“There’s a very strong incentive for us to be very confidential with any information,&r
Campaigners call platform ‘a fertile recruitment ground’ and say it must take urgent action to protect childrenInstagram has become a hub for young neo-Nazis to recruit young people to far-right groups, a report from an anti-racism group has warned.The recommendations-driven platform and focus on visual media make it ideal for spreading propaganda, Hope Not Hate (HNH) said in its annual State of Hate assessment. Related: Tommy Robinson banned from Facebook and InstagramContinue readi
US Indicts Software EngineerA Swiss software developer has been indicted by the US government for allegedly stealing source code and proprietary data and publishing it online.On March 18, a grand jury indicted 21-year-old Till Kottman for identity and data theft and computer-intrusion crimes spanning 2019 to the present. Lucerne resident Kottman, also known as “deletescape” and “tillie crimew,” allegedly conspired with others to hack into mu
APT31 Fingered for Cyber-Attack on Finnish ParliamentAn advanced persistent threat group (APT) with links to the Chinese government has been blamed for a cyber-espionage attack on Finland’s parliament. The Finnish Security and Intelligence Service (Supo) announced on Thursday that APT31 was behind a cyber-espionage campaign that targeted the Finnish parliament last fall. Security companies including Checkpoint and FireEye have linked APT31’s activities wit
Protective Intelligence Honors LaunchedThe Ontic Center for Protective Intelligence has launched a new monthly honor program to recognize the pioneers and thought leaders driving the physical security and protection industry. Each month, the program will recognize groundbreaking professionals who have developed either new models or new areas of knowledge, and veteran practitioners who are actively contributing to advancing their industry. Among the inaugural trailblazers
ESET Exposes Malware Disguised as Clubhouse AppESET has uncovered malware designed to leverage the growing popularity of invite-only social media app Clubhouse.Revealing its findings in a blog post, the cybersecurity firm said the Trojan malware aims to steal users’ login information for a variety of online services. Disguised as an Android version of the audio chat app (which does not current exist), it is capable of taking credentials for over 450 apps and is also able to bypass SMS-base
Russian Man Pleads Guilty in Tesla Extortion PlotA Russian national has pleaded guilty to his role in a conspiracy to extort motoring giant Tesla via data-stealing ransomware.Egor Igorevich Kriuchkov, 27, pleaded guilty to one count of conspiracy to intentionally cause damage to a protected computer and is expected to be sentenced on May 10.The case itself first broke last August, after Tesla boss Elon Musk cited a news report on the story, tweeting: “Much appreciated. This was a serious a
DefenceTalkWhether in Syria, Libya or Azerbaijan, Turkey’s combat drones have scored high-profile successes that Ankara hopes to use in its quest to become a premier exporter of the aerial…
DefenceTalkChinese authorities on Thursday said they had summoned 11 tech companies including Tencent, Alibaba and TikTok owner ByteDance for talks on “deep fakes” and internet security,…
DefenceTalkChina’s foreign ministry said on Thursday it would not make concessions to the US on key issues including Xinjiang and Hong Kong, ahead of high-level meetings between the two…
Website Builders Take Hands-Off Approach to Fake NewsFewer than a third of companies offering website creation tools took down potentially harmful misinformation about COVID-19, according to a new study from Website Planet.The web building resource deliberately created outlandish fake news in paid-for accounts with seven of the most popular CMS providers: Weebly, Jimdo, GoDaddy, Webnode, Squarespace, WordPress and Google Sites.This included deliberately eye-catching conspiracy theories such
UK’s CEOs Commit to Cyber Spending After PandemicOver two-thirds of UK-based CEOs plan to increase long-term cybersecurity budgets, with many expressing increasing concerns over the risk of online threats to the business, according to PwC.The global consulting giant interviewed nearly 1800 business leaders in the UK as part of a global survey of CEOs.Its 24th annual UK CEO Survey revealed the major impact the pandemic has had on decision-making at the apex of the country’s private se
Mom Charged in Deepfake Cheerleading PlotA 50-year-old mom from Pennsylvania has been arrested after allegedly using deepfake technology to tarnish the reputations her daughter’s cheerleading rivals.Raffaela Marie Spone, of Chalfont, Bucks County, is accused of using technological trickery to make videos that appear to show members of a cheerleading group naked, smoking, or drinking. The deepfake videos were sent to the cheerleaders’ coach in an alleged attempt to get the girls kicked off t
Acronis Acquires South African PartnerGlobal technology company Acronis has completed its fourth acquisition in the past 18 months by acquiring its long-time partner in South Africa.The acquisition of Synapsys was announced as part of an accelerated growth plan being carried out by Acronis. Synapsys is a channel-centric group of companies that specializes in distributing Acronis Cyber Protection Solutions.Synpasys has two arms: Synapsys Distribution (Proprietary) Li
Security Consultant Indicted on Cyberstalking ChargesA cybersecurity consultant from Seattle has been indicted by a federal grand jury on multiple counts of cyberstalking.Sumit Garg is accused of waging an extensive year-long cyberstalking campaign against a woman with whom he and his wife formerly shared a two-bedroom apartment in the Belltown neighborhood of Seattle.The 31-year-old allegedly directed sexually explicit messages and social media posts at the woman and sent threats to h
Internet Crime Complaints Surge in 2020, Fueled By PandemicSuspected internet crime complaints increased by 69% in 2020 compared to 2019 in the US, according to figures released in the FBI’s 2020 Internet Crime Report.Total complaints reached 791,790 last year, representing a rise of more than 300,000 compared to 2019. This resulted in total recorded losses of more than $4.1bn to victims, as cyber-criminals took advantage of the shift to online services as a result of COVID-19 lockdown res
Fraudsters Impersonating Tesco in New Phone Scam, Police Warn Police in Wales have issued a warning to residents about a new phone scam, in which fraudsters are impersonating supermarket giant Tesco.Victims have reported receiving an automated call telling them that an order with Tesco has been placed and that £350 will be debited from their account. The automated message goes on to say “if this is not the right amount, please press 1 to go through to our fraud team.”When worri