Threats and Risks

Microsoft leads take-down of Necurs botnet

The Necurs botnet is thought to be operated by cyber criminals based in Russia

• Threats and Risks
• 11 March 2020

Microsoft patches 117 vulnerabilities in March 2020 Patch Tuesday

Of them, 26 are rated as 'critical' bugs

• Threats and Risks
• 11 March 2020

State-backed hacking groups are exploiting a patched security flaw to target Microsoft Exchange email servers

The vulnerability was patched by Microsoft last month

• Threats and Risks
• 09 March 2020

Redcar and Cleveland Council expelled public and press from council meeting discussing ransomware outbreak

Public and press thrown-out of resources committee meeting last week because ‘sensitive’ information about ransomware attack would be discussed

• Security
• 09 March 2020

More than 50 Netgear routers affected by four serious security flaws

Netgear rushes out firmware fixes with users of the affected routers and gateways advised to patch immediately

• Threats and Risks
• 09 March 2020

Virgin Media spills personal details of 900,000 customers in data breach

Misconfigured marketing customer database access ‘did not include any passwords or financial details’, Virgin Media claims

• Security
• 06 March 2020

Intel CSME bug could enable hackers to compromise the cryptographic chain of trust in Intel systems, researchers warn

The bug is unpatchable, according to researchers, but doesn't affect Intel's latest generation of CPUs

• Threats and Risks
• 06 March 2020

Let's Encrypt reverses threat to revoke digital certificates affected by bug following renewal frenzy

Let’s Encrypt claims that 1.7 million affected digital certificates have been renewed since Saturday

• Security
• 05 March 2020

Redcar and Cleveland Borough Council finally admits that it has suffered ransomware attack

IT systems at Redcar and Cleveland Borough Council have been down for three weeks

• Cloud and Infrastructure
• 27 February 2020

KrØØk vulnerability affecting Broadcom and Cypress WLAN chips could enable attackers to decrypt wireless network packets

New security vulnerability could affect nearly one billion devices worldwide

• Threats and Risks
• 27 February 2020

Magecart skimmers ran keyloggers on commerce provider's website for two-and-a-half years

Ecommerce platform compromised by eight different skimmers hosted accounts for a number of high-profile organisations

• Security
• 26 February 2020

Pulse Secure: 2,500 VPN servers worldwide vulnerable to CVE-2019-11510 critical security flaw

UK plays host to 149 unpatched Pulse Secure VPN servers vulnerable to flaw favoured by Iranian state-backed hackers

• Cloud Computing
• 21 February 2020

Unsigned firmware in peripherals could allow attackers to target HP, Lenovo and Dell computers, researchers warn

Enterprises must assess the 'firmware posture' of new devices during procurement

• Threats and Risks
• 21 February 2020

UK blames Russia's GRU for cyber attacks targeting Georgia

UK accuses Russia of being behind a string of cyber attacks on neighbouring states

• Security
• 20 February 2020

Estonian foreign intelligence warns of growing cyber threats from Russia

The intelligence agency says Russian threat actors want to exploit security vulnerabilities and promote pro-Russian interests in foreign countries

• Threats and Risks
• 18 February 2020

Iranian hackers breach VPN servers to plant backdoors in corporate networks worldwide

The campaign, dubbed Fox Kitten, has also been targeting unpatched Citrix servers

• Threats and Risks
• 17 February 2020

Almost 6,000 unpatched Citrix NetScaler servers remain vulnerable to critical security flaw

A total of 5,915 Citrix servers remain unpatched against CVE-2019-19781, with 388 located in the UK

• Security
• 17 February 2020

Reverse engineering Tesla Model 3 reveals vulnerabilities in firmware update mechanism

Attackers could exploit vulnerabilities to upload malicious firmware onto the gateway and onto other ECUs

• Threats and Risks
• 13 February 2020

Financial losses from cryptocurrency theft boomed in 2019 despite fall in crypto hacking incidents

Incidents where malicious insiders scam incautious victims are on the rise

• Threats and Risks
• 12 February 2020

Public disclosure: the pros and cons of naming and shaming cyber threat groups

Publishing information about cyber threat groups can have unexpected consequences, says BAE Systems’ Saher Naumaan

• Security
• 07 February 2020

Cisco fixes critical 'CDPwn' vulnerabilities that enabled the remote hijack of millions of routers and switches

CDPwn vulnerabilities affect the proprietary Cisco Discovery Protocol (CDP) enabled by default in almost all Cisco network devices

• Threats and Risks
• 06 February 2020

Citrix to release 'thoroughly tested' fixes for CVE-2019-19781 security flaw by the end of January

More than 2,000 servers in teh UK vulnerable to Citrix remote access security flaw

• Threats and Risks
• 13 January 2020

TrickBot group exploiting PowerShell-based backdoor to target high-value organisations

New TrickBot backdoor is designed for persistence, stealth, and reconnaissance on compromised machines

• Threats and Risks
• 10 January 2020

Warning over LockerGoga and MegaCortex ransomware attacks targeting private industry in western countries

The actors behind the two ransomware were found using stolen login credentials, SQL injections, phishing attacks, and several other techniques to gain entry into a corporate network

• Threats and Risks
• 24 December 2019