Threats and Risks
Threat groups are looking to steal Covid-19 research, NCSC and CISA warn
The organisations being targeted include healthcare bodies, medical research institutions, pharmaceutical firms and others
InfinityBlack hacking group busted by European law enforcement agencies
'Well organised' cyber criminals were focused on loyalty card schemes
Warning over EventBot banking Trojan draining financial details from Android phones
The malware can intercept the two-factor authentication security codes sent to the device
CISA urges action on common Office 365 security vulnerabilities
US Cyber agency offers best practice for configuring Microsoft Office 365 to secure employees working from home
NSA, ASD publish advisory for detecting and mitigating web shell malware
Malicious web shells can evade detection from most security tools, so they are difficult to detect
Zoom announces version 5.0 with improved security and control features
New version with 256-bit AES encryption (for real this time) to be rolled out next week
Zoom zero-day exploits being sold online for $500,000, report
The reported vulnerabilities impact Zoom clients for MacOS and Windows, Zoom refutes the claim
Nemty ransomware operators close public ransomware-as-a-service operation and switch to private mode
Victims have one week to purchase decryption keys from operators
Hackers are mass-scanning the internet to discover Microsoft Exchange servers vulnerable to RCE bug
A patch to fix this bug has already been released by Microsoft
NCSC and CISA warn of ongoing coronavirus cyber threat
Spear-phishing emails from cyber crooks claim to provide information on Covid-19 from official sources
Just 17 per cent of all internet-facing Microsoft Exchange servers are patched against CVE-2020-0688 vulnerability
More than 31,000 Exchange 2010 servers have received no update since 2012
Critical vulnerabilities in HP Support Assistant could allow arbitrary code execution
The tool which comes preinstalled on all brand-new HP notebooks and desktops could allow an attacker to escalate local privilege on vulnerable Windows systems
Two zero-day flaws in Zoom could enable threat actors to access webcam and microphone on MacOS system
Zoom is currently the most popular app on both the Play Store and App Store but privacy and security concerns are rising
How rapid advances in quantum computing are reshaping cybersecurity
We must all prepare for the end of public key encryption as we know it
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees
Fifty malicious domains belonging to the group were seized by Microsoft in December
Flaws in Diameter signalling protocol make all 4G networks prone to denial-of-service attacks
The protocol is used to authenticate message and information distribution in 4G networks
Surge in attacks from China-linked APT41 targeting unpatched Citrix servers and Cisco routers
APT41 attacks carried out between January and March targeted unsecured Citrix NetScaler servers and Cisco routers
More ransomware groups threaten to publish data stolen data from non-payers
More and more ransomware groups are starting to steal data before encryption in order to blackmail their victims into paying up
Easy availability of ICS hacking tools poses major threat to industrial sector, researchers warn
Most tools are 'vendor agnostic' and can target products from some of the largest ICS original equipment manufacturers, warns FireEye
Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks
Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities
Microsoft: Two zero-day vulnerabilities in Windows Adobe Type Manager Library are actively being exploited
All supported versions of Windows operating system are affected
Cisco fixes five vulnerabilities affecting SD-WAN solutions
These vulnerabilities impact Cisco products using SD-WAN software earlier than Release 19.2.2
New Trickbot campaign using brute force attacks to target telecoms firms uncovered by researchers
Operators are using a new module to target Remote Desktop Protocols
Most read
