Threats and Risks
'Ripple20' security vulnerabilities in TCP/IP software library impact millions of connected devices
Nineteen bugs have been discovered so far in Treck software affecting connected printers, insulin pumps, smart home devices, power-grid equipment, industrial-control gears, routers, communications equipment commercial aircraft and data centre devices...
One in three Britons targeted by scammers since the start of coronavirus crisis, Citizens Advice reveals
Legal charity has seen a 19 per cent spike in the number of visitors coming to its website in recent months looking for advice from experts
Earth Empusa threat group distributing Android 'ActionSpy' spyware to target minority group in Tibet and Turkey
ActionSpy supports numerous modules which enable hackers to collect confidential information from compromised devices, including device IMEI, user phone number and contacts
Gamaredon group using new tools to target Microsoft Outlook and Office, researchers warn
And they are making no efforts to stay under the radar
SGAxe and CrossTalk flaws in Intel CPUs could enable attackers to steal data, researchers say
SGX hardware encryption technology was launched in 2015 with the Skylake microarchitecture
Microsoft June 2020 Patch Tuesday fixes 129 security vulnerabilities
Eleven of them are rated as 'Critical'
Exploit code for wormable Windows 10 SMBGhost bug released on Github
People using the code may see crashes presenting a blue screen of death
US federal agencies report 28,581 security incidents across nine attack vector categories in 2019
Improper usage was identified as the most common attack vector last year
Redesigned for stealth and adaptability, data-stealing Valak malware targets Microsoft Exchange Server in enterprises
Valak has been rapidly reconfigured for data exfiltration and has been spotted targeting US and German enterprises
Latest version of Turla's ComRAT backdoor uses Gmail web UI to receive orders from hackers
It is built on an entirely different codebase and was compiled in November 2019
US officials arrest another member of Fin7 hacking group
The Ukrainian national was part of spear-phishing campaign that enabled hackers to gain unauthorised access to victims' system
Unc0ver team releases new jailbreak package that can unlock iPhones running iOS 13.5
The tool uses zero-day bug in the Darwin XNU kernel
Warning over Mandrake malware infecting Android devices since 2016
The malware avoids infecting every Android device, and rather focuses on hand-picked targets
Trading Standards warns of NHS contact-tracing phishing scam
Message telling people that they may be infected links to a malicious website which asks for personal details
Chinese cyber actors are trying to steal Covid-19 vaccine research, FBI
Theft of such valuable data could threaten the delivery of secure treatment options, the agency believes
US cyber security agencies shares list of routinely exploited vulnerabilities since 2016
Hackers are most frequently exploiting bugs in Microsoft's OLE technology
Vulnerabilities impacting Oracle iPlanet Web Server could result in data leakage, phishing
Vendors says it will not release a security patch as affected product has already reached end-of-life
Lazarus hacking group hiding a new variant of Dacls RAT in security app to target macOS users
The app is mostly used by Chinese speakers, as per researchers
Threat groups are looking to steal Covid-19 research, NCSC and CISA warn
The organisations being targeted include healthcare bodies, medical research institutions, pharmaceutical firms and others
InfinityBlack hacking group busted by European law enforcement agencies
'Well organised' cyber criminals were focused on loyalty card schemes
Warning over EventBot banking Trojan draining financial details from Android phones
The malware can intercept the two-factor authentication security codes sent to the device
CISA urges action on common Office 365 security vulnerabilities
US Cyber agency offers best practice for configuring Microsoft Office 365 to secure employees working from home
NSA, ASD publish advisory for detecting and mitigating web shell malware
Malicious web shells can evade detection from most security tools, so they are difficult to detect
Most read
