Almost a quarter of UK and German businesses (23%) believe the GDPR may have resulted in a greater risk of data breaches, six months after the legislation was introduced. The findings come from a new survey by Thales eSecurity which polled 1000 combined UK and German business executives and 2000 consumers to better understand attitudes

Police in Ukraine have arrested a man who allegedly used a notorious Remote Access Trojan (RAT) to target thousands of users around the world. A statement from the Ukrainian National Police on Friday said that cyber specialists on the force cuffed a 42-year-old man from Lviv on suspicion of using the DarkComet malware. He’s said

Security experts have lined up to warn consumers of a deluge of phishing and gift card scams as Cyber Monday kicks off today. The US online sales blitz has also become something of a staple across some European countries, especially in the UK where it’s predicted that sales today will take total online spending for

‘Tis the season for cyber-scams, according to the new Holiday Threat Report from Carbon Black. The report compared cyber-attack data over the last two years and found that once cyber-attacks spike on Cyber Monday, they will likely remain elevated throughout the holiday season. The holiday season of 2016 saw a 20.5% surge in attempted attacks, but

Facebook has again made headlines after the UK Parliament leveraged its legal right to demand documents alleged to include confidential email exchanges between top executives, as well as correspondences with CEO Mark Zuckerberg, according to The Guardian. The documents are believed to contain the details of Facebook’s data and privacy controls prior to the Cambridge Analytica

by John E Dunn One of Intel’s fixes for the Spectre variant 2 chip flaw (CVE- 2017-5715) appears to have taken a big bite out of the performance of the latest Linux kernel. The mitigation in question is the Single Thread Indirect Branch Predictors (STIBP), one of three that Intel proposed not long after details of

by Lisa Vaas What do you get when you cross the worst aspects of social media, people’s actual lives and giant, centralized databases? The outcomes are already playing out. Certain cities in China have been piloting the country’s social credit score system – a system that’s due to be fully up and running by 2020,

Nine out of 10 UK retailers are failing to boost customers’ log-in security with two-factor authentication (2FA), according to new research from LastPass. The LogMeIn company used the Black Friday shopping period this weekend to raise awareness about the continued security failings of many online retailers. Only Amazon passed the 2FA test among the top shopping

A Minnesota man has been arrested and extradited to the US after allegedly faking his own death for an insurance scam. Defendant Igor Vorotinov, 54, made his initial appearance before a US magistrate on Monday following his arrest last week in the Republic of Moldova. He’s been at large since an indictment was served for

The advanced persistent threat (APT) group GreyEnergy has been targeting industrial networks across Ukraine and Eastern Europe for years, and according to analysis of the group’s activity, the attacks begin with a malicious document sent in a phishing email. Nozomi Networks performed analysis on the GreyEnergy advanced ICS malware and found that the tools and tactics used by

A self-proclaimed leader in enabling operational intelligence, OSIsoft, maker of PI system software, announced an ongoing investigation into a data breach that likely compromised all domain accounts. On 16 November, the company reported that it was experiencing a security incident that potentially affected everyone from employees and interns to consultants and contractors. Attackers reportedly stole credentials and

In advance of a meeting between US President Donald Trump and China’s President Xi Jinping, a US government report made claims that China had increased hacking attempts in an effort to steal American technology and shows no sign of stopping or slowing its cyber-theft practices, according to the Associated Press. The report from the Office of

by John E Dunn Are Ethereum’s new-fangled smart contracts the ultimate point of the blockchain or a risky experiment whose vulnerabilities presage trouble? Right now, few doubt that smart contracts – instruction workflows in a language called Solidity that automate complex, profitable processes on Ethereum – require close scrutiny. The latest security flaw was discovered by smart

by John E Dunn As internet users migrate from desktop and laptop computers to mobile and Internet of Things (IoT) platforms, cybercriminals are making the journey with them. The SophosLabs 2019 Threat Report has tracked this shift across a range of mobile threat types, most of which target Android. The simplest tactic here is to try

Amazon is remaining tight-lipped after sending an email to an unknown number of customers revealing that a ‘technical error’ disclosed their email address. There has been no further information from the online giant about the incident except to confirm that it had been fixed and that all affected customers had been informed. The email itself,

Only around a third of some of the UK’s top retailers have invested in the most secure web certificates, potentially exposing customers to phishing attacks and missing out on sales, according to Sectigo. Formerly known as Comodo CA, the world’s largest commercial certificate authority audited 25 major high street and online names to see what

Government needs to take an active role in cybersecurity if it wants to develop technology sectors.  Speaking at the tenth Irisscon conference in Dublin, BH Consulting CEO Brian Honan said that as the Irish Computer Emergency Readiness Team (CERT) was established in 2008 at the same time as the economic downturn, the intention of the

Some common vulnerabilities are coming up to their 30th birthday, and some were “coined in the days of Netscape Navigator.” Speaking at Irisscon in Dublin, Edgescan CEO Eoin Keary said that one of the problems in cybersecurity is vulnerability management being siloed, and network security and web application security testing being determined as another silo

Looking back at the first spam messages sent in the 1800s, Virus Bulletin editor Martijn Grooten said that in the 1980s spam was impolite, 1990s it was a nuisance, 2000s it was a threat but in the 2010s spam was apparently ‘solved’. He said that statistics have proved that email spam was “something we could not keep

by John E Dunn Finding a mysterious circuit board plugged into a network that you are tasked with managing is always going to be a disconcerting moment for any sysadmin. Now imagine the device isn’t just connected to the network but plugged directly into a LAN switch located inside a cabinet in a supposedly secure,

by John E Dunn Cyberattackers are successfully evading detection on Windows computers by abusing legitimate admin tools commonly found on the operating system. This is a pivotal finding of the SophosLabs 2019 Threat Report, which traces how the technique has risen from the fringes of the cybercriminal playbook to become a common feature in a

by John E Dunn Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority. Flash has a dismal history of critical vulnerabilities – so what’s the hurry this time? The answer to that question is buried in the brief Adobe advisory explaining the issue: Technical

by Mark Stockley On 20 November 2018, Microsoft announced that its 800 million Microsoft account holders could now log in to services like Outlook, Office, Skype and Xbox Live without using a password. The announcement is part of an apparent acceleration in the march towards a passwordless web, and comes at the end of a

The number of .uk domains suspended for criminal activity doubled over the past year, as cyber-criminals continued to target users with malicious content and phishing. Nominet, the official registry for the TLD, revealed figures on Tuesday claiming the number surged from 16,632 last year to 32,813 during the period November 1 2017 to October 31 2018.

Online payment fraud losses are set to more than double over the next five years to reach a staggering annual figure of $48bn, according to Juniper Research. The analyst’s latest report, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2018-2023, covers e-commerce, airline ticketing, money transfer and banking services. It claimed that the astonishing