Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
The Justice Institute of British Columbia (JIBC) has launched a new online Graduate Certificate in Cybercrime Analysis to help meet Canada’s growing demand for professionals with cybersecurity skills. This new post-graduate program has been established to furnish professionals with the advanced knowledge and applied analytical skills necessary to help prevent, detect, and respond to the constantly evolving landscape
0 Comments
A new information sharing and analysis center (ISAC) set up to help American school districts protect themselves against cyber-threats has named its first national director. Heading up the Kindergarten Through Twelfth Grade Security Information Exchange, or K12 SIX, is president of consulting firm EdTech Strategies and the K–12 Cybersecurity Resource Center, Douglas Levin. Levin is the founder of the
0 Comments
A high impact vulnerability has been discovered in a popular Java cryptography library which could allow attackers to more easily brute force Bcrypt hashed passwords. CVE-2020-28052 is an authentication bypass bug in the OpenBSDBcrypt class of the widely used Bouncy Castle library. By exploiting it, attackers can effectively bypass password checks in applications using the
0 Comments
Business email compromise (BEC) attacks have surged over the past year-and-a-half, while scams designed to part users with their money remain a persistent phishing threat, according to Barracuda Networks. Volume 5 of the security vendor’s Spear Phishing: Top Threats and Trends report details the activity of targeted email threats during the period August-October 2020, distilled
0 Comments
The company at the center of revelations over a widespread Russian information-stealing campaign has said that fewer than 18,000 of its global customers were affected. SolarWinds produces popular software that helps organizations manage their IT networks and infrastructure. However, it was revealed by FireEye that attacks which compromised the security vendor and US government departments
0 Comments
by Paul Ducklin Naked Security’s Paul Ducklin interviews Sophos expert John Shier about his recently published paper, “20 years of cyberthreats that shaped information security“. Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk
0 Comments
Russian hackers who stole red team tools from FireEye may have been in action on a much broader scale, operating a sophisticated supply chain campaign targeting multiple global organizations and governments. FireEye revealed in an update on Sunday that nation state attackers inserted malicious code into legitimate software for SolarWinds’ popular Orion product to gain
0 Comments
Norwegian police have blamed Russian advanced persistent threat (APT) group Fancy Bear for the summer cyber-attack on Norway’s single-chamber parliament, the Storting. In what was described as “a significant attack” by the parliament’s director, Marianne Andreassen, unauthorized individuals managed to gain access to the email accounts of several elected members of parliament and to some accounts belonging
0 Comments
by Paul Ducklin Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. We received a sample that looked like this (note spelling mistake anather): Subject: YYYY, WE'VE_RECEIVED_YOUR_ORDER! Thanks for shopping with us! You'll find a summary of your recent
0 Comments
A Kosovan hacker, imprisoned in the United States for stealing personal data belonging to US military and government personnel and sending it to the Islamic State of Iraq and the Levant (ISIL), has been granted compassionate release. Ardit Ferizi was sentenced to 20 years in prison in September 2016 after he confessed to providing material support to
0 Comments
A man from Texas, charged in January with cyber-stalking realtors across the United States, has been indicted for capital murder in the deaths of two women. Andy Castillo was arrested on January 6 for allegedly cyber-stalking as many as 100 realtors in up to 22 different states.  The 57-year-old Lubbock resident was accused of sending sexually explicit
0 Comments
A British judge has ruled against extraditing to the United States a man accused of hacking into hundreds of webcams all over the world to spy on victims without their consent. Christopher Taylor allegedly duped 772 victims in 39 countries into downloading computer software called Cammy between August 2012 and July 2015.  By installing the software, victims
0 Comments
A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic. The CTNT report “Lessons learned: How education coped in the shift to distance learning” from Malwarebytes details data from 500 students and
0 Comments
The former chief executive officer of a technology startup based in Virginia has admitted conning investors out of millions of dollars.  Danny Boice pleaded guilty yesterday to one count of securities fraud and one count of wire fraud before senior United States district judge T.S. Ellis III of the Eastern District of Virginia.     Alexandria resident Boice held
0 Comments
A cybersecurity company has urged the rising number of smart sex toy owners to think about protection. Sales of internet-connected sex toys, also known as teledildonics, have increased since lockdown measures were introduced to slow the spread of COVID-19.  In March alone, sex toy revenue in France, Italy, and Spain, where lockdown measures were particularly stringent, exceeded
0 Comments
A trio of companies is launching a new research institute whose intended purpose is to strengthen privacy and trust for decentralized artificial intelligence (AI).  The Private AI Collaborative Research Institute, originally established by Intel‘s University Research & Collaboration Office (URC), is launching as a joint project involving digital security and privacy products vendor Avast and AI software-defined secure computing
0 Comments
Universities and colleges around the world are being targeted by a new phishing campaign, according to fresh research published by RiskIQ. Among the educational establishments to be hit by the Shadow Academy campaign are Louisiana State University (LSU) in the United States and Oxford, Brighton, and Wolverhampton Universities in the United Kingdom. RiskIQ researchers got wind