The UK has slipped backwards in the last year in terms of its overall cybersecurity rating and is now behind Germany, Austria and Finland among the G7. Belgium was the most noted country for cybersecurity in the G7. They are very focused on measurement and maintain public and private sector collaboration and efforts to inform the private sector of threats and issues.
Instead of blocking hackers, a new cybersecurity defense approach actually welcomes them. The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers' tactics. The information is then used to train the computer to recognize and stop future attacks. DEEP-Dig advances a rapidly growing cybersecurity field known as deception technology, which involves setting traps for hackers.
The attack started because an employee clicked a spearphishing link, a fake link that opened the door to the hackers. They accessed the IT and then industrial networks. The immediate effect was that hackers encrypted data on the victim's networks. The company was unable to read real-time data, prompting a shutdown lasting two days. Both IT and industrial processes were attacked.
The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. A catalogue of errors were found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.
Robotic vehicles like Amazon delivery drones or Mars rovers can be hacked more easily than people may think, new research suggests.
Researchers have collaborated to develop a means of storing extensive information in almost any object. The way of storing this information is the same as for living things: in DNA molecules. A further application of the technology would be to conceal information in everyday objects.
Whereas in the past attackers would send phishing scams from email accounts external to an organization, recently there’s been an explosion of email-borne scams in which an attackers compromise email accounts within organizations, and then uses those accounts to launch internal phishing emails to fellow employees – the kind of attacks known as lateral phishing. FBI data show that these cyberattacks caused more than $12 billion in losses between 2013-2018. And in the last two years, the attacks have resulted in an increase of 136 percent in losses.
The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public. As to the miscreants' entry point, it was a known flaw in Microsoft SharePoint (CVE-2019-0604) for which a software patch had been available for months yet the UN had failed to apply it.
Whilst nearly half (48%) of all corporate data is stored in the cloud, only 32% of organizations believe protecting data in the cloud is their own responsibility. Furthermore, the research found that more than half (51%) of businesses and other organizations still do not use encryption or tokenization to protect sensitive data in the cloud.
Researchers have conducted a review of the security holes that exist in popular smart-light brands.
Researchers at the University of Arizona are developing a fresh approach to cybersecurity modeled on the human central nervous system. The new method will aim to detect and neutralize cyber-threats in their earliest stages before they have a chance to do any serious damage. Inspiration for the project came from human biological responses; for example, how the body's immune system fights a virus and how a person will instinctively pull their fingers away from a burning hot surface before their brain has even received the message that the body is at risk of harm.
New research has found that only a quarter of Americans know that surfing the internet in private browsing mode only prevents other users of the same computer from seeing what you've been up to online.
As we find it harder to employ security staff, so it becomes practical to outsource cyber-security to those who have managed to snag themselves some experts.
Privacy laws, like any other infosecurity control, have exploitable vulnerabilities. For social engineering purposes, GDPR has a number of real benefits. Firstly, companies only have a month to reply to requests and face fines of up to 4 per cent of revenues if they don't comply, so fear of failure and time are strong motivating factors.
Concern grows that criminals could use false video and audio to target businesses.
An experienced accountant fell for a scammer mirroring Metro Bank’s security and customer service.
Spammers are increasingly turning to common file-sharing and object storage services such as Google Drive and Microsoft Azure, in an attempt to evade ever-better corporate filters.
Universities must do more to protect themselves, and the sensitive information they hold, against the ever-expanding range of increasingly sophisticated threats.
Card fraud is evolving, with amateur fraudsters able to “enrol” in online “classes” where they can learn how to use stolen card details to buy smaller-value items.
Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect and not just focus on indicators of compromise which would only address past problems.