You are here
Home > News

Equinix reports full containment of recent cyber security incident

Any mention of a compromise of a hosting company makes me nervous. Equinix provide the raw infrastructure for many other hosting companies, telcos and enterprises. They were (probably still are) a main supplier of capacity to the hosting business I worked in a few years ago. The good news here is that the breach seems to have been contained in their own systems and not made the leap to clients' platforms...: Global interconnection and data center company Equinix Inc (NAS

U.K. warns of surge in ransomware threats against education sector

It seems that the bad guys have also been taking notice of 'Back to School' and 'Freshers Week' signs everywhere...: The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks. [...]

Cyber Risk In A New Era: Remedy First, Prevent Second

I like this analysis. I'd add in a 'mindfulness' statement so that organisations are aware of the threats before they attempt risk management...: Cybersecurity is a key risk that S&P Global Ratings embeds, as relevant, in its overall assessment of an entity's creditworthiness. The increasing frequency of attacks and the potential for rapid deterioration in credit profiles after an attack are risk factors that are relevant for our rating assessments now. Leade...

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Image: FBI Charging documents say the seven men are part of a hack

Two Russians Charged in $17M Cryptocurrency Phishing Spree

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi, alleging the duo was responsible for a sophisticated phishing and mone

New MrbMiner malware has infected thousands of MSSQL databases

Time to take a look for these Indicators of Compromise (IoCs) in any instances of MSSQL you might be running...: [...] In a report published earlier this month, Tencent Security has named this new malware gang MrbMiner, after one of the domains used by the group to host their malware. The Chinese company says the botnet has exclusively spread by scanning the internet for MSSQL servers and then performing brute-force attacks by repeatedly trying the admin account with vari

Research exposes cyber security industry’s vulnerabilities

Make sure you perform your due diligence before taking on a security supplier, and follow it up with regular checks...: A staggering 97% of topcyber security companies have data leaks or other security incidents exposed on the dark Web, and on average, there are over 4000 stolen credentials and other sensitive data exposed per company. This was one of the findings of ImmuniWeb's research into the state of the global cyber security industry’s exposure on the dark Web this

How a CISO’s Approach to Security Strategy Can Be Shaped By Philosophy

This is one of those "Hmm, made me think" articles. I drew the conclusion that I'm probably an Epicurean when it comes to my personal life but a Stoic when it comes to my professional approach to cyber risk...: [...] To effectively manage cybersecurity risk, we can draw inspiration from the famous Stoic philosopher and slave Epictetus, who believed the greatest goal in life was to “identify and separate matters so that I can say clearly to myself which are externals not unde

Attacked by ransomware? Five steps to recovery

"Don't start from here" is the kind of advice you'll receive when undergoing a ransomware attack. There are some things you should do now as part of best practise. One thing that I'd add here is to make a distinction between backups (which change) and archives (which don't). Keep both...: [...] Given the rising number of ransomware attacks targeting businesses, the consequences of not having a secure backup and detection system in place could be catastrophic to your business

Magento online stores hacked in largest campaign to date

My business maintains a few 'legacy' Magento-based sites that no longer take payments but are needed for historic data. We see multiple attacks every day. This seems to be a significant ramp-up though. Time to check your site for patch status and any nasties...: More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the "largest campaign ever." The attacks were a typical Magecart scheme where hackers breached