Jay Jay

Cyber-crime group TA505 using legitimate remote administration tool to target organisations

Cyber-crime group TA505 using legitimate remote administration tool to target organisations

Cyber-crime group TA505 leverages 'Remote Manipulator system', a legitimate RAT, to target major retailers & financial organisations in the US, Chile, India, Italy, Malawi, Pakistan, & South Korea.

Skating on thin ice - CISOs crack under stess of job insecurity & lack of resources

Skating on thin ice - CISOs crack under stess of job insecurity & lack of resources

CISOs are turning to drink, drugs & meditation to overcome the inevitability of breaches in the face of inadequate human or financial resources to defend their organisations; as 1 in 5 are available 24/7.

ICO fines Bounty UK £400,000 for illegally sharing personal data of over 14m people

ICO fines Bounty UK £400,000 for illegally sharing personal data of over 14m people

The ICO fined pregnancy and parenting club Bounty UK £400,000 for illegally sharing personal data of more than 14 million people with third parties for the purpose of electronic direct marketing.

81% of CIOs & CISOs delaying security patches to ensure uninterrupted business operations

81% of CIOs & CISOs delaying security patches to ensure uninterrupted business operations

CISOs are delaying the adoption of important security updates and patches to ensure uninterrupted business growth iwith a quarter certain their organisations aren't compliant with data security legislation.

Researchers uncover spyware app for iOS distributed through phishing sites

Researchers uncover spyware app for iOS distributed through phishing sites

Spyware distribution campaign involves developers abusing Apple's Developer Enterprise programme to circumvent the Apple App Store and promote surveillance software to iOS users via phishing websites.

London Blue evolves its tactics from phishing attacks to impersonation fraud

London Blue evolves its tactics from phishing attacks to impersonation fraud

London-based Nigerian spear-phishing cyber-criminals London Blue have started spoofing e-mail addresses of CEOs of target companies to make its BEC emails appear more legitimate and persuasive.

Why not let Zuckerberg decide what regulation is needed onlne? Password fiasco maybe.

Why not let Zuckerberg decide what regulation is needed onlne? Password fiasco maybe.

Facebook reverses policy of asking for passwords as Zuckerberg advocates more countries adopt GDPR-like regulation as a common framework to protect users' rights & choose how their information is used.

Industrial device takever possible due to critical software control vulnerability

Industrial device takever possible due to critical software control vulnerability

A critical infrastructure component driving a range of motor and software controls in industrial applications such as conveyors, fans, pumps, and mixers was recently found containing a critical vulnerability.

Update:Critical flaw in Magento e-commerce platform exposes 300,000 e-commerce sites to SQL injection

Update:Critical flaw in Magento e-commerce platform exposes 300,000 e-commerce sites to SQL injection

Critical security vulnerabilities in Magento's commercial and open source platforms have left over 300,000 e-commerce websites exposed to remote code execution, SQL injection and cross-site scripting.

Internal networks are also vulnerable to malicious JavaScript requests

Internal networks are also vulnerable to malicious JavaScript requests

Organisations to believe that their internal networks are safe from browser-based threats because of the separation of local networks from the public Internet - but attackers can leverage network loopholes.