Ciaran Martin NCSC
Ciaran Martin NCSC

Report: Cyber-threat to UK business is "significant and growing"

The cyber-threat to UK business is “significant and growing”, according to a new report from the UK's National Cyber Security Centre (NCSC) and National Crime Agency (NCA).  The report titled Cyber-Threat to UK Business details how in the three months since the NCSC was created, “the UK has been hit by 188 high-level attacks which were serious enough to warrant NCSC involvement, and countless lower level ones.”

This is down to a threat which is “varied and adaptable” and ranges from high volume, opportunistic attacks where technical expertise is bought, not learned, to highly sophisticated and persistent threats involving bespoke malware designed to compromise specific targets.

TalkTalk customers report fraud calls from fake TalkTalk employees

TalkTalk customers are reportedly facing new breaches ‘on an industrial level'. TalkTalk customers have complained of calls from individuals armed with alarming knowledge of their private credentials.

Customers have complained that these callers, who claim to be employees of TalkTalk, knew private details such as their router number and passwords. These callers would say that there was some problem with the TalkTalk customer's service and ask that they install a piece of software on their computer that would fix the problem. In reality that software would give full control over to the person on the other end of the line. The affected customers claim that the callers had such a deep knowledge of their personal details that the information could only have come from TalkTalk itself. More...

Symantec finds fake AV being distributed using HSBC phishing emails

Symantec has detected a spam campaign, mainly targeting financial institutions, which uses social engineering to try and trick victims into installing “virus detection software” that is an information stealing Trojan, W32.Difobot. The emails purported to come from HSBC, a banking and financial services company, and display an @hsbc.com email address.

The message asks to install virus detection software Rapport from Trusteer, a legitimate security program designed to protect online bank accounts from fraud.More...

NHS Wales staff lose personal data in breach

A hacker reportedly stole personal details including names, birthdates, national insurance numbers and radiation doses from Welsh NHS medical staff. NHS Wales said that not every staff member was impacted in the same way since a different combination of data was being held on each staffer. More than 500 people working at Velindre NHS Trust and 654 at Betsi Cadwaladr University Health Board were affected.

The Welsh NHS stated the data breach was “deeply disappointing”. Staff members were reportedly told of the incident in early March even though it first occurred in October last year. More...

New exploit kits found leveraging vulnerabilities in web browsers

Zscaler's Threatlabz team have observed an uptake in exploit kits which have been rapidly deployed to leverage vulnerabilities in web browsers to deliver malicious payload to a victim's computer.

Notable changes have been observed this quarter in several exploit kits, including a return of Neutrino, a new KaiXin campaign, and changes to Sundown URL schemes. More....