Research News, Articles and Updates

3.5 million cyber-crimes recorded, true figure could be 20.5 million

Fraud and computer misuse offences accounted for almost half of the 10.8m criminal acts recorded by the Office for National Statistics (ONS) in its Crime Survey for England and Wales (CESW), accounting for some 5m crimes.

Despite increased spend, why doesn't DDoS mitigation always work?

Newly published research suggests that while there has been a marked increase in spending to mitigate against Distributed Denial of Service (DDoS) attacks, organisations are still falling victim.

ISF guide walks through prep and implementation of GDPR compliance program

The Information Security Forum (ISF) has released the GDPR Implementation Guide, which offers organisations a two-phase walkthrough to prepare for and implement a GDPR compliance programme.

How the UK can create its very own Silicon Valley?

Silicon Valley is a globally renowned hallmark of technology, success and innovation whose companies define huge elements of our lives. David Howorth asks, why is there no equivalent in the UK, and how can we change that?

Linux kernel bug enabled privilege escalation - fixed after 2 years

Linux kernel security bug could have led to privilege escalation - fixed after two years as turned out worse than first thought.

Europol: the response to unprecedented cyber-attacks "not good enough"

The global scale, impact and rate of spread of cyber-attacks over the past year is unprecedented reports Europol's 2017 Internet Organised Crime Threat Assessment (IOCTA).

Trading apps found to be worse at security than banking apps

Researchers find trading apps riddled with flaws despite transacting millions of pounds of shares

31 bugs across Safari, Edge, Internet Explorer, Firefox & Chrome browsers

Google project zero team researcher Ivan Fratric discovered 31 bugs in the DOM engines of Safari, Edge, Internet Explorer, Firefoxand Chrome browsers.

Hacker asks for nude photos of victim instead of money to unlock computer

MalwarHunterTeam tweeted out news of a screenlocker posing as ransomware where the bad guys request nude photos of the victim instead of money.

Rate of data compromise revealed: 121 records per sec; defenders lagging

More data records have been breached in the first six months of 2017 than the whole of 2016. The Gemalto Breach Level Index reports that this amounts to an astonishing 121 records lost or stolen every second of every day.

Attackers can pull data from air-gapped networks' surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using infrared surveillance cameras.

Anti-virus collects data without user permissions & uses commercially

A free mobile anti-virus app developed by the DU group, a developer of Android apps, has been found to collect user data without the device owners' consent.

20% of Manchester police computers at risk of ransomware - using XP

Some 20 percent of Greater Manchester Police's computers are at risk of a ransomware hack due to still running Windows XP, according to research from Top10VPN.com

Financial attractiveness of ransomware ensures it remains growing threat

Mobile devices under increasing attack from malware, including ransomware, which has seen a 122 percent increase in variants as it becomes an increasingly attractive option for criminals.

Spoiler alert: SMEs and the threat of ransomware attacks

Most small or medium-sized organisations in the UK have experienced several different security attacks and data breaches in the past year. And more than a third have experienced a ransomware attack reports Justin Dolly

21.1 m hit by ExpensiveWall trojan in Google Play, runs up your bill

A malware's been dubbed ExpensiveWall found its way onto Google Play in what has been claimed to have been the second-biggest outbreak to ever hit Google's platform, helping push it to No 2 spot in sources of blacklisted Apps.

320 m compromised passwords hashes cracked by research 'cracktivists'

CynoSure Prime reports that it has cracked the hashes of virtually all 320 million passwords which security researcher Troy Hunt had put on his 'HaveIBeenPwned' website by early August.

Locky ransomware back in huge spam campaign; new variant escapes sandbox

Locky ransomware is back, being pushed out to victims in a concerted spam campaign. Security researchers have also discovered a variant of the ransomware that attempts to evade analysis by security firms using new approach.

Why security will shape the future of apps - to avoid hacked humans

In the Brave New World of augmented human cyborgs, security gets really personal, and a differentiator between who you might trust with your brain, your body and your life as Keiron Shepherd explains.

Endpoint security software market valued at £4.6 bn by 2021

The endpoint security software market is forecast to grow at a 4.5 percent annually over the next five years, reaching £4.6 billion by 2021 according to Forrester research.

You can't even trust your Sysadmins to use complex passwords

The majority of sysadmins - 86 percent - use only the most basic username and password authentication to access and protect their main business account on-site.

Sound used to track movement via smartphone and laptops speakers

CovertBand uses high-frequency audio to place people in a room and track a person's movements using the speakers and microphones that are found in many smartphones, laptops and other devices.

Web application attacks accounted for 73% of all incidents says report

Web application attacks accounted for 73 percent of all incidents and pure public cloud installations experienced the fewest security incidents in recent industry report.

Honeypot reveals lack of oversight opened door to WannaCry & NotPetya

If researchers paid more attention to the Shadow Brokers dump of alleged National Security Agency hacking tools back in April, the WannaCry and NotPetya attacks may have never happened.

Kids with attitude - the face of Islamic hacktivism exposed in blog

Most United Islamic Cyber Force (UICF) members are young people with a low level of technical skills, limited life experience, who had fallen victim to propaganda, according to research by law enforcement agencies and Group IB.

CREST says that cyber-security in ICS needs a kick up backside

The not-for-profit accreditation body CREST says a lack of "standards-based technical security testing" is putting industrial control system environments at risk.