Research News, Articles and Updates

Cryptocurrency's legal tender

"Good investments don't bite you on the bottom and say we're here. It takes good old hard work and research, the kind they do at Smith Barney ... they make money the old fashioned way: They earn it."

AI has application in cyber-security but needs an ethical basis say Lords

AI needs to be representative of the community it serves. It should use established concepts: open data, ethics advisory boards, data protection legislation, new frameworks & mechanisms, such as data portability & data trusts.

Email compromise to exceed £6.4 bn in 2018 as attacks increase say NCSC/NCA

News Feature: The cyber threat to UK business 2017-2018 report jointly launched this week by the National Cyber Security Centre (NCSC) and the National Crime Agency(NCA) highlights the extent of the threats faced by the UK.

Warning: Human error & social engineering join ransomware & DDoS threats

Human error and social engineering are front and centre of the biggest cyber-threats to enterprise over the last 12 months, according to a new report.

The incredible opportunities and risks of the Internet of Things

Businesses cannot allow a lack of collaboration among internal departments to inhibit their ability to fully realise the potential afforded by future-facing technologies.

Despite risks, a majority of firms are allowing the use of Wi-Fi hotspots

While experts have warned about the perils of connecting to unsecured public Wi-Fi hotspots in the past, new research has revealed that organisations are suffering more from security issues than in the past.

Indicted Iranian hackers phished targets using library account lures

The nine US-indicted Iranians who stand accused of exfiltrating 31 terabytes of research and data from educational institutions, companies and government agencies, allegedly used phishing schemes to steal university credentials.

Phishing or Ransomware? Experts dispute which is biggest cyber-threat

Cyber-security executives and business decision makers question whether phishing emails or ransomware attacks are the most potent threats faced, but are businesses equipped to implement all-round risk mitigation strategies?

Study: Malware counts higher on computers whose users visited piracy sites

Each time a user doubles the amount of time he spends visiting illegal torrent and streaming websites, the malware count on his machine jumps another 20 percent, according to an academic paper released earlier this month.

Three-quarters of businesses targetted at least once by email fraud

Research finds 75 percent of organisations were targeted at least once by email fraud, in the last two years and 41 percent said their business had been targeted multiple times.

Does Mosquito air-gapped computer exploit lack real-world bite?

The Cyber-Security Research centre at Ben-Gurion University of the Negev in Israel has published research demonstrating how air-gapped computer security can be bypassed using covert speaker-to-speaker.

Mac malware rockets 270 percent - users warned 'safe' perception is wrong

Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely 'safe' is misleading.

Double cryptominer delivered via Oracle server exploit

Threat actors exploited the CVE-2017-10271 vulnerability which allows for remote code execution to deliver both a 64-bit variant and a 32-bit variant of an XMRig Monero miner, according to a 26 February blog post.

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

Enter boardroom, set hair on fire. How not to tackle incident response

Event anomalies can be an indicator of attack, but they can also just be an IT problem. New research suggests the latter might be more common than you think.

New email scam targeting accounts personnel at Fortune 500 companies

Criminals impersonate legitimate email accounts to initiate wire transfer fraud. Security researchers have uncovered an active Business Email Compromise (BEC) campaign targeting Accounts Payable personnel at Fortune 500.

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Researchers find free ransomware variant being distributed on the Dark Web

Security researchers have identified a ransomware variant that is available for free on the Dark Web and is even unregistered. The discovery comes at a time when the ransomware trade is running on handsome commissions.

Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers

Security researchers report discovering several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal, saying the flaws exposed users to potential session hijackings and account takeovers.

New Word malware attacks infect systems without using macros

Security researchers have discovered a new email spam campaign that tries to get users to open up Word document attachments that downloads a password stealer as its final payload.

Update: Dell storage platform security bugs allow root access

Security researchers recently unearthed up to nine security vulnerabilities in Dell EMC's Isilon OneFS platform that could allow remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root.

Olympics Malware attack may have been part of larger cyber-espionage scheme

Researchers discovered new details in the "Olympic Destroyer" malware which targeted the Winter Olympics in Pyeongchang, shedding more light on the malware's intentions and background information on the attack.

Twitter pornbots found advertising adult sites, misappropriating hashtags

A researcher who in 2016 uncovered roughly 500 bots programmed to create Twitter posts that advertise pornography found that about 20 percent of them were still active two years later.

Study shows which phishing attacks most successful

People are very predictable when it comes to designing phishing attacks that appeal to a potential victims with people most likely to click on messages concerning money.

Is UDPoS 'mag-stripe DNS exfiltration' malware dumb, or dumber?

US remains a target as researchers at Forcepoint Labs uncovered possibly the first new PoS malware for two years. Named UDPoS, courtesy of how it relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of data.

Amazon issues security patch for Key after researcher claims hack

Amazon is issuing a security patch for its "Key"services shortly after a researcher posted a video demonstration of them claiming to hack the Amazon device using a Raspberry Pi.

Evolving Hancitor downloader found, relying on malicious hosted servers

Despite its relatively small pool of viable targets, the malicious Windows-based downloader Hancitor continues to surface in malspam campaigns that recently have relied heavily on distribution servers.

Flash Player zero-day attacks attributed to advancing North Korean APT

Researchers are reporting that an increasingly sophisticated North Korean hacking group is responsible for an attack campaign exploiting CVE-2018-4878, a critical use-after-free flaw in Flash Player that has not yet been patched.

JenX botnet using video game to recruit IoT devices

Security researchers have found a new botnet that uses flaws connected to the Satori botnet and uses hosting services running multiplayer versions of Grand Theft Auto to infect IoT devices.