Research News, Articles and Updates

Tapplock Smart locks found to be physically and digitally vulnerable

Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.

European credential theft industry booming as US market sees decline

There has been a 39% increase in compromised credentials detected from Europe and Russia between January-May compared to the same period in 2017: Daniel Solís, CEO & founder Blueliv, explains why in this video.

InvisiMole - powerful but rarely seen cyber-espionage malware detailed

A rarely used, but very powerful cyber-espionage malware with the ability to install backdoors, remotely execute code and grab sound and audio from the affected device has been discovered and analysed by ESET researchers.

Hackers using Excel IQY files to dodge antivirus and download malware

Security researchers have discovered a new spam email campaign using a novel approach to infect victims. Users tricked into downloading and executing malicious script via Excel.

Three-quarters of Redis servers are infected with malware

Research finds that unsecured servers should not have been connected to the internet. Three-quarters of open Redis servers are infected with malware, according to new research.

Can AI smarts replace humans in the Security Operations Centre?

Newly published research suggests 27 percent of enterprise security teams see more than 1 million alerts per day, and more than half of IT professionals admit they are struggling to identify critical incidents and false positives alike.

Email fraud still a substantial threat to business

Business email compromise still most popular and most effective attack vector. The bulk of email fraud gangs still operate out of Nigeria, according to new research.

Mirai-variant attack launched from Mexico

A pair of Trend Micro research teams has detected and done a quick cyber-autopsy on a new Mirai-like attack that popped up in Mexico earlier this month targeting GPON home routers and IP webcams.

Cyber-security spend to exceed US$1 tn in 5yrs to 2021; losses to hit $6 tn

Expenditure on cyber-security in the five years to 2021 will exceed US$1 trillion; losses from cyber-crime reach US$6 trillion annually; top 500 cyber-security companies list published.

Winnti cyber-espionage group associated with Chinese state intelligence

A research firm has identified groups associated with Chinese state intelligence as the malicious actors behind a long-running and previously unreported operation by the Winnti umbrella group.

Despite increased cyber-risk awareness, poor password hygiene still rules

New research has revealed that even though people are now more aware of security best practices than in the past, their password management has remained largely unchanged.

Ransomware up 350% says 2018 Global Threat Intelligence Report

NTT Security 2018 Global Threat Intelligence Report (GTIR): Ransomware up 350% and spyware ranks first in volume of malware at 26% reflecting attackers' desire for long-term presence for information.

43% businesses, 19% of charities hit by data breaches: Cyber Breach survey

In a month from now, the UK will welcome GDPR which will give the ICO more powers to defend consumer interests and issue fines of up to £17 million or four percent of global turnover on organisations in the event of data breaches.

Cryptocurrency's legal tender

"Good investments don't bite you on the bottom and say we're here. It takes good old hard work and research, the kind they do at Smith Barney ... they make money the old fashioned way: They earn it."

AI has application in cyber-security but needs an ethical basis say Lords

AI needs to be representative of the community it serves. It should use established concepts: open data, ethics advisory boards, data protection legislation, new frameworks & mechanisms, such as data portability & data trusts.

Email compromise to exceed £6.4 bn in 2018 as attacks increase say NCSC/NCA

News Feature: The cyber threat to UK business 2017-2018 report jointly launched this week by the National Cyber Security Centre (NCSC) and the National Crime Agency(NCA) highlights the extent of the threats faced by the UK.

Warning: Human error & social engineering join ransomware & DDoS threats

Human error and social engineering are front and centre of the biggest cyber-threats to enterprise over the last 12 months, according to a new report.

The incredible opportunities and risks of the Internet of Things

Businesses cannot allow a lack of collaboration among internal departments to inhibit their ability to fully realise the potential afforded by future-facing technologies.

Despite risks, a majority of firms are allowing the use of Wi-Fi hotspots

While experts have warned about the perils of connecting to unsecured public Wi-Fi hotspots in the past, new research has revealed that organisations are suffering more from security issues than in the past.

Indicted Iranian hackers phished targets using library account lures

The nine US-indicted Iranians who stand accused of exfiltrating 31 terabytes of research and data from educational institutions, companies and government agencies, allegedly used phishing schemes to steal university credentials.

Phishing or Ransomware? Experts dispute which is biggest cyber-threat

Cyber-security executives and business decision makers question whether phishing emails or ransomware attacks are the most potent threats faced, but are businesses equipped to implement all-round risk mitigation strategies?

Study: Malware counts higher on computers whose users visited piracy sites

Each time a user doubles the amount of time he spends visiting illegal torrent and streaming websites, the malware count on his machine jumps another 20 percent, according to an academic paper released earlier this month.

Three-quarters of businesses targetted at least once by email fraud

Research finds 75 percent of organisations were targeted at least once by email fraud, in the last two years and 41 percent said their business had been targeted multiple times.

Does Mosquito air-gapped computer exploit lack real-world bite?

The Cyber-Security Research centre at Ben-Gurion University of the Negev in Israel has published research demonstrating how air-gapped computer security can be bypassed using covert speaker-to-speaker.

Mac malware rockets 270 percent - users warned 'safe' perception is wrong

Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely 'safe' is misleading.

Double cryptominer delivered via Oracle server exploit

Threat actors exploited the CVE-2017-10271 vulnerability which allows for remote code execution to deliver both a 64-bit variant and a 32-bit variant of an XMRig Monero miner, according to a 26 February blog post.

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

Enter boardroom, set hair on fire. How not to tackle incident response

Event anomalies can be an indicator of attack, but they can also just be an IT problem. New research suggests the latter might be more common than you think.

New email scam targeting accounts personnel at Fortune 500 companies

Criminals impersonate legitimate email accounts to initiate wire transfer fraud. Security researchers have uncovered an active Business Email Compromise (BEC) campaign targeting Accounts Payable personnel at Fortune 500.