Category: 365 days of blogs

Security researchers at Asset Research Group – a part of the Singapore University of Technology and Design have released a paper detailing their research into the security of 5G devices and infrastructure. The paper discloses a total of 14 vulnerabilities (10 CVEs), of which 10 affect commercial off-the-shelf (COTS) edge […]

Researchers from VUSec – the Vrije Universiteit, in Amsterdam have disclosed a new side-channel attack called SLAM (Spectre based on LAM) that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The research paper called ‘Leaky Address Masking: Exploiting Unmasked Spectre […]

The UK and allies have attributed a series of malicious cyber events which attempted to interfere in UK politics and the democratic process to a division of the Russian Federal Security Service (FSB). The National Cyber Security Centre (NCSC) assesses that Star Blizzard has been identified using cyber operations to […]

This is a story I’ve been keeping my eye on for a few weeks now, but held off writing anything until the full picture emerged. Threat actors compromised the 23andMe network back in October this year. At the time of the breach, the company said that attackers had infiltrated some […]

A new threat has emerged which has the potential to impact every PC in use today. The attack (dubbed LogoFAIL by the researchers at Binarly who identified it)  executes malicious firmware early in the boot-up sequence of vulnerable devices. A full write up of the issue can be read via […]

Google has just opened a new flagship cybersecurity hub in Malaga, Spain and at the same time, has announced a $10 million cybersecurity skills program in partnership with the European Cyber Conflict Research Incubator. GSEC Malaga is the third Google cybersecurity hub, the others being in Dublin and Munich and […]

The UK’s National Cyber Security Centre (NCSC) has released a new product today, aimed at helping organisations test the robustness of their Incident Response programs. The Cyber Incident Exercising scheme (CIE) provides a controlled, scenario-based opportunity for organisations to practice, evaluate and improve their cyber incident response plans (CIRPs). CIE […]

Digital travel agent booking.com has a problem – one which has seen hundreds of customers scammed out of thousands of pounds in the last 10 months. Numerous posts have surfaced on various social media sites from customers saying that they have been scammed for payments by messages in the official […]

AlphaV / Blackcat have posted a claim that they have compromised Tipalti – a financial transaction company which operates a payments platform for online services such as GoDaddy, Twitch, Twitter, Canva, Discord, Cazoo, and many more. Via their online dark web leak site, the gang say that they have been […]

A new strategy targeting telecom companies & mobile phone users has started to emerge which seems to have started as a result on the crack-down of SIM swapping attacks in the last 18 months or so. The new tactics being employed by threat actors are targeting processes involved with call […]