Daily Cyber Insights - Iain Fraser | Accredited Cybersecurity Journalist & Authority Writer

Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire   If you run a UK SME, “cybersecurity” usually lands on your desk only when something breaks; a supplier emails to say they have been breached, a director gets a fake invoice chain, or Microsoft 365 locks an account after suspicious sign-ins. That reactive cycle is expensive. The UK Government’s Cyber Security Breaches Survey 2025 found 43% of businesses reported a cyber security breach or attack in the last 12 months, and phishing remained the most common route in. SME cybersecurity is how you stop those incidents becoming operational disruption, financial loss, and a UK GDPR reporting scramble. It is not enterprise theatre. It is focused, budget -aware risk reduction. What is SME cybersecurity, in plain English? SME cybersecurity is the set of people, process, and technical controls that reduce the chance of a cyber incident and limit the impact when one happens. For most SMEs, the “crown jewels” are not a...

Tuesday, 5th December 2023 CYBER BREACH: Data Breach Exposed Thousands of Pet Medical Records Including Owner Information By Jeremiah Fowler - Website Planet  Syndicated By IainFraser.net/CYBER_Voice Daily Cyber Insights  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 56,000 records, including pet medical reports, DNA tests, pedigree history and other potentially sensitive information. As a long-time cyber security researcher, this is one of the most interesting discoveries I have ever encountered and a first for me.  I recently discovered a non-password protected database that contained records of thousands of dogs from around the world and included the information of their human owners. The publicly exposed cloud storage database contained a total of 56,624 documents in .PDF, .png, and .jpg formats with a total size of 25 GB. Upon further investigation, the database appeared...

28th November 2023  CYBERSECURITY NEWS: UK NCSC & South Korea´s NIS and issue joint advisory  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire CYBERSECURITY NEWS: NCSC & South Korea´s NIS and issue joint advisory warning about DPRK state-linked cyber actors attacking software supply chains. Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.  Cyber actors linked to the Democratic People’s Republic of Korea (DPRK) are increasingly targeting software supply chain products to attack organisations around the world, the UK and the Republic of Korea have warned. In a new joint advisory, the National Cyber Security Centre (NCSC) – a part of GCHQ – and the National Intelligence Service (NIS) have detailed how DPRK state-linked cyber actors have been using increasingly sophisticated techniques to gain access to victims’ systems. The actors have been observed leveraging zero-day vulnerabil...

28th November 2023  CYBERSECURITY NEWS: ECSO Launches its latest ground-breaking initiative CYBERHive  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire ECSO is delighted to announce the launch of its new, ground-breaking initiative: Cyberhive EUROPE. Cyberhive is the first-ever European marketplace co-created with- and for the European cybersecurity ecosystem, and will offer global accessibility to all Europe-headquartered cybersecurity solution providers, while also being freely accessible to end-users worldwide. Through the Cyberhive, ECSO will connect market players, promote European-made products, and ultimately strengthen the European cybersecurity market as a whole. To learn more about the Cyberhive, read below.  The second Annual CISO Meetup, organised by ECSO, starts today! Over 150 CISOs are joining us in Florence from all over Europe to engage in high-level discussions on critical cybersecurity topics. Read more below. Learn More /... ...

28th November 2023  CYBERSECURITY NEWS: EUROPOL - International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war  Syndicated By: Iain Fraser/ Cyber PR Wire via IainFRASER.net/ CyberPRWire The ransomware gang is behind high-profile attacks that created losses of hundreds of millions of euros.  In an unprecedented effort, law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations wreaking havoc across the world.  The operation comes at a critical time, as the country grapples with the challenges of Russia’s military aggression against its territory. On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne and Vinnytsia, resulting in the arrest of the 32-year-old ringleader. Four of the ringleader's most active accomplices were also detained. Learn More /... About EUROP...

Tuesday, 28th November 2023 CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance Posted by: Iain Fraser - Cybersecurity Journalist Gibraltar via IainFraser.net/ Daily Cyber Insights CYBER THREAT INTEL: AI - UK & US Spooks publish AI Development Guidance The UK NCSC & US CISA have joint-published what they term as "security-focused guidance" for AI & ML developers and those who leverage AI/ML with their protocols and systems.  The Publication of Guidelines for Secure AI System Development (PDF),  apply to all types of AI/ML systems, regardless of whether built from wireframe up or added as a bolt-on on third-party resources, to address issues related to AI, cybersecurity, and critical infrastructure. Devised to be used in conjunction with existing Cybersecurity, Incident Response and Cyber Risk-Management protocols. The NCSC and CISA have said “Providers should implement security controls and mitigations where possible within their mode...

Thursday, 23rd November 2023 CRYPTO FRAUD: US DoJ - Binance and CEO Plead Guilty to Federal Charges in $4B Resolution Syndicated By: IainFraser.net/CyberPRWire Daily Cybersecurity PRWire Binance Admits It Engaged in Anti-Money Laundering, Unlicensed Money Transmitting, and Sanctions Violations in Largest Corporate Resolution to Include Criminal Charges for an Executive Binance Holdings Limited (Binance), the entity that operates the world’s largest cryptocurrency exchange, Binance.com, pleaded guilty today and has agreed to pay over $4 billion to resolve the Justice Department’s investigation into violations related to the Bank Secrecy Act (BSA), failure to register as a money transmitting business, and the International Emergency Economic Powers Act (IEEPA). Binance’s founder and chief executive officer (CEO), Changpeng Zhao, a Canadian national, also pleaded guilty to failing to maintain an effective anti-money laundering (AML) program, in violation of the BSA and has resigned as CEO...

CYBER THREAT INTELLIGENCE - IAEA: Enhancing Cybersecurity for Nuclear Safety and Security Posted By: Iain Fraser - Cybersecurity Journalist via Daily Cyber Insights PR Wire  IainFraser.net/CyberInsights The International Atomic Energy Agency (IAEA) published an article back in June this year but the topic is so evocative I have decided to revisit the subject particularly with developments in the Russia - Ukraine War. Only a few weeks ago Russia launched an attack of  Iranian-designed Shahed drones on the Khmelnytsky Nuclear Power Plant region. The IAEA was quick to confirm that the plant's operations were unaffected. IAEA Director General Rafael Grossi said in a statement at the time that "Powerful explosions shook an area near Ukraine's Khmelnytsky," "The blasts highlight the dangers to nuclear safety" posed by the war, he added. Writing on the IAEA Website back in June this year in her article Enhancing Computer Security for Nuclear Safety and Security - ...

Thursday, 16th November 2023   EUROPOL: Europol and Eurojust support Czech and Ukrainian police in taking down multi-million euro voice phishing gang  Syndicated By: Iain Fraser  Cybersecurity Journalist Gibraltar via  IainFRASER.net/PRWire The Czech and Ukrainian police have disrupted, with the support of Europol and Eurojust, a prolific phishing gang believed to have defrauded victims across Europe of tens of millions of euros. In Czechia alone, the damage caused by this criminal group is estimated at over EUR 8 million (CZK 195 000 000). As a result of this investigation, six suspects were already arrested in Ukraine and four in the Czech Republic in April this year. Locations in Czechia (Domazlice, Rokycany and Plzen) and Ukraine (Dnipropetrovsk) were searched during the raids, including the homes of the accused, vehicles and call centres. Learn More /...

EUROPOL: Unleashing Tech in the fight against Intellectual Property Crime Syndicated By: Iain Fraser  Cybersecurity Journalist Gibraltar via  IainFRASER.net/PRWire Friday, 27th October 2023 Europol Intellectual Property Crime Conference hosts 250 experts fighting counterfeit goods that pose threat to health, safety, and the environment  The conference, themed "Tackling counterfeit goods posing a threat to health, safety, and the environment," delved deep into the critical issues surrounding intellectual property (IP) crime, with a particular focus on the role of advanced technology. Within a busy agenda of conference activities, a diverse group of experts and stakeholders from around the world came together for the discussion. Learn More /... Key topics at the conference included: • the role of women in fighting intellectual property crime; • counterfeit goods posing a threat to health and safety; • counterfeit goods posing a threat to the environment; • the impac...

DATA BREACH: Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach By: Jeremiah Fowler - WebsitePlanet.com Syndicated By: Iain Fraser  Cybersecurity Journalist Gibraltar via  IainFRASER.net/PRWire Wednesday, 25th October 2023 Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12 million records containing medical diagnostic scans, test results, and other potentially sensitive medical records. The database contained a massive amount of medical test results that included the names of patients, doctors, if the testing sample was done at home or at a medical facility, and a wide range of other sensitive health information. The total number of records was significant, at a count of 12,347,297 with a total size of 7TB. Upon further investigation, the documents were marked as belonging to an India-based company called Redcliffe Labs.  I immediatel...

EUROPOL: Ragnar Locker ransomware gang taken down by international police swoop Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar via IainFRASER.net/PRWire Tuesday, 24th October 2023 EUROPOL: Ragnar Locker ransomware gang taken down by international police swoop as Law Enforcement and Judicial authorities from eleven countries delivered a major blow to one of the most dangerous ransomware operations of recent years.  This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous high-profile attacks against critical infrastructure across the world. In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain and Latvia. The “key target” of this malicious ransomware strain was arrested in Paris, France, on 16 October, and his home in Czechia was searched. Five suspects were interviewed in Spain and Latvia in the following days. At the end of the...

UKCSC: Singapore & UK have expressed their intention to jointly build and develop a cyber security profession  Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar via IainFRASER.net/CyberInsights Tuesday, 24th October 2023 The UK Cyber Security Council have announced that Singapore and the United Kingdom, have expressed their intention to jointly build and develop a cyber security profession that is clearly-defined and future-proofed. The Governments of Singapore and the United Kingdom recognise that the cyber security skills gap is a global issue that will require a collaborative approach from the international community. Addressing this gap will reduce cyber risk to organisations and citizens across our economies and support the growth of the sector workforce in the coming years. Accordingly, Singapore and the United Kingdom recognise the need to work together to improve and champion the cyber security profession. Earlier today, Singapore’s Minister for Communicatio...

The Israeli-Hamas Conflict Shows Cyber Warfare Is Now the New Normal Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar Research By: Jeremiah Fowler via IainFRASER.net/CyberInsights The Israeli-Hamas Conflict Shows Cyber Warfare Is Now the New Normal During the start of the Russian invasion of Ukraine the hacktivist group Anonymous declared a cyber war against Russia. At the time, I conducted extensive research into the methods, tactics, and results of how a group of semi-unorganized non-governmental hacktivists were able to cause major havoc in Russia. Their strategy included everything from hacking news outlets, home printers, and connected devices, to downloading a mind-boggling amount of Russian data belonging to companies and government agencies and then publicly releasing that data online. It was the first time the world saw a successful crowdsourced cyber war that could not be tracked back to any specific country or government. Learn More /... About Jeremiah Fowler Je...

EUROPOL: International operation closes down Piilopuoti dark web marketplace  Syndicated By: Iain Fraser Cybersecurity Journalist Gibraltar - PRWire Channel IainFraser.net/PRWire Thursday 21st September 2023 In a significant victory against dark web criminals, the Finnish Customs (Tulli), together with European partners, has successfully taken down the dark web marketplace ‘Piilopuoti’.  Drugs and other illegal commodities were sold in large quantities on this Finnish-language platform which had been operating on the Onion Router (Tor) network since May 2022.  This successful action by the Finnish Customs was supported, among others, by the German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras). Europol’s European Cybercrime Centre coordinated the international activity and provided operational support and technical expertise.  The investigation is still ongoing as law enforcement worldwi...

EUROPOL: Qakbot botnet infrastructure shattered after international operation  Syndicated By:  Iain Fraser Cybersecurity Journalist , Gibraltar via  IainFRASER.net/PRWire Friday, 8th September 2023 The malware victimised more than 700 000 computers, with at least EUR 54 million paid in ransoms since 2007  Europol has supported the coordination of a large-scale international operation that has taken down the infrastructure of the Qakbot malware and led to the seizure of nearly EUR 8 million in cryptocurrencies. The international investigation, also supported by Eurojust, involved judicial and law enforcement authorities from France, Germany, Latvia, The Netherlands, Romania, United Kingdom and the United States. Qakbot, operated by a group of organised cybercriminals, targeted critical infrastructure and busine1sses across multiple countries, stealing financial data and login credentials. Cybercriminals used this persistent malware to commit ransomware, fraud, and ot...

CYBER RESILIANCE ACT: European Parliament has published its position on the act  Syndicated By: Iain Fraser Cybersecurity Journalist , Gibraltar via IainFRASER.net/PRWire Friday, 8th September 2023 The Cyber Resilience Act comprises a legislative initiative aimed at introducing cybersecurity mandates, including obligatory security patches and vulnerability management for Internet of Things (IoT) products and interconnected devices capable of data collection and exchange. The EU lawmakers engaged in the dossier for the European Parliament's principal Industry Committee have deliberated on the incorporation of open source considerations, whether within the preamble or the substantive text, the duration of product support, reporting responsibilities, and the timeline  for implementation. After deliberations, the Parliament has now published its common position. Learn More /... About ECSO (European Cyber Security Organisation ECSO was created in 2016 as the contractual counterpart...

COMPLIANCE: Experian agrees to permanent injunction & $650k Spam Fine - USDOJ  Syndicated By: Iain Fraser Cybersecurity Journalist, Gibraltar via IainFRASER.net/PRWire The Justice Department, together with the Federal Trade Commission (FTC), today announced that ConsumerInfo.com, Inc. dba Experian Consumer Services (Experian), has agreed to a permanent injunction and a $650,000 civil penalty as part of a settlement to resolve alleged violations of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), the Controlling the Assault of Non-Solicited Pornography and Marketing Rule (CAN-SPAM Rule), and the Federal Trade Commission Act.  The CAN-SPAM Act and Rule require senders of commercial emails to notify the recipients of such emails of their right to opt-out of future emails and to provide an opt-out mechanism. Experian shares a parent company, Experian PLC, with Experian Information Solutions Inc., which offers credit inform...

EUROPOL: 5 arrested in Poland for running bulletproof hosting service for cybercrime gangs  Syndicated By: Iain Fraser - Cybersecurity Journalist - Gibraltar via IainFRASER.net/CyberPR 15th August 2023 The Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor's Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world.  Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available.  This latest success in the fight against cybercrime follows a complex investigation supported by Europol and the US Federal Bureau of Investigation (FBI). Learn More /... Image Credit: Europol

DATA BREACH: School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online By Jeremiah Fowler - Website Planet Syndicated By: Iain Fraser - Cybersecurity Journalist Gibraltar IainFRASER.net/ Google Indexed on 280723 at 13:40 CET 28th July 2023 School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS). In my many years as a security researcher, I have seen everything from millions of credit card numbers and health records, to internal documents from organizations of all sizes. However, this discovery is am...