Asokan is a consultant editor for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.
Soccer fans watching the 2022 FIFA World Cup live from Doha should think twice about installing two apps developed for the Qatari government, warn multiple European data protection authorities. The apps likely open the door to surveillance by authorities with a spotty human rights track record.
Pro-Kremlin hackers claimed credit for a denial-of-service attack against FBI websites, marking the latest in a series of nuisance attacks. The FBI earlier said it is aware of "pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success."
French defense multinational Thales confirmed that ransomware-as-a-service group LockBit published internal documents but emphasized its operations remain unaffected by the hack. The company says the source of the leak is likely a compromised user account of an online partner collaboration site.
The Cyber Police of Ukraine arrested five cybercrime gang members for their participation in a transnational scheme to fleece buyers into a supposed cryptocurrency and securities investment platform. The gang has established call centers around Europe, including three in Kyiv and Ivano-Frankivsk.
Police in Ontario arrested a dual Canadian-Russian national for his involvement with the LockBit ransomware-as-a-service gang. The United States is asking for the extradition of Mikhail Vasiliev, 33, to face a criminal charge in a New Jersey federal court of conspiracy to commit computer intrusion.
Hacktivists fighting a proxy online battle against Russia after its invasion of Ukraine claim to have dumped online a trove of files from the Central Bank of Russia. The IT Army of Ukraine also claimed to have disrupted payments processing at Moscow's Alfa Bank.
A Dutch member of the European Parliament accused the European Union of weakness in the face of a threat to democracy posed by advanced spyware apps such as the NSO Group's Pegasus. Sophie in ’t Veld called for a moratorium on such apps and for a supranational crackdown.
The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.
Ransomware-as-a-service group LockBit is threatening the release of data it says it stole from German auto parts maker Continental. The company in August acknowledged an incident involving its IT systems, but didn't respond Friday with additional information.
The United Kingdom's National Cyber Security Centre is scanning the British internet for vulnerabilities. "We're not trying to find vulnerabilities in the U.K. for some other, nefarious purpose," says the center, a part of signals intelligence agency Government Communications Headquarters.
Operational technology will gain more malicious attention from state-backed hackers, warns the European Union Agency for Cybersecurity. Geopolitics is driving changes in the threat landscape and the agency predicts retaliatory attacks for Western support of Kyiv.
Ransomware attacks pose the biggest cybersecurity threat to U.K. organizations, particularly hospitals and schools, the country’s National Cyber Security Centre warns. So far in 2022, 18 ransomware attacks have required nation-level coordinated efforts to mitigate the threats, it adds.
One of the world's largest copper smelters disclosed it underwent a cyberattack, stating that production "could largely be maintained." Germany-based Aurubis owns Europe's largest copper smelting facility, capable of refining 450,000 metric tonnes annually and located in Hamburg.
Parliament IT systems in two East European capitals were disrupted Thursday. The Poland Senate said a distributed denial-of-service attack partially originated from inside Russia. In Slovakia, a Parliament speaker postponed voting after telling lawmakers that vote-counting systems were not working.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.