Security News

A former asylum seeker with a postgraduate degree in cybersecurity who alleged his bosses were spying on him for MI5 has lost his attempt to claim he was racially discriminated against. The anonymous man, who worked for an unnamed company that set up a UK cyber range in mid-2019, told the Employment Tribunal that he had quit after being subjected to racial harassment at work - but judges overruled all of his legal claims.

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid. The attack is considered the probable source of Mumbai's power outage in October of the same year.

North Korea's hackers homed in on specific infosec researchers and infected their systems with a backdoor after luring them to a suspicious website, Google revealed on Monday. "The researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," said Googler Adam Weidemann.

Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month. From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens' radar, and discussed among admins and security researchers.

Last week ended with news that the venerable infosec mailing list Bugtraq was being shutdown at the end of the month. From its first posts in November 1993, Bugtraq aimed to get details of vulnerabilities, as well as defence and exploitation techniques, onto netizens' radar, and discussed among admins and security researchers.

By running a survey on whether infosec bods think the Common Vulnerability Scoring System is a useful tool for assessing security flaws, Dr Zinaida Benenson of Friedrich-Alexander Universität Erlangen-Nürnberg's IT Security Infrastructure Lab in Germany hopes to further the infosec world's understanding of how reliable the system really is. While the survey hopes to gain up to 300 respondents, Benenson was coy about precisely what she's hoping to prove or disprove, but she did drop The Register a hint about the current state of CVSS scoring.

When it comes to cybersec certifications, GIAC is the gold standard. The organisation takes pride in certifications that "Rather than skimming the surface of different skillsetsare a mile deep for specialised job-focused tasks." And GIAC exams with Cyberlive don't just test you on the theory, but show you've proven your skills in lab-based situations.

While in 2020 organizations were focused on adapting existing technology to borderless and disconnected environments, we will see a massive shift to cloud-native solutions in 2021. In addition to new attacks on container-based environments, 2021 will bring the heightened threat of ransomware and new solutions to combat disinformation.

Naked Security's Paul Ducklin interviews Sophos expert John Shier about his recently published paper, "20 years of cyberthreats that shaped information security". Join John on a dizzying journey all the way from legendary viruses such as ILOVEYOU and Code Red, which flooded the internet in 2000, to present-day ransomware gangs like Ryuk and REvil, who are extorting millions of dollars in blackmail money per attack.

Locked up indoors with nothing to do as the evenings draw closer? If lighthearted chats about cyber security are your thing, followed up by some banging dance tunes, then we have just the event - all in the name of charity, of course. The Cyber House Party launched this summer with the inaugural shindig held on 3 June and the second on 29 October, pulling in a total of 750 attendees and raising £10,000 in donations.