Security News

ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".

British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. The cyber incident prompted the Capita on March 31 to announce an IT issue that impacted its internal systems.

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign. According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."

The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament. Email bombing is an online attack where attackers bombard an email address with thousands of emails to overwhelm a recipient's inbox or mail server.

Microsoft says the KB5021751 update is respecting users' privacy while identifying the number of customers running Office versions that are outdated or approaching their end of support. It will only be installed on systems where one of the following Microsoft Office versions is also present: Office 2013, Office 2010, or Office 2007.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

"The increase in data breach incidents across North America is troubling and must be prioritized as employees continue to return in-person to their corporate offices," said Kuljit Chahal, Practice Lead, Data Security at Adastra North America. Awareness of data security best practices among employees is essential-according to the 2022 Verizon Data Breach Investigations Report, 82% of data breaches are caused by human error and companies of all sizes are at risk.

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability. "After installing updates released September 20, 2022 or later, taskbar elements might flicker and cause system instability," Microsoft said in a new issue added to the Windows health dashboard on Friday.

Ivanti worked with cybersecurity experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today's cybersecurity threats and find out how companies are preparing for yet-unknown future threats. The report revealed that despite 97% of leaders and security professionals reporting their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar they could prevent a damaging breach.

A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts. "In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.