Andrew Atthowe

Nearly half (46%) of small and medium-sized enterprises (SMEs) regularly share confidential files via email, including financial and employee data in spreadsheets, according to a new study from the Lanop Accountancy Group. This is despite the fact that 60% have not upgraded their organizations’ cybersecurity capabilities since shifting to remote working during COVID-19. In a survey of […]

Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. The cybersecurity incident has exposed the account details of hundreds of thousands of customers in 14 different countries. Delivery Hero told Infosecurity Magazine that the exposed data consists of “unique email addresses as well as certain customer details: encrypted password hashes, name, first name, delivery address, and phone

The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside the health service around two weeks ago. A brief NHS Digital statement issued on Friday revealed that the incident occurred between Saturday May 30 and Monday June 1 2020. It claimed the security snafu affected a “very

The GDPR has successfully met its main objectives but work still needs to be done to improve cross-border investigations, increase regulator resources and address fragmented approaches across the EU, according to the European Commission. The review of the data protection legislation two years on highlights several areas for improvement. One of the most pressing is the

The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports. According to a statement, the service, which was launched in April as part of the Government’s Cyber Aware campaign, receives a daily average of 16,500 emails. NCSC chief executive officer Ciaran Martin called the number

Details of a new COVID-themed ransomware attack on Android users in Canada, known as CryCryptor, have been revealed by ESET researchers. In the attack, people were lured into downloading a ransomware app disguised as an official COVID-19 tracing tool through two COVID-themed websites. This came shortly after the Canadian government announced its support for the creation of

Over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor. Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured. The trove contained over 27GB of data, amounting to 8.9

Researchers have once again spotted crooks using calendar invitations to mount phishing attacks. The Cofense Phishing Defense Center found the attack in enterprise email environments protected by Proofpoint and Microsoft, it announced last week. The phishing scam uses iCalendar, which is a media type that lets users store and exchange calendaring and scheduling information, including events and tasks. iCalendar

More than a third of businesses do not have a ransomware emergency plan in place, or are not aware if one exists within their company. According to research from Ontrack of 484 organizations, 39% either did not have or were not unaware of a ransomware strategy, while 26% admitted they couldn’t access any working backups after an attack.

ESET is the latest security company to notice a sharp spike in RDP-based hacks over the last few months. The anti-malware company spotted a rise in the number of brute-force attacks using the remote access protocol, and said that cyber-criminals have been using it to distribute ransomware. The Remote Desktop Protocol is a proprietary Microsoft protocol that allows