In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.

Cybercriminals are using AI to carry out various cyberattacks including password cracking, phishing emails, impersonation and deepfakes. It’s important you understand how cybercriminals are using AI to their advantage so you can better protect yourself and family, as well as your accounts and data. Continue reading to learn about AI-enabled cyberattacks and what you can do to keep yourself safe.

If you read the news, you’ve encountered the term “Magecart” multiple times in recent years. The term refers to several hacker organizations that use online skimming methods to steal personal information from websites, most frequently customer information and credit card details on websites that take online payments.

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack. We’ve all heard of a “Man-in-the-Middle” (MitM) attack – also more recently called a “Manipulator-in-the-Middle” attack.

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials. Credential harvesting scams are pretty simple at face value: send an email that links to a spoofed login page/website, and let the credentials roll on in.

Last week, a vulnerability in the popular MOVEit managed file transfer service was exploited by the CL0P ransomware gang to execute data breaches – an increasingly common cybersecurity attack technique where popular software is exploited to target, by extension, their users. Victims of this hack include British Airways, Boots, BBC, and multiple US government agencies.