The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents.   By Joe Fay  WhatsApp Would Leave U.K. Rather Than Break Encryption  WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted privacy, the BBC reported. Lowering its security in the U.K. would have implications for all its users, he continued, and

By John Weiler  Mexico timeshare scams, the DoppelPaymer ransomware gang gets busted and a major data leak rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023.   Threat Advisories and Alerts  FBI Issues Warning About Mexico Timeshare Scam  The U.S. Federal Bureau of Investigation (FBI) has issued an advisory about timeshare scams in Mexico, which affected over 600 people and resulted in roughly $39.6 million in victim losses last year. How does the scam work? Owners of timeshares in Mexico receive an unexpected email or phone call from fraudsters requesting to sell or rent their timeshare. When owners agree to sell, they then pay an upfront fee to cover supposed closing costs, advertisements

By Dave Cartwright, CISSP  In February 2023, something very unusual happened. Following a ransomware attack on Royal Mail International, a division of the U.K.’s (formerly state-owned) mail and parcel delivery service, the negotiation between the firm’s representatives and the LockBit ransomware attackers made it into the public domain.  As reported in January 2023, Royal Mail engaged with the U.K. National Crime Agency (NCA) and National Cyber Security Centre (NCSC), and part of the resulting activity was to negotiate with representatives of LockBit – without much success.  The first thing of note is that the chat covers a time period of nearly a month – from January 12 to February 9. As can be seen in the transcript, many of the

Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks.  Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community  If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as a cybercriminal, while a text analysis suggested at least 30 percent of underground forum participants may be women. The work

Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023.  Threat Advisories and Alerts  NCSC Publishes Guidance on Zero Trust Security   The U.K. National Cyber Security Centre has published guidance on how companies can leverage zero trust security. The article explains why some systems can’t integrate into a zero trust network. Organizations can get around this issue by building a mixed estate using a zero trust proxy or a managed virtual private network (VPN).   ZK Java Web Framework Flaw Is Being Actively Exploited  A high-severity flaw (CVE-2022-36537) affecting the ZK Framework has been added to the U.S.