Edinburgh Trust Forum

NCC Group are hosting a Trust Forum in Edinburgh on the 19th of March with a presentation from Police Scotland Cyber Crime Unit on the subject of current trends in cyber crime. This is a free event and a good chance to meet others within the security field from both the Public and Private sectors. […]

Next Group Meeting

The next group meeting will be held in Edinburgh on the 14th of April. IBM will be presenting in the morning followed by the usual group closed door session, details and agenda will follow using the usual methods in the coming weeks.

Cyber bank robbers steal $1bn, says Kaspersky report

Up to 100 banks and financial institutions worldwide have been attacked in an “unprecedented cyber robbery”, claims a new report. Computer security firm Kaspersky Lab estimates $1bn (£648m) has been stolen in the attacks, which it says started in 2013 and are still ongoing. A cybercriminal gang with members from Russia, Ukraine and China is responsible, it […]

Cyber Security Conference 2015

Some members of the group will be presenting or appearing on a panel at the Cyber Security 2015 Conference to be hosted at Dynamic Earth, Edinburgh. Past events have been a very worthwhile experience with some excellent discussions and presentations. More information can be found on the holyrood site at http://cybersecurity.holyrood.com/

Next Group Meeting

Our next group meeting will be hosted by Highland Council on Tuesday 17th February. Details and location are included in the weekly update. Highland Council are also looking for confirmation of numbers, so please let Iain Kerr know if you plan to attend. If you have anything you would like added to the agenda please […]

Microsoft Security Bulletin MS14-068 – Critical

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. Read more at https://technet.microsoft.com/library/security/MS14-068

Dyreza Banker Trojan

A large scale phishing campaign that utilises malicious links, used to bypass Anti-Virus defences, and connect to malicious servers hosting Dyre/Dyreza malware. The emails are propagated through spam messages, many of which appear to be messages from financial institutions. Dyre/Dyreza is a banking trojan that exploits vulnerabilities within the infected machine’s systems, potentially giving malicious actors […]

Next Group Meeting

The next group meeting will be on 16th December in Stirling. The venue and agenda are still to be confirmed so more information will follow as soon as we have it.

Security Notice – Drupal PSA-2014-003

Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003 “This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours […]