Adam Parlett

The latest report from cybersecurity company KnowBe4 begins with the staggering revelation that ‘Some schools endure over 2,500 attempted cyberattacks a day’ – and the learning doesn’t stop there for the education sector. The report, entitled ‘From Primary Schools to Universities, the Global Education Sector is Unprepared for Escalating Cyber Attacks,’ follows up its opening statement by examining risks and vulnerabilities across the sector. It draws from several sources to chart the scale of attacks in 2024 and lists some of the most significant attacks from 2024. It also takes a closer look at the most prominent attack methods. Vulnerable…

Two bipartisan Senate bills reintroduced by US Senators last week aim to boost the cybersecurity defenses of small water and wastewater utilities. Any move to enhance cybersecurity in the water sector is welcome and overdue following calls last year from the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) for the industry to secure remote access to Human Machine Interfaces (HMIs) following an attack by pro-Russia hacktivists. Time to Act The Senators introducing the bills assert that only 20% of water and wastewater systems across the U.S. do not even have even basic levels of cyber…

Infostealers pose a persistent threat by facilitating advanced attacks such as ransomware and espionage. According to KELA’s “The State of Cybercrime 2024” report, 3.9 billion credentials have been found in credential lists sourced from infostealer logs.  The report provides a comprehensive look into cybercrime and highlights some of the notable threats from 2024. Using this insight, KELA predicts what attack vectors it thinks will feature prominently in 2025 before providing advice on how to stay ahead of threat actors.  Infostealers Information stealer (infostealer) malware is designed to harvest credentials, financial information, and other sensitive data. In 2024, KELA observed more…

The latest threat landscape report from ReliaQuest has unearthed some concerning findings regarding the critical threats faced by the hospitality and recreation sector. These include identifying a 43% increase in ransomware attacks, the discovery that 44% of phishing emails contained credential harvesters, and a staggering 433% increase in external remote services abuse. The reporting period occurred between September 1, 2024, and February 28, 2025. Convergence of Hospitality and Recreation Although different in many ways, hospitality and recreation often intersect. This is primarily because many hospitality organizations offer recreational activities to enhance their customers’ experiences. Both also share a focus on…

In the wake of Sir Keir Starmer’s announcement that NHS England, the body with many responsibilities relating to cybersecurity, will be scrapped to cut costs and improve efficiency, questions around cybersecurity have been raised relating to the NHS’s ability to prevent cyberattacks. NHS England is an administrative body established in 2013 that operates separately from the UK government but is guided by it. The service manages how health services in England (other UK countries have separate organizations) operate in relation to things away from the frontline, such as training and data collection. Relating to cybersecurity, its current responsibilities include ensuring…

For many, March signifies the spring equinox, daylight savings, and the celebration of St Patrick’s Day. For American sports enthusiasts, however, one event sits at the forefront of their thoughts – March Madness. Sadly, as with many high-profile sporting events, opportunistic cybercriminals also anticipate the event. March Madness centers around the NCAA Division I Men’s and Women’s basketball tournaments and features 68 teams in a single-elimination format that narrows down to crown four champions by the end of the month. It certainly provides drama on the court – but how can supporters avoid organizations avoid unnecessary upset off of it? …

Kansas-based Sunflower Medical Group disclosed to authorities on 7th March that they had suffered a data breach compromising the personal and confidential information of 220,968 individuals. In a statement on their website entitled ‘Notice of a Data Security Incident,’ Sunflower provided details about the attack. They identified how it was on January 7, 2025, when they first became aware of suspicious activity within its computer network. A subsequent investigation conducted in accordance with an unnamed cybersecurity organization revealed to them that an unknown third party had accessed their systems around December 15, 2024, and obtained the personal information of certain individuals.…

YouTube was forced to release a statement last week warning users that fraudulent artificial intelligence (AI)- generated videos depicting their CEO Neal Mohan announcing changes in monetization were in circulation. The deepfake videos were sent out as private videos to the platform’s content creators in cynical attempts to scam them, install malware, and steal credentials.  In their statement, the YouTube team acknowledged the existence of the videos, reiterated that they would never attempt to contact users to share information via a private video, and provided some guidance. Video Nasty Targeted users received an email that looked like it was from…

For their Breaking Digital Trust Report, researchers from Keyfactor analyzed 500,000 digital certificates to identify common certificate defects that could impact organizational security and determine the scale of the issue. They discovered that 91,239 of the 504,736 certificates, a concerning 18.08%, contained at least one identified risk factor. Certificates are Significant Digital certificates are the foundation of machine identity management, a key component of digital trust, which ensures trust across networks, applications, and cloud environments. They act as electronic credentials, verifying the authenticity of devices, servers, or users using cryptography and public key infrastructure (PKI). They ensure that only trusted…

Following the conclusion of some of their matches this season, as with any other season, the sentiment among Leeds United football supporters that they have “been robbed” can be heard reverberating around the ground, on the terraces, and in the streets around their Elland Road stadium. Perceived injustice is a part of the sport, and although keenly felt, their loyal followers can (after a cup of Yorkshire tea) shrug it off and carry on. What they won’t be so familiar with, however, is receiving an official communication from the club informing them that they themselves have actually been robbed. This…