O2 customers' details sold on darkweb

O2 customers' details sold on darkweb

Customers of the popular mobile network O2 are having their details sold on a dark web marketplace

Privacy implications in store for users of "Trump Yourself"

Privacy implications in store for users of "Trump Yourself"

A new Facebook app from Hillary Clinton's presidential campaign which invites users to "Trump Yourself" could contain privacy implications.

Cash if you get ransomware on your machine

Cash if you get ransomware on your machine

Security company SentinelOne is now offering US$ 1000 (£762) per machine or up to US$ 1 million (£762,000) per company as compensation if a ransomware infection occurs while their product is installed.

IHS Markit says video doorbell use is on the rise, but are they safe?

IHS Markit says video doorbell use is on the rise, but are they safe?

Information and data experts at IHS Markit are reporting exponential growth of video doorbells which are outpacing conventional video door phones. But are they safe?

[Updated with video] Final arguments heard in Lauri Love extradition case

[Updated with video] Final arguments heard in Lauri Love extradition case

Counsel for Lauri Love and the US government rehearsed their final arguments as Tom Reeve reports from Westminster Magistrates' Court yesterday.

69% of email attacks with malicious attachments in Q2 contained Locky

69% of email attacks with malicious attachments in Q2 contained Locky

The first five months of 2016 were dominated by malicious email campaigns, the quick emergence of new ransomware variants, one of the largest botnets in the world went dark, and the Angler exploit kit (EK) went silent

Ransomware targeting healthcare overshadows other sectors

Ransomware targeting healthcare overshadows other sectors

An analysis of malicious threats tracked by managed security services provider Solutionary reported that ransomware attacks targeting healthcare companies comprised 88 percent of all ransomware attacks.

ThreatConnect: Guccifer 2.0 likely persona for Russian-linked propagandists, PR operatives leaking info to media

ThreatConnect: Guccifer 2.0 likely persona for Russian-linked propagandists, PR operatives leaking info to media

Despite the hacker's claims of independence, a digital trail traced by the ThreatConnect Research Team led to an Elite VPN service based in Russia being used to pass documents to the media.

Kimpton Hotels investigates potential payment card breach

Kimpton Hotels investigates potential payment card breach

The hotel chain said it had been made aware of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties.

RNC's Preibus unwise to challenge hackers

RNC's Preibus unwise to challenge hackers

Republican National Committee (RNC) Chairman Reince Priebus may have tossed down a gauntlet to hackers when he declared that his organization's data is safe and he does not expect to be hacked.

'KeySniffer' attack allows wireless keyboard eavesdropping

'KeySniffer' attack allows wireless keyboard eavesdropping

Bastille Researchers spotted a vulnerability affecting wireless keyboards that could allow an attacker to eavesdrop from hundreds of feet away.

Ransomware most profitable malware in use: Cisco

Ransomware most profitable malware in use: Cisco

Ransomware is now the most profitable form of malware primarily because the victims do a poor job of defending themselves, according to a new report by Cisco.

Feds would benefit from adoption of IoT, analysis finds

Feds would benefit from adoption of IoT, analysis finds

The federal government would greatly benefit from implementation of Internet of Things technology, but few agencies are taking advantage, says the Center for Data Innovation.

Trump's Russian interests and Guccifer 2.0

Trump's Russian interests and Guccifer 2.0

A flood of information has emerged that connects GOP presidential nominee Donald Trump to a questionable cast of characters who are linked to Soviet interests.

Russian hackers take the stage at DNC convention

Russian hackers take the stage at DNC convention

The email dump underscored the holes in security and privacy yawning at many organizations and the very real possibility that nation-states like Russia have upped their game to manipulate the democratic process.

TSA master key hackers expose dangers of physical and digital key escrow policies

TSA master key hackers expose dangers of physical and digital key escrow policies

The hackers responsible for reproducing seven master keys used by the TSA to open locks commonly placed on luggage have now duplicated an eighth key in an effort to demonstrate the dangers of digital key escrow policies.

Patchwork cyberespionage campaign branches out to strike businesses

Patchwork cyberespionage campaign branches out to strike businesses

The cybergang behind the Patchwork, aka Dropping Elephant, cyberespionage campaign has expanded its reach outside of government organizations and is now hitting the private sector.

Proliferation of hacker culture helped keep Anonymous from being branded terrorist org

Proliferation of hacker culture helped keep Anonymous from being branded terrorist org

How has Anonymous avoided being labeled as a terrorist group? That is a serious question that was proposed by an anthropologist during the HOPE Conference in New York City.

SC wins three top national honors from ASBPE

SC wins three top national honors from ASBPE

SC Magazine received three national awards from ASBPE, the highest honor in the annual awards contest open to B2B, trade, association and professional publications.

Fake Tinder sites lure users to give up financial info

Fake Tinder sites lure users to give up financial info

In the UK, 41 percent of online daters have been spammed or scammed when using online dating services.

Modified Hackhound PWS used for cyberespionage spearphishing

Modified Hackhound PWS used for cyberespionage spearphishing

McAfee labs researchers spotted a series of spear phishing attacks using a modified version of the Hackhound password stealer.

Pornhub subscriber info exposed, but relax, it was a bug bounty exploit

Pornhub subscriber info exposed, but relax, it was a bug bounty exploit

White hat hackers seeking a $20,000 bug bounty were able to gain remote code execution and tap into the inner workings of popular porn site Pornhub.

Law enforcement and IT security companies join forces to fight ransomware

Law enforcement and IT security companies join forces to fight ransomware

The Dutch National Police, Europol, Intel Security and Kaspersky Lab have joined forces to launch an initiative which will see the cooperation fight ransomware.

Bugs in SAP HANA allowed remote code execution

Bugs in SAP HANA allowed remote code execution

Researchers have found several security vulnerabilities in SAP HANA and SAP Trex, which left thousands open to remote code execution attacks

WhatsApp in the spotlight after Turkey publishes messages of coup officers

WhatsApp in the spotlight after Turkey publishes messages of coup officers

WhatsApp messages of military officers involved in Turkey's attempted coup were published by the country's state-run media outlets.

Audit: FBI's threat prioritization process too subjective and sluggish

Audit: FBI's threat prioritization process too subjective and sluggish

The FBI's process for prioritizing cyberthreats is too slow and subjective, hindering its ability to optimize allocation of resources to address these dangers, according to a new report from the DoJ's Office of the Inspector General.

2.3 million 'Warframe,' 'Clash of Kings' accounts compromised

2.3 million 'Warframe,' 'Clash of Kings' accounts compromised

More than 2.3 million users records were compromised as two separate gaming companies announced they suffered data breaches.

MS-ISAC official: Ransomware top priority

MS-ISAC official: Ransomware top priority

Ransomware threats targeting government IT systems nationwide at the state and local level are steadily increasing.

Microsoft EOP exposes users to data breaches, whitepaper

Microsoft EOP exposes users to data breaches, whitepaper

Vircom researchers believe that Microsoft Exchange Online Protection (EOP) may be exposing users and their networks to both data breach and data loss risks.

Auto-ISAC release automotive cybersecurity best practices

Auto-ISAC release automotive cybersecurity best practices

The Automotive Information Sharing and Analysis Center (Auto-ISAC) Thursday released a set of automotive cybersecurity "Best Practices."

CrypMIC ransomware is a CryptXXX copycat, with a few twists

CrypMIC ransomware is a CryptXXX copycat, with a few twists

CryptXXX ransomware has a doppelganger - it's called CrypMIC. And the resemblance doesn't appear to be a coincidence.

BlackBerry CEO calls helping law enforcement 'civic duty,' takes swipe at Apple

BlackBerry CEO calls helping law enforcement 'civic duty,' takes swipe at Apple

Cooperating with law enforcement is "our basic civic responsibility," BlackBerry CEO John Chen told reporters at a media Q&A at the BlackBerry Security Summit in New York.

Farsight Security Services promotes Robert Batch to IT administrator

Farsight Security Services promotes Robert Batch to IT administrator

Farsight Security Services has promoted Robert Batch, a 12-year veteran employee, to IT administrator.

'Right Sector' hackers attempt to blackmail Polish government

'Right Sector' hackers attempt to blackmail Polish government

A group claiming to be a far-right Ukrainian nationalist group has attempted to blackmail the Polish ministry of defence.

Cicis Pizza delivers the bad news, confirms breach at 138 locations

Cicis Pizza delivers the bad news, confirms breach at 138 locations

Cicis Pizza has officially acknowledged a payment card data breach in 138 of its restaurant locations, after reports of a point-of-sale malware attack first came to light last month.

Rapid7 appoints Marc Brown and Tom Schodorf to Board of Directors

Rapid7 appoints Marc Brown and Tom Schodorf to Board of Directors

Rapid7 has appointed Marc Brown and Tom Schodorf to its Board of Directors.

Second BT outage calls into question security of critical infrastructure

Second BT outage calls into question security of critical infrastructure

Two internet outages on consecutive days in separate internet exchanges in Docklands, London, calls into question the security of the country's critical communications infrastructure.

WordPress Summer of Pwnage: 64 holes in 21 days

WordPress Summer of Pwnage: 64 holes in 21 days

As the Pwnage summer heat rages on, hackers find 64 holes in popular publishing platform, WordPress

IT jobs volume hits peak despite slow start in 2016

IT jobs volume hits peak despite slow start in 2016

Despite a slow start at the beginning of 2016, the IT jobs market in London experienced an upturn in the number of jobs with June being the highest month so far for job volume in 2016.

Demand for DDoS network engineering skills high in UK, US and China

Over the last six months, global demand for network engineers who have DDoS mitigation skills has continued to grow. China is seeing the most demand for these skills, with roughly 47 percent annual growth.

Wassenaar Arrangement 'inhibits international cyber-security efforts'

Wassenaar Arrangement 'inhibits international cyber-security efforts'

The Wassenaar Arrangement for regulating the international arms trade is threatening to choke the international cyber-security community and ultimately make us less secure, an audience at RSA Singapore heard.

Google recieved record number of data requests: 4,677 in latest transparency report

Google recieved record number of data requests: 4,677 in latest transparency report

Google's latest transparency report displays a continued increase in data requests the company received from government authorities.

Chrome browser extensions discovered engaging in Facebook click fraud

Chrome browser extensions discovered engaging in Facebook click fraud

Google has removed a group of malicious browser extensions from its Chrome Web Store, after an independent researcher discovered the programs were hijacking users' Facebook accounts for click-fraud purposes.

Oracle patches 276 bugs in largest bundle to date

Oracle patches 276 bugs in largest bundle to date

Oracle patched a whooping 276 security flaws in more than 80 products in its largest patch bundle to date.

Tor used to secure IoT

Tor used to secure IoT

The Guardian Project has integrated Tor security into the Internet of Things (IoT), creating a Tor Onion Service Configuration for the Home Assistant open source platform.

Average ransomware demand is £525, 57% of attacks target consumers

Average ransomware demand is £525, 57% of attacks target consumers

Organisations are increasingly being targeted by ransomware and more often than not pay the ransom to regain control of their data.

BT Broadband outage blamed on power failure [updated]

BT Broadband outage blamed on power failure [updated]

BT Broadband has suffered a major outage this morning and it's pointing the finger at a power-outage in one of its central London service providers.

A pox on your servers: dormant vulnerability patched after 15 years

A pox on your servers: dormant vulnerability patched after 15 years

Admins scramble to patch HTTP proxy header flaw, Httpoxy, that leaks data via PHP, Go and Python scripts running in a CGI environment.

Global DDoS attack data released for 1H 2016

Global DDoS attack data released for 1H 2016

Arbor Networks has released global DDoS attack data for the first six months of 2016, showing a continued growth in both size and frequency of attacks. A 73 percent increase in peak attack size over 2015 was observed, to 579Gbps.

Companies fail at enforcing security of privileged accounts, report says

Companies fail at enforcing security of privileged accounts, report says

A recent study found that 52 percent of companies are failing when it comes to the proper enforcement of privileged credential controls.

Apple patches remote code execution flaws

Apple patches remote code execution flaws

Apple patches critical vulnerabilities in iOS and OS X that could allow remote code execution.

Ammyy Admin site delivers drive-by-download attacks

Ammyy Admin site delivers drive-by-download attacks

Kaspersky Lab researchers spotted the Ammyy Admin being used as a dropper trajan to install the Lurk trojan and other malware.

White paper: 100 new ransomware families ID'd in 2015, as campaigns adopt APT tactics

White paper: 100 new ransomware families ID'd in 2015, as campaigns adopt APT tactics

In its new special report Ransomware and Businesses 2016, Symantec declares that within the last year, ransomware has rapidly advanced in maturity and severity, while also exploding in terms of overall numbers.

Brazilian judge orders telecom companies to block WhatsApp

Brazilian judge orders telecom companies to block WhatsApp

Brazilian Judge Daniel Barbosa's order threatened telecommunications companies Oi, Nextel, TIM and Vivo e Claro with fines of about $15,000 daily if they didn't block WhatsApp, which is used by 93 percent of Brazilians.

U.S. proposals could allow foreign warrants to US firms

U.S. proposals could allow foreign warrants to US firms

The White House is discussing proposals with U.S. allies that could allow foreign governments to serve search warrants requesting email and wiretap information to US companies.

Deal with the devil: Ransomware experiment proves you can negotiate price down

Deal with the devil: Ransomware experiment proves you can negotiate price down

Ironically, the cybercriminals holding your computer files for ransom may be offering you a better customer experience than your average cable provider or insurance company.

Cerber ransomware C&C server shut down by research firm and CERT-Netherlands

Cerber ransomware C&C server shut down by research firm and CERT-Netherlands

A malicious spam email campaign discovered by FireEye, used Microsoft Word attachments containing macros that launched a command and control Cerber installers.

Change in exploit tactics caused dramatic surge of Realstatistics malware infections

Change in exploit tactics caused dramatic surge of Realstatistics malware infections

The Realstatistics malware campaign discovered in June to be infecting thousands of Joomla! websites gained steam by shifting infection tactics after the introduction of ModSecurity rules closed off its original attack method.

Critical infrastructure in Europe exposed to hackers

Critical infrastructure in Europe exposed to hackers

Power stations in Germany, Italy and Israeli smart building could be accessed by criminal hackers

38% of UK orgs have no data loss prevention solutions

38% of UK orgs have no data loss prevention solutions

Most security pros (88 percent) say that they are happy with their organisation's security strategy, but 38 percent admit that their company doesn't have dedicated data loss prevention solutions in place.

NATO CCDCOE considers cyber-warfare cooperation

NATO CCDCOE considers cyber-warfare cooperation

NATO CCDCOE urged to promote cooperation in training of cyber-defence experts as the cyber realm declared a theatre of war.

UK rail network suffers four cyber-attacks in past 12 months

UK rail network suffers four cyber-attacks in past 12 months

The UK rail network has been hit by cyber-attacks at least four times in the past 12 months.

Cerber ransomware strain now targeting Office 365 users

Cerber ransomware strain now targeting Office 365 users

Researchers discover a new strain of the Cerber ransomware targeting Office 365 users. The variant is part of an emerging trend of ransomware that targets victims using cloud platforms.

DARPA competition looks to AI to be cybercrooks

DARPA competition looks to AI to be cybercrooks

DARPA are starting a competition to help automate defence and see how artificial intelligence can combat cyber-threats.

Tor provides access as social media blocked during attempted military coup in Turkey

Tor provides access as social media blocked during attempted military coup in Turkey

As the Turkish government allegedly blocked access to social media during what was reported as a military coup, The Tor Project said Friday that people can use the Tor browser to reach Facebook, Twitter and the free Internet.

BT Security strikes deal with ISC(2) to train 900 cyber-security staff

BT Security strikes deal with ISC(2) to train 900 cyber-security staff

BT Security has struck a deal with ISC(2) to offer those training through the BT Security Academy Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP) certifications.

Google offers 'New Hope' for cryptanalysis resistant public-key crypto

Google offers 'New Hope' for cryptanalysis resistant public-key crypto

Google has taken to its online security blog to announce it has started to experiment with cryptanalysis resistant public-key cryptography.

68% of Europeans want to use biometric authentication for payments

68% of Europeans want to use biometric authentication for payments

Over two thirds (68 percent) of consumers across Europe are interested in using biometrics when making a payment, especially when integrated with other security measures.

IP Bill: the end-to-end-to-end encryption?

IP Bill: the end-to-end-to-end encryption?

A debate in the House of Lords has unearthed some previously unnoticed powers included in the much maligned investigatory powers bill including the desire to break end-to-end encryption.

Neutrino Exploit Kit adds researcher's IE exploit code to its repertoire of attacks

Neutrino Exploit Kit adds researcher's IE exploit code to its repertoire of attacks

The Neutrino Exploit Kit has added another weapon to its arsenal, adopting a working exploit of Microsoft's Internet Explorer browser after an independent security researcher designed and published the source code of said exploit.

Locky campaign spamming at 200x normal rate: F-Secure

Locky campaign spamming at 200x normal rate: F-Secure

Researchers from F-Secure reported a massive spike in spam delivering the Locky cryptoransomware with 120,000 spam emails going out per hour on June 12.

Junos crypto flaw patched

Junos crypto flaw patched

A crypto flaw that allowed cyber attackers to eavesdrop on communications running through VPNs has been patched in Juniper Networks's Junos operating system.

Guccifer 2.0 leaks docs on 11K donors, tries to draw attention back to DNC hacks

Guccifer 2.0 leaks docs on 11K donors, tries to draw attention back to DNC hacks

Guccifer 2.0 leaked additional documents purportedly pilfered from the Democratic National Committee and which included donor information and a file on former Alaska Governor Sarah Palin, according to The Hill.

Second Circuit rules in favor of Microsoft, gov't can't force access to email on Irish server

Second Circuit rules in favor of Microsoft, gov't can't force access to email on Irish server

Privacy advocates hailed the Second Circuit's ruling as a victory for Microsoft and, if it holds, will likely inspire confidence among privacy advocates and European privacy regulators about the fortitude of the U.S.'s privacy posture.

Industry pros consider widespread affects of Windows printer flaw

Industry pros consider widespread affects of Windows printer flaw

Industry sources prepare for the security implications of a serious flaw affecting the Microsoft Web Point-and-Print Protocol, a software component used in the Windows Print Spooler by computers when connecting to a network printer.

House committee grills FDIC after report details history of data breach cover-ups

House committee grills FDIC after report details history of data breach cover-ups

An interim report filed yesterday by the U.S. House Committee on Science, Space and Technology revealed gaping holes in the FDIC's cybersecurity posture and accused the financial institution of withholding documents pertaining to data breaches.

Maxthon browser vulnerable to Chinese cyberespionage and MitM attacks

Maxthon browser vulnerable to Chinese cyberespionage and MitM attacks

Researchers have found that the Maxthon browser sends sensitive data to a browser in Beijing and is prone to man-in-the-middle attacks.

HHS: Healthcare groups must report all ransomware attacks

HHS: Healthcare groups must report all ransomware attacks

The Federal Health and Human Services Department (HHS) issued guidelines this week that could require hospitals and doctor offices to notify HHS if they are victimized by a ransomware attack.

3D printers next vector for sabotage, report

3D printers next vector for sabotage, report

Vulnerabilities in 3D printing that could open the door for sabotage were revealed by a team of NYU researchers.

Russian Defence Ministry to fight NetTraveler Trojan

Russian Defence Ministry to fight NetTraveler Trojan

Russia's defence sector is taking steps to reduce NetTraveler Trojan attacks and some defence manufacturers are postponing computerisation using western technology due to fears of cyber-espionage.

Fiat Chrysler's U.S. operations sets precedent with bug bounty program for connected cars

Fiat Chrysler's U.S. operations sets precedent with bug bounty program for connected cars

The U.S. subsidiary of Fiat Chrysler has launched its own bug bounty program, making it the first full-line vehicle manufacturer to offer financial rewards to security researchers for finding vulnerabilities in connected cars and related technologies.

Sophisticated nation-state sponsored malware could shut down electric grid

Sophisticated nation-state sponsored malware could shut down electric grid

SentinelOne researchers discovered spotted a sophisticated nation-state sponsored malware campaign with potential to knock out an electric grid.

Digital skills shortage poses a security risk

Digital skills shortage poses a security risk

The Commons Science and Technology Committee reports that by 2017, the UK will need 745,000 more workers with digital skills and warns that organisations lacking the necessary digital skills face increased security threats and failed cloud migrations if the problem is not addressed.

CuteRansomware using Google Docs as a launch platform

CuteRansomware using Google Docs as a launch platform

CuteRansomware is anything but soft and cuddly, according to a report by Netskope.

Rapid7 researchers: Flaw found in Seeking Alpha financial news app could leak info

Rapid7 researchers: Flaw found in Seeking Alpha financial news app could leak info

Rapid7 researchers said a flaw discovered financial news platform Seeking Alpha's mobile apps could leak users' PII and confidential information.

SC Magazine wins five Azbee Awards

SC Magazine wins five Azbee Awards

SC Magazine is the recipient of five awards in the 2016 Azbee Awards of Excellence, sponsored by the American Society of Business Publication Editors (ASBPE).

UN extends human rights to online world

UN extends human rights to online world

The United Nations has passed a resolution calling for human rights to be counted online as well as off, citing the internet as an important medium for free speech and free assembly. The resolution was not without its opponents, though.

53% of organisations around the world still use Windows Server 2003

53% of organisations around the world still use Windows Server 2003

Over half (53 percent) of companies have at least one instance of Windows Server 2003 still running even though its end of life (EOL) date passed on 14 July 2015.

Florida researchers claim to discover cure for the common ransomware

Florida researchers claim to discover cure for the common ransomware

By analysing changes in files, security researchers believe they have discovered a way to detect ransomware in the early stages of encrypting your data.

Malware suspected in ATM heist in Taiwan

Malware suspected in ATM heist in Taiwan

ATMs in Taiwan were spewing money over the weekend in what authorities believe were malware-aided thefts.

Snack attack: A crimeware-as-a-service menu for wannabe hackers

Snack attack: A crimeware-as-a-service menu for wannabe hackers

When compared to the financial damage a cyberattack can create, the cost of most crimeware-as-a-service (CaaS) offerings looks like a bargain, based on the prices listed in a "Hacking Menu" compiled by WatchGuard Technologies.

Researchers spot uptick in Nymaim detections as infections creep into Brazil

Researchers spot uptick in Nymaim detections as infections creep into Brazil

ESET researchers spotted and uptick in Nymaim malware detections during the first half of 2016 and noticed a series of targeted attacks in Brazil.

Malware on Omni Hotel POS systems scarfed payment card info

Malware on Omni Hotel POS systems scarfed payment card info

Omni Hotels & Resorts said guests had to physically present payment cards at one of its affected POS systems to be affected by malware stealing payment card information during a six-month period.

Intel HD Graphics vulnerability enables arbitrary code execution in Windows 7 and earlier

Intel HD Graphics vulnerability enables arbitrary code execution in Windows 7 and earlier

A vulnerability in the Windows kernel driver that operates Intel's HD Graphics integrated graphics processor could allow a bad actor to either perform an arbitrary code execution or crash the affected device.

Microsoft's Patch Tuesday updates led by rare print spooler bug

Microsoft's Patch Tuesday updates led by rare print spooler bug

Microsoft's July Patch Tuesday offering includes 11 security updates with six rated critical covering almost 50 individual bugs, including a rare Windows Print Spooler vulnerability.

After Tor exploit, researchers develop new anonymity network

After Tor exploit, researchers develop new anonymity network

A team of researchers have created a created an anonymity network methodology that they believe is more efficient and more secure than existing anonymous networks such as Tor.

52 Flash Player bugs fixed with Adobe's July Patch Tuesday update

52 Flash Player bugs fixed with Adobe's July Patch Tuesday update

Adobe's July Patch Tuesday release is once again dominated by vulnerabilities found within the company's Flash Player product where 52 critical CVEs that could allow an attacker to take control of a system.

At last, Privacy Shield is official

At last, Privacy Shield is official

The European Commission approved the EU-US Privacy Shield pact that will provide the framework for the protection of data as it flows across the Atlantic from Europe to the U.S.

Business email compromise (BEC) phishing scams netting billions for criminals

Business email compromise (BEC) phishing scams netting billions for criminals

Your next scam du jour: targeted stings and swindles based on impersonating key personnel are hitting as many as 400 companies a day.

Ninth Circuit ruling upholds password-sharing risk

Ninth Circuit ruling upholds password-sharing risk

Computer users sharing their password could suddenly find themselves at risk for arrest.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US