Two-thirds of IT security professionals expect a breach to hit their company this year, report

Two-thirds of IT security professionals expect a breach to hit their company this year, report

While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.

Epic hack, thousands of salted logins stolen

Epic hack, thousands of salted logins stolen

A hacker has stolen around 808,000 accounts from two forums run by Epic Games, the games maker has confirmed the hack and is investigating what happened.

India threatens jail for visiting forbidden sites

India threatens jail for visiting forbidden sites

Visiting a 'forbidden' website is now punishable with a three-year jail term in India - even without downloading anything. NordVPN predicts a surge of VPN subscriptions in India by Internet users to protect online freedom.

Ransomware rise, email scams spread, Flash & IOT vulnerabilities up

Ransomware rise, email scams spread, Flash & IOT vulnerabilities up

The top three findings from Trend Micro's TrendLabs six-monthly threat trends are the doubling of ransomware families, geographic spread of business email scams and increasing Flash and IOT vulnerabilities spotted.

Russia's Central Bank introduces new mandatory cyber-security regulations

Russia's Central Bank introduces new mandatory cyber-security regulations

Russian banks will be faced with a whole range of new regulations, and penalties for non-compliance, when it comes to cyber-security, according to the country's Central Bank

EU ministers rattle sabres at encrypted ISIS jihadi comms channels

EU ministers rattle sabres at encrypted ISIS jihadi comms channels

France and Germany discuss 'tapping' encrypted end-to-end networks such as WhatsApp and Skype

SC Magazine's September 2016 product reviews

SC Magazine's September 2016 product reviews

Well, we're well into summer and we've had a short break during our two-month combo edition for July and August so let's get back to it with one of our more active groups: data leak prevention (DLP) and endpoint security.

Trust exercise: Symantec's new website security expert is reaching out to hacker community

Trust exercise: Symantec's new website security expert is reaching out to hacker community

Tarah Wheeler, whom Symantec recently hired as principal security advocate and senior director of engineering for its Website Security team, is reportedly pledging to foster ties with the independent hacker community.

Dridex on the loose again, this time in Switzerland

Dridex on the loose again, this time in Switzerland

The meteoric rise of Locky ransomware has not completely supplanted the distribution of the notorious Dridex malware.

SC Magazine's web news team takes top honors at ASBPE Awards

SC Magazine's web news team takes top honors at ASBPE Awards

The web news team of SC Magazine received the highest honor, a Gold award, in the 2016 Azbee Awards of Excellence, produced by the American Society of Business Publication Editors (ASBPE).

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Snowden documents were published Friday, strengthening evidence that code leaked by the Shadow Brokers contains zero-day exploits used by the NSA.

Threat to SMBs from ransomware on the rise, report

Threat to SMBs from ransomware on the rise, report

Ransomware is not going away, according to a new study from Arctic Wolf Networks.

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

An independent IT security research facility has reviewed Android, and despite constant charges of insecurity, found the mobile platform to be far from wanting ?

U.S. government extends offer to protect states from electoral cyberthreats

U.S. government extends offer to protect states from electoral cyberthreats

Updated! As it considers classifying the electoral system as critical infrastructure, the U.S. government has pledged to provide states with federal assistance to help manage voting cyber risks and taking additional steps to quell fears the election this fall could be hacked.

Eddie Bauer POS systems hit with malware

Eddie Bauer POS systems hit with malware

Updated! Retailer Eddie Bauer's CEO reported that the chain's in-store point-of-sale network had been infected with malware for a six-month period during which time payment card information may have been accessed by unauthorized personnel.

Brazilians targeted in free Olympic ticket giveaway phishing scam

Brazilians targeted in free Olympic ticket giveaway phishing scam

The 2016 Olympics may be winding down, but cybercriminals are not slacking off in their efforts to use the sporting event as a way to lure victims.

Advanced persistent threats are APT to be deceptive, devious

Advanced persistent threats are APT to be deceptive, devious

Brian Laing, VP of business development and products at APT defense firm Lastline, spoke to SCMagazine.com at Black Hat about the evolution of advanced persistent threats and some of their more devious tactics.

DroidJack attacks delivered through Twilio SMS messages

DroidJack attacks delivered through Twilio SMS messages

Researchers discovered DroidJack attacks that delivered the remote access Trojan (RAT) through an "over the top" (OTT) carrier.

Operation Ghoul attacks terrorize industrial and engineering orgs

Operation Ghoul attacks terrorize industrial and engineering orgs

Kaspersky researchers spotted a wave of attacks that has affected more than 130 organizations in at least 30 countries.

Cisco shedding 7% of its workforce

Cisco shedding 7% of its workforce

The world's biggest networking equipment company, Cisco Systems, will layoff about 5.5K employees.

Snowden says Shadow Broker leak is likely a warning from Russia

Snowden says Shadow Broker leak is likely a warning from Russia

The leaker to end all leakers has taken to Twitter to provide some insight in to the recent high profile auction of NSA hacking tools.

Women receive significantly less compensation than men in IT sector, Census Bureau

Women receive significantly less compensation than men in IT sector, Census Bureau

Women continue to receive significantly less compensation than men in the IT security sector, according to a new report from the U.S. Census Bureau.

We have the power: 'Smart' sockets could be enslaved to create botnet

We have the power: 'Smart' sockets could be enslaved to create botnet

Bitdefender has discovered vulnerabilities in a popular brand of 'smart' electrical socket which could lead to attacks on your local area network or the recruitment of the IoT device as part of a global botnet.

Marcher steps up game: Malware poses as security update, imitates popular apps

Marcher steps up game: Malware poses as security update, imitates popular apps

Looking to capitalize on mobile device owners' growing security fears, a new variant of the Android malware Marcher is infecting victims by fraudulently posing as a firmware security update.

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.

Half of enterprises ill-prepared for inside attack, study

Half of enterprises ill-prepared for inside attack, study

Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.

WikiLeaks postings of Turkish emails included active links to malware

WikiLeaks postings of Turkish emails included active links to malware

WikiLeaks' practice of delivering unfiltered information to its readers backfired after a researcher discovered that its collection of leaked Turkish government emails contained over 300 active links to malware files hosted on the controversial site.

Don't get caught by the Pokemon Go ransomware

Don't get caught by the Pokemon Go ransomware

Independent researcher Michael Gillespie discovered a unique ransomware variant posing as a Pokémon Go application for Windows.

Ransomware as a service business booming and growing: Reports

Ransomware as a service business booming and growing: Reports

Ransomware as a service (RaaS) is a booming business with entrepreneurs working in this illegal space hauling in a nifty profit and continuing to roll out new types on a regular basis, according to two new studies.

The Shadow Brokers' NSA hack claim unlikely, say experts

The Shadow Brokers' NSA hack claim unlikely, say experts

Updated! The claim by the hacking group The Shadow Brokers that it has pilfered surveillance tools from another group, allegedly associated with the National Security Agency (NSA), is being called bogus by security experts, but Kaspersky Lab believes there is a connection.

After the breach: Settlement expected for 50M Home Depot customers

After the breach: Settlement expected for 50M Home Depot customers

A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.

New Zeus Sphinx banking trojan hitting Brazil

New Zeus Sphinx banking trojan hitting Brazil

Capitalizing on Olympics activity, a new version of Zeus Sphinx has been targeting banks in Brazil and Colombia.

Is the EU to blame for further prompting privacy issues with OTT services?

Is the EU to blame for further prompting privacy issues with OTT services?

The European Commission to looking to tighten its regulatory grip on US-based tech companies which are slowly replacing traditional telcos in the services they provide.

Android malvertising campaign discovered delivering Svpeng Trojan through AdSense

Android malvertising campaign discovered delivering Svpeng Trojan through AdSense

Researchers discovered a campaign that delivers a malicious banking Trojan to Android devices using Google AdSense advertisements.

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and checked out with customer data that likely includes payment card information.

Iran investigating possible cyber angle on oil fires

Iran investigating possible cyber angle on oil fires

Updated! Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.

DiskFiltration attack uses acoustics to infiltrate air-gapped computers

DiskFiltration attack uses acoustics to infiltrate air-gapped computers

A team of researchers developed a new method to leak information from air-gapped computers using intrinsic covert noises emitted from the device's hard drive.

Scotland Yard setting up Twitter police task force

Scotland Yard setting up Twitter police task force

Scotland Yard is to setup a Twitter task force which will hunt offensive online comments, and bring those posting them to justice.

Sage suffers data breach from insider

Sage suffers data breach from insider

Software company Sage has reportedly suffered a data breach orchestrated by an insider of the company. The police are investigating and the ICO has been informed.

Interior Dept. must update access control standards to meet NIST guidelines - report

Interior Dept. must update access control standards to meet NIST guidelines - report

The U.S. Department of the Interior must update its access controls to meet current standards, according to an inspector general report.

Research firm finds MICROS hackers infected more POS vendors

Research firm finds MICROS hackers infected more POS vendors

Fresh off the discovery that hackers compromised the customer support portal for Oracle's MICROS point-of-sale systems, a new shocking report surfaced, revealing that at least five more POS vendors were similarly breached.

Fallout from DNC hack broadens to donors

Fallout from DNC hack broadens to donors

The fallout from the hack into the DNC continues as it is now being reported that celebrities, C-suite executives and other high-profile donors to the Democratic party were also ensnared.

Trump beats Clinton in presidential election spam race

Trump beats Clinton in presidential election spam race

The infamy of Donald Trump is being leveraged by canny cyber-criminals for everything from spam to credential phishing.

US government accuses Hinkley point partner of nuclear espionage

US government accuses Hinkley point partner of nuclear espionage

Major partners in the controversial nuclear power plant at Hinkley Point have been accused in American courts of attempting to steal US nuclear technology.

34% of users click on links due to human curiosity

34% of users click on links due to human curiosity

With nearly a quarter of ID fraud victims being savvy users of mobile and social media platforms in the UK last year, regular device updates nor computer literacy are stopping users from engaging in harmful online behaviour.

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

Researchers published information about a Windows security error that reignites the debate involving device back doors.

USA Today and other popular sites vulnerable to serious hijacking attacks

USA Today and other popular sites vulnerable to serious hijacking attacks

A group of researchers discovered a Linux bug which could allow serious hijacking attacks against the USA Today website and other popular sites.

Most Met police computers still using Windows XP

Most Met police computers still using Windows XP

The large majority of London police computers are apparently still using the 14-year-old Windows XP operating system and jeopardising security

Israeli parliament recommends creation of national cyber-authority

Israeli parliament recommends creation of national cyber-authority

The Israeli Knesset waits on the passage of a bill which would see the amalgamation of Israel's cyber-defences into one central authority

OPM snags new CIO from Defense Dept.

As OPM CIO, Defense Department Principal Deputy CIO David De Vries will be instrumental in raising the agency's security profile.

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

While players of Valve Corporation's online battle arena game Dota 2 were busy fighting each other for supremacy, a real-life adversary stole 1,923,972 account records from the official Dota2 forum's database.

SAPCAR file decompression flaws patched

SAPCAR file decompression flaws patched

Researchers discovered a series of vulnerabilities affecting the archive program SAPCAR used to compress and decompress files.

Google, NYU reveal business model of unwanted software bundles

Google, NYU reveal business model of unwanted software bundles

Google and the NYU conducted a yearlong study into the business practices of those who pay vendors to install unwanted software in their install bundles.

Incomplete version of 'Hitler-Ransonware' discovered

Incomplete version of 'Hitler-Ransonware' discovered

AVG malware analyst Jakub Kroustek discovered an unfinished version of a new strain of ransomware, dubbed Hitler-Ransomware.

Elektrilevi joins European network for cyber-security

Elektrilevi joins European network for cyber-security

Estonia power company joins European network for cyber-security to improve its cyber-resilience.

Millions of Russians' personal data may be put at risk

Millions of Russians' personal data may be put at risk

A planned national database of personal data on Russian citizens could become a magnet for criminal cyber-attacks warn analysts.

Concern about Chinese involvement at Hinkley Point is misdirected, say experts

Concern about Chinese involvement at Hinkley Point is misdirected, say experts

Experts say that government concerns over cyber-security at the new nuclear power plant at Hinkley Point are misdirected and that the Chinese are not the real worry.

Facebook hit with hoax scams purporting terror incidents and celebrity deaths

Facebook hit with hoax scams purporting terror incidents and celebrity deaths

Facebook users are being lured into giving up their credentials in response to alarming messages about terror incidents and celebrity deaths.

Third of ICS flaws were unpatched when disclosed - report

Third of ICS flaws were unpatched when disclosed - report

Industrial control system vulnerabilities disclosed by security researchers have steadily climbed in the years following the discovery of Stuxnet worm in 2010, according to a report.

Patch Tuesday: Nine bulletins, five critical, as Microsoft patches focus on desktop

Patch Tuesday: Nine bulletins, five critical, as Microsoft patches focus on desktop

Five of the nine security bulletins released by Microsoft this Patch Tuesday are rated critical.

Connected car vulnerabilities could be reduced with an ounce of prevention

Connected car vulnerabilities could be reduced with an ounce of prevention

IOActive researchers found that half of the cyber vulnerabilities in connected vehicles could grant an attacker full or partial control of a vehicle.

FireEye layoffs as cyber-criminals gorge on low-hanging ransomware

FireEye layoffs as cyber-criminals gorge on low-hanging ransomware

Paradoxically, 'good' news for businesses and ransomware cyber-criminals alike appears to be bad news for security platform provider FireEye.

76% of organisations suffer loss or theft of data in past two years

76% of organisations suffer loss or theft of data in past two years

Over the past two years, three out of every four organisations have been hit by the loss or theft of important data.

Kaspersky: ProjectSauron, aka Strider, rivals the most elite APTs in sophistication

Kaspersky: ProjectSauron, aka Strider, rivals the most elite APTs in sophistication

The cyberespionage group identified as Strider by Symantec researchers is as sophisticated a threat as any known APT in history -- including Duqu, Flame, The Equation Group and Regin -- according to an analysis by Kaspersky Lab.

Carbanak Gang likely behind Oracle MICROS customer service portal compromise

Carbanak Gang likely behind Oracle MICROS customer service portal compromise

Oracle detected malicious code on some MICROS legacy servers but the extent of the breach is not yet known, according to KrebsOnSecurity.

Lord of the spy ring: Strider APT cites Tolkien, found snooping on Russian targets

Lord of the spy ring: Strider APT cites Tolkien, found snooping on Russian targets

Symantec yesterday disclosed its discovery of a cyberespionage group called Strider, which appears to be targeting mostly Russian entities with spyware attacks that bear the hallmarks of a sophisticated nation-state operation.

Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected

Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected

Newkirk Products, Inc. has begun notifying approximately 3.3 million people, including Blue Cross Blue Shield customers, of a data breach.

Researcher warns of flaws in Samsung Pay tokenization and mag stripe features

Researcher warns of flaws in Samsung Pay tokenization and mag stripe features

A researcher claims to have found vulnerabilities in Samsung Pay's tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users' tokens and make fraudulent purchases.

Chip drivers render 900M Android devices vulnerable to attack

Chip drivers render 900M Android devices vulnerable to attack

A set of vulnerabilities, dubbed "Quadrooter," affecting Qualcomm chipset software drivers used in Android devices, were detected by Check Point security researchers.

Smoke Loader now arriving via EK, Malwarebytes analysis

Smoke Loader now arriving via EK, Malwarebytes analysis

Once distributed primarily via spam, the Smoke Loader bot has more recently been detected being spread by an exploit kit.

UPDATED: Will Rio Olympics herald a carnival of cyber-crime?

UPDATED: Will Rio Olympics herald a carnival of cyber-crime?

Brazil puts concerns over cyber-attacks at number 23 despite hosting the Olympic games, whereas the US, Germany and Japan put cyber-attacks at number one - hence extensive cybercrime is expected during the games.

Insurance firm now offering discount on use of IoT alarm

Insurance firm now offering discount on use of IoT alarm

Insurance firm Zurich is offering a discount on monthly insurance fees should a customer use the IoT alarm offered by Cocoon, despite security concerns over IoT devices.

Gov't thinks it has right to data, Lavabit founder says

Gov't thinks it has right to data, Lavabit founder says

Lavabit founder Ladar Levison warned a Def Con audience that there's no law on the books protecting privacy.

Cyber ITL reveals testing methods, prepares for 2017 launch

Cyber ITL reveals testing methods, prepares for 2017 launch

The leaders of the non-profit group the Cyber Independent Testing Lab (CITL) gave an update on the organization's progress in creating a system to warn consumers on the cyber safety of the products they are purchasing.

Government retains dozens, not thousands, of zero-days

Government retains dozens, not thousands, of zero-days

The number of vulnerabilities in the federal government arsenal hovers in the dozens, Columbia University Senior Research Scholar Jason Healey told a DEF CON 24 audience.

Bot Mayhem takes first place in DARPA Cyber Challenge

Bot Mayhem takes first place in DARPA Cyber Challenge

Team ForAllSecure won the DARPA Cyber Grand Challenge defeating six other finalists and taking home a $2 million award for its bot Mayhem, which is the first fully automated cybersecurity defense system, Def Con attendees learned.

Google launches API to eliminate passwords on Android devices

Google launches API to eliminate passwords on Android devices

Google rolls out an API that will allow Android apps to access login credentials, essentially eliminating the need for passwords.

Advocate Health Care hit with largest HIPAA settlement

Advocate Health Care hit with largest HIPAA settlement

Advocate Health Care will pay $5.55 million for a breach that led to the exposure of personally identifiable information of four million patients.

VIDEO: Web servers running on HTTP/2 found with multiple denial-of-service vulnerabilities

VIDEO: Web servers running on HTTP/2 found with multiple denial-of-service vulnerabilities

In an analysis of five separate manufacturers' web servers running on the new HTTP/2 protocol, cybersecurity firm Imperva found that all five were vulnerable to at least one of four high-profile denial-of-service vulnerabilities.

EFF: Kazakhstan targeting journalists and dissidents with Operational Manul spyware campaign

EFF: Kazakhstan targeting journalists and dissidents with Operational Manul spyware campaign

Kazakhstan is alleged to be targeting journalists and political dissidents and their families and associates through a cyberespionage campaign.

Miller and Valasek unveil new Jeep hack at Black Hat, retire from car harcking

Miller and Valasek unveil new Jeep hack at Black Hat, retire from car harcking

Chris Valasek and Charlie Miller hung up their car hacking spikes today at Black Hat announcing at the end of their presentation that they were moving on, but not before revealing a few more vulnerabilities in a Jeep Cherokee.

Apple offers bug bounty program

Apple offers bug bounty program

Apple is offering up to $200,000 to researchers reporting critical security vulnerabilities in Apple software, including its underlying operating system.

Russians predict further attacks on Clinton's campaign HQ - immunity offered to hackers

Russians predict further attacks on Clinton's campaign HQ - immunity offered to hackers

Russian hacking groups believed responsible for the Clinton hacks may not be the Russian state but may be silently condoned by it.

At Black Hat, researchers detailed cybergang efforts against Iranian dissidents

At Black Hat, researchers detailed cybergang efforts against Iranian dissidents

Two independent cybersecurity researchers took the stage at Black Hat to diagram how groups possibly controlled by the Iranian government are targeting dissidents.

Automatic updates have greatest value proposition vs. attackers, says researcher

Automatic updates have greatest value proposition vs. attackers, says researcher

Of all the security technologies and initiatives introduced to defend against cyberattacks, automatic updates have the best value proposition - creating the most positive and widespread impact at the least cost to practitioners, according to Columbia University researchers.

Senators push for Oversight hearing into Trump's Russia comments

Senators push for Oversight hearing into Trump's Russia comments

Senators ask Sen. Ted Cruz (R-TX) to hold a hearing that examines Donald Trump's Russia comments entreating Russia to "find the 30,000 emails that are missing."

New macros delivering malware push past Office defenses

New macros delivering malware push past Office defenses

A slew of new macros delivering malware have been detected hiding within Microsoft Office documents.

HEIST attack on SSL/TLS can grab personal info, Black Hat

HEIST attack on SSL/TLS can grab personal info, Black Hat

A new technique unveiled at Black Hat can attack the SSL/TLS and other secure channels purely in the browser.

2015 saw nearly 407K attempted ransomware infections

2015 saw nearly 407K attempted ransomware infections

Ransomware poses a growing and critical threat to enterprises. In 2015, there were nearly 407,000 attempted ransomware infections and over US$ 325 million (£244 million) extorted from victims and numbers are expected to rise.

67% of Windows users in the UK lean toward a swap to Mac

67% of Windows users in the UK lean toward a swap to Mac

Some 67 percent of the UK public who use the Windows operating system on a regular basis would at least consider switching from Windows to Mac due to privacy concerns.

Advanced malware linked to South China Sea cyber-attacks

Advanced malware linked to South China Sea cyber-attacks

F-secure has linked the use of a Remote Access Trojan, to a recent ruling in the Philippines vs. China territorial dispute.

Telegram API flaw leaks 15 million Iranian users' data

Telegram API flaw leaks 15 million Iranian users' data

App flaw, use of SMS alerts causes Telegram to lose 15 million Iranian users' data.

Kaminsky: Infosec must innovate, or we may lose the Internet as we know it

Kaminsky: Infosec must innovate, or we may lose the Internet as we know it

Cybersecurity expert Dan Kaminsky called upon members of the information security community to more openly share innovations, ideas and code to preserve the Internet and its freedoms before they are "regulated into destruction."

Chinese phone maker launches privacy-focused device, raising suspicions

Chinese phone maker launches privacy-focused device, raising suspicions

Chinese mobile device manufacturer Gionee launched a privacy-focused device that includes an encryption chip.

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

After physically demonstrating how to hijack retail point-of-sale transactions - including those using EMV-standard chip cards - two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life.

Legacy systems within U.S. financial sector likely to blame for breaches, report

Legacy systems within U.S. financial sector likely to blame for breaches, report

A recent SecurityScorecard study claims America's financial industry is highly susceptible to data breaches, and legacy systems may be to blame.

MasterCard workers go "phishing" for malware

MasterCard workers go "phishing" for malware

At Black Hat, MasterCard CSO Ron Green touted his company's latest effort to fight malware.

Trader pleads guilty in newswire hacking scheme

A Georgia-based trader pleaded guilty to fraud for involvement in a scheme that gained financial information from embargoed press releases.

1.5M downloaded fake app Prisma from Google Play

1.5M downloaded fake app Prisma from Google Play

A number of phony apps, masquerading as the popular photo-editing app Prisma, have been removed from the Google Play Store, but not before 1.5 million users downloaded the Android version

SSA's move to 2FA not enough, say experts

SSA's move to 2FA not enough, say experts

The Social Security Administration has instituted new security measures, but the step may do little to thwart cyberthieves.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US