Eschewing the bug bounty route, a cybersecurity firm which detected a flaw in a medical device from St. Jude Medical, partnered with an investment firm to capitalize on its knowledge and short sell stock in the device manufacturer.
The explosive growth in ransomware has once again heated up the debate as to whether infected organizations have an ethical responsibility to refuse payment. But are some companies exacerbating the problem by paying up even when they have viable data backups?
Proofpoint researchers spot new variants of the Ursnif trojan dubbed "Dreambot," some of which now include Tor communication capabilities and or P2P functionality.
A new version of Locky ransomware has been spotted sporting an improved delivery mechanism, better obfuscation which combined make it more difficult for anti-malware scanners to spot.
Citizen Lab and Lookout researchers detected an active spyware which exploited three iOS zero-day vulnerabilities.
In a tweet sent out at after midnight on Wednesday night, Sony announced it was enabling two-factor authentication for its PlayStation Network.
DDoS attacks have increased in frequency, scale and complexity over the past year, driven by DDoS-for-hire services.
Researchers across three universities have discovered seven classes of vulnerabilities in the sandboxing feature of Apple's iOS operating system.
Phishing scams and ransomware attacks may be grabbing the headlines, but for the financial sector lost or stolen mobile devices were the leading cause of data breaches over the last decade.
FOI request shows cyber assault on healthcare sector.
The interim boss of GOV.UK's Verify service is set to look for ways to use the identity-confirmation tools outside of central government.
Distributed Denial of Service (DDoS) attacks are on the up according to new research; and the UK is firmly in the crosshairs.
Updated! News reports yesterday that the New York Times and other news organizations were attacked by hackers should not only come as no surprise, but industry insiders believe news organizations should prepare to be struck again in the future.
Intel and Kaspersky researchers developed a free decryption tool for victims of the Wildfire variant of ransomware.
Security professionals are increasingly concerned by cybersecurity risks that arise as a result of mergers and acquisitions transactions, particularly the use of cyberespionage to gain information on the competition.
Researchers have found the first known Android mobile malware to use a Twitter account, rather than a traditional command-and-control server, to control infected devices.
Juniper confirms exploits leaked by the Shadow Brokers group appear to affect its firewalls, but has not yet patched the vulnerabilities.
The threat from ransomware continues to grow and the situation will only get darker before mitigation efforts prove reliable and the miscreants move on to another attack vector, according to a panel of cybersecurity experts gathered in Manhattan on Wednesday for the Dell Data Security Ransomware Roundtable.
The NATO Information Assurance and Cyber Defence Symposium (NIAS) in Mons is expected to outline the alliance's vision and plans to boost capabilities including cyber-security expenditure priorities.
The government of Singapore is to shut off access to the internet of government agencies in an effort to preempt a cyber-attack or a data breach.
About 22,000 documents have leaked from French shipbuilder DCNS which is building submarines for the Indian navy.
Freedom of Information requests filed by security company SentinelOne have shown that ransomware attacks appear to be rife within the UK higher education sector.
Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy.
Updated! Multiple phishing campaigns that play off consumers' fear of having their financial information being hacked are hitting customers of United Services Automobile Association (USAA).
Spending big bucks is not always necessary for corporations to put a decent cybersecurity program in place.
While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.
A hacker has stolen around 808,000 accounts from two forums run by Epic Games, the games maker has confirmed the hack and is investigating what happened.
Visiting a 'forbidden' website is now punishable with a three-year jail term in India - even without downloading anything. NordVPN predicts a surge of VPN subscriptions in India by Internet users to protect online freedom.
The top three findings from Trend Micro's TrendLabs six-monthly threat trends are the doubling of ransomware families, geographic spread of business email scams and increasing Flash and IOT vulnerabilities spotted.
Russian banks will be faced with a whole range of new regulations, and penalties for non-compliance, when it comes to cyber-security, according to the country's Central Bank
France and Germany discuss 'tapping' encrypted end-to-end networks such as WhatsApp and Skype
Well, we're well into summer and we've had a short break during our two-month combo edition for July and August so let's get back to it with one of our more active groups: data leak prevention (DLP) and endpoint security.
Tarah Wheeler, whom Symantec recently hired as principal security advocate and senior director of engineering for its Website Security team, is reportedly pledging to foster ties with the independent hacker community.
The meteoric rise of Locky ransomware has not completely supplanted the distribution of the notorious Dridex malware.
The web news team of SC Magazine received the highest honor, a Gold award, in the 2016 Azbee Awards of Excellence, produced by the American Society of Business Publication Editors (ASBPE).
Snowden documents were published Friday, strengthening evidence that code leaked by the Shadow Brokers contains zero-day exploits used by the NSA.
Ransomware is not going away, according to a new study from Arctic Wolf Networks.
An independent IT security research facility has reviewed Android, and despite constant charges of insecurity, found the mobile platform to be far from wanting ?
Updated! As it considers classifying the electoral system as critical infrastructure, the U.S. government has pledged to provide states with federal assistance to help manage voting cyber risks and taking additional steps to quell fears the election this fall could be hacked.
Updated! Retailer Eddie Bauer's CEO reported that the chain's in-store point-of-sale network had been infected with malware for a six-month period during which time payment card information may have been accessed by unauthorized personnel.
The 2016 Olympics may be winding down, but cybercriminals are not slacking off in their efforts to use the sporting event as a way to lure victims.
Brian Laing, VP of business development and products at APT defense firm Lastline, spoke to SCMagazine.com at Black Hat about the evolution of advanced persistent threats and some of their more devious tactics.
Researchers discovered DroidJack attacks that delivered the remote access Trojan (RAT) through an "over the top" (OTT) carrier.
Kaspersky researchers spotted a wave of attacks that has affected more than 130 organizations in at least 30 countries.
The world's biggest networking equipment company, Cisco Systems, will layoff about 5.5K employees.
The leaker to end all leakers has taken to Twitter to provide some insight in to the recent high profile auction of NSA hacking tools.
Women continue to receive significantly less compensation than men in the IT security sector, according to a new report from the U.S. Census Bureau.
Bitdefender has discovered vulnerabilities in a popular brand of 'smart' electrical socket which could lead to attacks on your local area network or the recruitment of the IoT device as part of a global botnet.
Looking to capitalize on mobile device owners' growing security fears, a new variant of the Android malware Marcher is infecting victims by fraudulently posing as a firmware security update.
Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.
Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.
WikiLeaks' practice of delivering unfiltered information to its readers backfired after a researcher discovered that its collection of leaked Turkish government emails contained over 300 active links to malware files hosted on the controversial site.
Independent researcher Michael Gillespie discovered a unique ransomware variant posing as a Pokémon Go application for Windows.
Ransomware as a service (RaaS) is a booming business with entrepreneurs working in this illegal space hauling in a nifty profit and continuing to roll out new types on a regular basis, according to two new studies.
Updated! The claim by the hacking group The Shadow Brokers that it has pilfered surveillance tools from another group, allegedly associated with the National Security Agency (NSA), is being called bogus by security experts, but Kaspersky Lab believes there is a connection.
A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.
Capitalizing on Olympics activity, a new version of Zeus Sphinx has been targeting banks in Brazil and Colombia.
The European Commission to looking to tighten its regulatory grip on US-based tech companies which are slowly replacing traditional telcos in the services they provide.
Researchers discovered a campaign that delivers a malicious banking Trojan to Android devices using Google AdSense advertisements.
In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and checked out with customer data that likely includes payment card information.
Updated! Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.
A team of researchers developed a new method to leak information from air-gapped computers using intrinsic covert noises emitted from the device's hard drive.
Scotland Yard is to setup a Twitter task force which will hunt offensive online comments, and bring those posting them to justice.
Software company Sage has reportedly suffered a data breach orchestrated by an insider of the company. The police are investigating and the ICO has been informed.
The U.S. Department of the Interior must update its access controls to meet current standards, according to an inspector general report.
Fresh off the discovery that hackers compromised the customer support portal for Oracle's MICROS point-of-sale systems, a new shocking report surfaced, revealing that at least five more POS vendors were similarly breached.
The fallout from the hack into the DNC continues as it is now being reported that celebrities, C-suite executives and other high-profile donors to the Democratic party were also ensnared.
The infamy of Donald Trump is being leveraged by canny cyber-criminals for everything from spam to credential phishing.
Major partners in the controversial nuclear power plant at Hinkley Point have been accused in American courts of attempting to steal US nuclear technology.
With nearly a quarter of ID fraud victims being savvy users of mobile and social media platforms in the UK last year, regular device updates nor computer literacy are stopping users from engaging in harmful online behaviour.
Researchers published information about a Windows security error that reignites the debate involving device back doors.
A group of researchers discovered a Linux bug which could allow serious hijacking attacks against the USA Today website and other popular sites.
The large majority of London police computers are apparently still using the 14-year-old Windows XP operating system and jeopardising security
The Israeli Knesset waits on the passage of a bill which would see the amalgamation of Israel's cyber-defences into one central authority
As OPM CIO, Defense Department Principal Deputy CIO David De Vries will be instrumental in raising the agency's security profile.
While players of Valve Corporation's online battle arena game Dota 2 were busy fighting each other for supremacy, a real-life adversary stole 1,923,972 account records from the official Dota2 forum's database.
Researchers discovered a series of vulnerabilities affecting the archive program SAPCAR used to compress and decompress files.
Google and the NYU conducted a yearlong study into the business practices of those who pay vendors to install unwanted software in their install bundles.
AVG malware analyst Jakub Kroustek discovered an unfinished version of a new strain of ransomware, dubbed Hitler-Ransomware.
Estonia power company joins European network for cyber-security to improve its cyber-resilience.
A planned national database of personal data on Russian citizens could become a magnet for criminal cyber-attacks warn analysts.
Experts say that government concerns over cyber-security at the new nuclear power plant at Hinkley Point are misdirected and that the Chinese are not the real worry.
Facebook users are being lured into giving up their credentials in response to alarming messages about terror incidents and celebrity deaths.
Industrial control system vulnerabilities disclosed by security researchers have steadily climbed in the years following the discovery of Stuxnet worm in 2010, according to a report.
Five of the nine security bulletins released by Microsoft this Patch Tuesday are rated critical.
IOActive researchers found that half of the cyber vulnerabilities in connected vehicles could grant an attacker full or partial control of a vehicle.
Paradoxically, 'good' news for businesses and ransomware cyber-criminals alike appears to be bad news for security platform provider FireEye.
Over the past two years, three out of every four organisations have been hit by the loss or theft of important data.
The cyberespionage group identified as Strider by Symantec researchers is as sophisticated a threat as any known APT in history -- including Duqu, Flame, The Equation Group and Regin -- according to an analysis by Kaspersky Lab.
Oracle detected malicious code on some MICROS legacy servers but the extent of the breach is not yet known, according to KrebsOnSecurity.
Symantec yesterday disclosed its discovery of a cyberespionage group called Strider, which appears to be targeting mostly Russian entities with spyware attacks that bear the hallmarks of a sophisticated nation-state operation.
Newkirk Products, Inc. has begun notifying approximately 3.3 million people, including Blue Cross Blue Shield customers, of a data breach.
A researcher claims to have found vulnerabilities in Samsung Pay's tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users' tokens and make fraudulent purchases.
A set of vulnerabilities, dubbed "Quadrooter," affecting Qualcomm chipset software drivers used in Android devices, were detected by Check Point security researchers.
Once distributed primarily via spam, the Smoke Loader bot has more recently been detected being spread by an exploit kit.
Brazil puts concerns over cyber-attacks at number 23 despite hosting the Olympic games, whereas the US, Germany and Japan put cyber-attacks at number one - hence extensive cybercrime is expected during the games.
Insurance firm Zurich is offering a discount on monthly insurance fees should a customer use the IoT alarm offered by Cocoon, despite security concerns over IoT devices.
Lavabit founder Ladar Levison warned a Def Con audience that there's no law on the books protecting privacy.
The leaders of the non-profit group the Cyber Independent Testing Lab (CITL) gave an update on the organization's progress in creating a system to warn consumers on the cyber safety of the products they are purchasing.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought