GCHQ's infosec unit CESG was credited with the discovery of two vulnerabilities that were patched by Apple last week.
As serious crime stats drop in New York City, gangs are becoming more adept at cybercrime, according to Police Commissioner Bill Bratton.
Information security bug-bounty hunter Arne Swinnen used several flaws with Instagram's login system to brute force his way into the social media giant and gain access to member accounts.
Professional services online marketplace Fiverr bills itself as "the easiest way to get everything done at unbeatable value" and apparently, at least briefly, that promise extended to distributed denial of service (DDoS) for hire.
Victims download the malware either via a double-zipped file with a WSF inside attached to the malicious email or via an unsubscribe link at the bottom of the email which is linked to the same ZIP file.
As many as 100 people are believed to have taken part in a heist of nearly $13 million (USD) from thousands of cash machines in Japan.
Updated: A worm that made its way into Ubiquiti Networks equipment through outdated AirOS firmware has wreaked havoc on ISPs and others that use the Ubiquiti networking platform.
Hackers could wreak havoc on banks and other financial institutions, claims Mary Jo White
Days after transferring $11,000 in stolen bitcoins to an anti-ISIS revolutionary group in Syria, hacktivist Phineas Fisher was at it again—defacing the website belonging to Spain's Catalan police union, and posting an online tutorial showing how it was done.
Following reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, SWIFT stated it is taking steps to create more information sharing practices.
Duo Labs researchers found that 60 percent of enterprise Android phones are affected by a critical QSEE vulnerability.
A trio of students from St Petersburg State University in Russia have been dubbed world champions in the 40th annual ACM International Collegiate Programming Contest (ICPC) finals.
Security and payment experts warn that the Google-backed Android Pay UK launch on 18 May is promising, however could be held back by concerns over malware.
A bill introduced yesterday by Sen. Ron Wyden (D-Ore.) seeks to block the expansion of government's hacking authority under Rule 41 changes that would let judges issue warrants to access computers located in any jurisdiction.
The authors of the TeslaCrypt ransomware have publicly released the master decryption key that unlocks files encrypted by the malware in efforts to close up shop and go home for good.
Cisco patched vulnerabilities affecting the company's Web Security Appliance devices that affect how the web filtering devices process traffic.
Chief constable Stephen Kavanagh tells techUK's Partners Against Crime seminar that the police need to engage more effectively with the private sector in developing new crime fighting capabilities.
Avoiding detection is generally a top priority for any malicious code developer, but the creators of the newly discovered "Furtim" truly appear to have gone the extra mile to ensure that their malware flies under the radar.
The Republican and Democratic candidates and their campaign staffs need to prep for a possible barrage of cyberattacks during this election cycle, industry experts and U.S. National Intelligence Director James Clapper said.
FireEye researchers detected a nearly six-fold increase in the percentage of ransomware activity in March 2016.
Security professionals lauded a bill that aims to tackle malware threats by disrupting the use of botnets by cybercriminal groups, in testimony during a Senate hearing.
Cyphort Labs spotted a new Angler Exploit campaign that has already infected at least 19 websites.
Cyber-attacks against web applications are increasing, yet security budgets for developers remain low.
Apple has released a series of security updates to both tvOS, iOS, watchOS, OSX, Safari and iTunes.
Researchers have discovered a malware-based APT dating back to 2008 that at least appears to target political enemies of Ukraine, including pro-Russia separatists in the disputed eastern region of the country.
The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web.
Roughly 77 percent of organisations are unprepared for cyber-security incidents according to research by NTT Com in its 2016 Global Threat Intelligence Report.
Apple did the right thing by rebuffing the FBI's attempt to get it to crack an iPhone 5c and tech companies that don't show similar backbone might find potential customers hesitant to purchase their products.
Atlanta has an ambitious plan to bolster its cybersecurity posture.
A click-fraud botnet dubbed "Redirector.Paco Trojan" has infected 900,000 IPs worldwide.
A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.
Figuring out to defend against phishing attacks, along with how to train company workers to identify and report these ubiquitous scams instead of clicking on them was the focal point of the final panel held today at the inaugural SC Congress Atlanta.
A Senate Judiciary subcommittee will hold a hearing Wednesday to explore that growing threat of ransomware.
Tech support scammers are changing their strategy by adding malware to their payloads, effectively holding the victim's device for ransom until the "repair fee" is paid.
The Open Smart Grid Protocol's (OSGP) home-grown RC4 encryption has been cracked once again. The easy-to-break, custom RC4 was cracked last year.
A panel Tuesday at SC Congress Atlanta devolved into a debate over how serious the threat is posed by ransomware.
A Federal judge denied a motion filed by Mozilla last week requesting that the FBI privately disclose a security vulnerability used in a child pornography case.
A panel of industry insiders at SC Congress Atlanta looked at cyber insurance taking a look at what is driving the industry's quick growth.
FDA official provided detail about the agency's IT strategy that aims to strengthen protection of pharmaceutical companies' data submitted in regulatory filings during the approval process of new drugs.
An unidentified hacker turned the tables on Nulled.io, a popular online forum that facilitates cybercriminal activity, by compromising its website and publicly dumping its sensitive user data and communications.
Researchers spotted a spike in phishing attacks, email scams and spam messages that mimic branding from the 2016 Rio De Janeiro Olympics.
Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.
According to Germany's domestic intelligence agency, Russia was most likely responsible for the major cyber-attack on the Bundestag last year, forcing computer systems to be on hiatus for days.
Flaw in the international communications standard SS7 could allow hackers to mimic users and intercept messages on mobile networks.
Hundreds of different banking Trojans attack Android users, one being Android.SmsSpy.88.origin, which was first spotted in 2014.
For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.
A U.S. House member introduced draft legislation Thursday that would require the Obama administration to sanction Iranian hackers indicted for cyberattacks.
Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.
The revelation by SWIFT that another bank was victimized using the same MO as that in the Bangladesh bank hack has the security industry believing the SWIFT system is flawed and possibly still vulnerable to another attack.
Updated: Federal cybersecurity policy will likely be affected by the ongoing saga involving Hillary Clinton's email communications, a former Congressional chief of staff said.
Compared to passwords, authentication through biometric data is simpler to use and can be much more secure.
New research by VMWare has found that a great deal of UK workers believe that the responsibility for cyber-security should go all the way to the board of directors.
Information security professionals discussed methods of protecting against threats from malicious actors and insiders at the Inside Dark Web conference in New York City on Thursday.
The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.
A recent Pindrop study found a spike in call center fraud as cybersecurity improves.
Mozilla asked a federal district court in Washington to compel the FBI to disclose a zero-day vulnerability in the Tor browser that authorities exploited to identify patrons of the Tor-based child pornography site Playpen.
FireEye researchers believe a mature and sophisticated criminal operation has been responsible for conducting spearphishing attacks that resulted in more 100 organizations in North America being victimized.
Federal Bureau of Investigation (FBI) Director James Comey reiterated Wednesday to reporters in Washington that encryption was hampering law enforcement's ability to investigate criminals.
A former attorney for the U.S. Army and the Central Intelligence Agency discussed attempts to regulate encryption technologies at the Inside dark web conference in New York City on Thursday.
Point-of-sale (POS) malware is still a clear and present danger, say Proofpoint researchers.
Data breaches in the worlds of banking, credit and finance have nearly double between 2014 and 2015 according to the Identity Theft Resource Centre's 2015 Breach List report. Despite being unsure of how long it would take, IT pros in financial services are very confident in their ability to detect a breach.
A scammer syndicate has been caught impersonating the services of cyber-security companies and charging high fees for doing very little.
Half of this months Patch Tuesday releases are critical, many addressing privilege escalation.
The National Security Telecommunications Advisory Committee (NSTAC) brought together Silicon Valley executives with federal officials at the advisory committee's annual meeting on Wednesday.
Gen. Michael Hayden told the audience at Centrify Connect that the U.S. hasn't defined what to call cyber attacks like the one on Sony.
The investigation into the bank heist that cost Bangladesh's central bank $81 million has taken a byzantine turn, as a new report surfaced of multiple hacking groups infiltrating the bank's network.
Sen. Mike Rounds (R-S.D.) introduced The Cyber Act of War Act of 2016 bill this week asking the Obama administration to develop a set of guidelines for the U.S. military to follow in response to a cyberattack.
A data file of 10GB holding sensitive financial data compromised from an InvestBank in the United Arab Emirates (UAE) has been leaked online. The file contains information on tens of thousands of customers from a bank based in Sharjah.
Members of the U.S. House of Representatives and staffers received warnings that the House network has received a rise in attempted ransomware attacks.
Facebook is making its Capture the Flag, or CTF, gaming platform available to teach cyber skills.
Two Israeli men accused of securities fraud and hacks into media outlets and nine financial institutions, including JPMorgan Chase, Fidelity Investments and E*Trade Financial Corp., will be extradited to the U.S.
Security researchers discovered popular Android applications that execute remote code on devices and use the infected devices to create botnets that engage in ad fraud, DDoS attacks, and spam messages.
Mere hours after word spread last week of a remote code execution vulnerability in the image-processing software ImageMagick, bad actors were already actively exploiting it in the wild
Yahoo has released its second wave of Foreign Intelligence Surveillance Court (FISC) documents concerning a 2007 case over user data.
Adobe will issue an update later this week for Flash Player to patch a vulnerability that is currently being exploited in the wild, and the company also released a slew of fixes for its Reader and Acrobat product lines.
Microsoft's May Patch Tuesday roll out contains 16 bulletins covering 37 vulnerabilities, with half of them being rated critical and possibly leading to remote code execution.
The FBI provided a local police department with a StingRay but required it to "use additional and independent investigative means and methods" to ensure data obtained by the surveillance device "would be admissible at trial."
More than half of Irish companies don't provide regular cyber-security training to their staff.
The ICO has levied a £180,000 fine against a London HIV clinic for accidentally divulging the names and email addresses of 780 patients.
Baby retailer Kiddicare suffers a data breach that exposes 794K customer details
PerezHilton.com, home to Hollywood and celebrity gossip news, has served up a new set of malicious ads to some of its half a million daily site visitors.
Lauri Love, the British/Finnish activist, was granted a small victory today at Westminster Magistrates Court when the judge ruled he didn't have to reveal the passwords to encrypted files as part of his request for return of data storage devices.
Appthority's Q2 2016 Enterprise Mobile Threat Report found Apple and Android should better vet their app stores.
Twitter blocked U.S. intelligence agencies' access to data provided by a private company that scans Twitter feeds.
Bad guys have to put in long hours too in order to keep their ransomware fresh and usable.
To face the growing number of cyber-threats as part of their efforts to get ready for the 4th industrial revolution, British manufacturers are being urged to step up their cyber-security planning.
Microsoft noted a 9.4 percent increase in vulnerability disclosures to just above 3,300 disclosures in its latest study.
As UK government vows to boost cyber-defences, its own research finds majority of successful attacks could have been prevented by adopting Cyber Essentials.
A contentious amendment to an international export treaty has been causing an uproar in the security communities.
Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.
A team of researchers discover a new method of launching attacks that would threaten global critical infrastructure and utility providers through a worm that spreads through utility networks.
Researchers at Cylance removed some of the mystery surrounding the new ransomware AlphaLocker after accessing its configuration files and subsequently pulling up its admin interface.
The Defense Advanced Research Projects Agency (DARPA) is looking for research proposals to develop a system that would enable the government and law enforcement to identify the actual individual behind a cyber attack.
The Federal Bureau of Investigation (FBI) has already questioned a number of Hillary Clinton's former aides about her use of the server to conduct official State Department business.
NexusGuard's Q1 2016 report has found that one of the favorite targets of DDoS attackers are attack researchers
Los Angeles police detectives bypassed an iPhone security feature that prevents access to content on disabled phones, according to a report, citing court papers reviewed by the news daily.
A group of organizations and businesses nearly 50-strong urged Congressional leaders to take swift action on the Open, Permanent, Electronic, and Necessary (OPEN) Government Data Act.
Third-party risks pose a "serious threat" to organizations but upper management may be able to curb the threat, according to a recent study.
C-suites and boards of directors are increasing their knowledge of IT security risks and needs - before a breach happens.
Researchers found a series of malicious apps containing Android/Clicker.G on the Google Play store. The campaign targets mobile devices in Russia, but they affect apps that are available globally.
SC Magazine Articles
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study