SSH brute force attacks compromise servers for DDoS attacks

SSH brute force attacks compromise servers for DDoS attacks

Sucuri researcher Daniel Cid found that it only took an attacker 12 minutes to compromise an IPv4 server, and shortly after launch DDoS attacks.

Ransomware's busy week with new varieties and updates being debuted

Ransomware's busy week with new varieties and updates being debuted

With the massive Yahoo! data breach grabbing the cybersecurity headlines of late, it might be easy to forget criminals are still busy pushing ransomware with two new varieties being recently introduced and a one older type being revamped.

Is Microsoft exposing the supply chain by hardening the enterprise Edge?

Is Microsoft exposing the supply chain by hardening the enterprise Edge?

Microsoft has announced it is to harden the Edge browser for enterprise users.

Linux.Mirai Trojan causing mayhem with DDoS attacks

Linux.Mirai Trojan causing mayhem with DDoS attacks

A Trojan named Linux.Mirai has been found to be carrying out DDoS attacks.

Vendetta Brothers scalable POS campaign revealed

Vendetta Brothers scalable POS campaign revealed

Security researchers have uncovered a detailed cybercrime campaign against point-of-sale systems managed by two entrepreneurial criminals who have instituted the best practices of the global economy.

Yahoo! data breach likely exceeds 500 million records

Yahoo! data breach likely exceeds 500 million records

The security firm InfoArmor believes the Yahoo! data breach far exceeds the 500 million number, that the hack was accomplished by a cybergang, not a nation-state, and that overall about 3.5 billion user records have been stolen over the years.

Boards taking more cyber seriously, driven by regulatory requirements, report finds

Boards taking more cyber seriously, driven by regulatory requirements, report finds

A Bay Dynamics report found that 30 percent of board members now give cyber high priority, compared to just seven percent in 2014.

Curtain closes on Ransomware Encryptor RaaS, but with master key

Curtain closes on Ransomware Encryptor RaaS, but with master key

Those victims targeted over the past year by the ransomware as a service named Encryptor RaaS may be at a loss to ever recover their encrypted files.

New NATO report claims China's cyber-space influence continues to grow

New NATO report claims China's cyber-space influence continues to grow

A new report by the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) has shown a comprehensive overview of the evolving Chinese cyber-structures.

Europol's IOCTA report says cyber-crime on a sharp rise

Europol's IOCTA report says cyber-crime on a sharp rise

Europol has released its yearly Internet Organised Crime Threat Assessment (IOCTA) report, which this year has highlighted a sharp incline in cyber-crime and identified eight cyber-crime trends.

BIND update fixes high-severity flaw affecting ICS, as CERT releases update to CSET tool

BIND update fixes high-severity flaw affecting ICS, as CERT releases update to CSET tool

ISC released an update Tuesday for a high-severity security flaw affecting open source software that implements DNS protocols.

ISACA programme aims to attract more women into technology professions

ISACA programme aims to attract more women into technology professions

For some time women have been underrepresented in technology, but a new programme seeks to change that by connecting women in technology.

End-of-support devices on networks weakening cyberdefenses, report

End-of-support devices on networks weakening cyberdefenses, report

Nearly three-quarters of businesses have end-of-support devices operating in their networks, and the consequences could prove dire, a new study found.

Android.Lockerscreen using pseudorandom passcodes to ensure payouts

Android.Lockerscreen using pseudorandom passcodes to ensure payouts

The Android.Lockerscreen ransomware is now using pseudorandom numbers and other tactics to prevent victims from unlocking devices without paying.

FBI investigating hacked mobile phones of Democratic officials

FBI investigating hacked mobile phones of Democratic officials

The Federal Bureau of Investigation launched an investigation into hacked mobile phones of Democratic Party officials.

70% of IDTMs want UK gov to do more so young people enter tech field

70% of IDTMs want UK gov to do more so young people enter tech field

Nearly a quarter (23 percent) of UK IT decision makers believe STEM and the need for young IT talent are one of the main technology issues for enterprises in 2017.

69% of office professionals in the UK hoard data

69% of office professionals in the UK hoard data

Over three-quarters (77 percent) of IT decision makers worldwide are now more concerned about the impact of data hoarding than they were a year ago.

86% of over-55s worldwide think they're safe from cyber-criminals

86% of over-55s worldwide think they're safe from cyber-criminals

Nearly all (86 percent) over-55s don't believe that they're targets for cyber-criminals.

Facebook can no longer share data of German users on WhatsApp

Facebook can no longer share data of German users on WhatsApp

Facebook has been banned from collecting and storing the data of German users on its messaging app, WhatsApp.

State officials warn Congress: don't damage public confidence in election systems

State officials warn Congress: don't damage public confidence in election systems

An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines.

'Lock Down Your Login' campaign urges authentication, furthers CNAP

'Lock Down Your Login' campaign urges authentication, furthers CNAP

The campaign fulfills a CNAP mandate to promote internet safety and security.

RIG EK rigged to steal tricks from Neutrino in fight to fill Angler's void

RIG EK rigged to steal tricks from Neutrino in fight to fill Angler's void

Malwarebytes researchers spotted a large malvertising campaign delivering the RIG exploit kit on popular sites including answers(dot)com.

SWIFT adds additional protective measures for members to ensure cybersecurity compliance

SWIFT adds additional protective measures for members to ensure cybersecurity compliance

For the second time this month The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has introduced new standards including mandatory security requirements for its customers.

185M incidents bypassed perimeter defenses - report

185M incidents bypassed perimeter defenses - report

Two recent reports warn of the dangers of over-reliance on perimeter security as an enterprise defense method.

Pagers found leaking patient health information

Pagers found leaking patient health information

Even in an age dominated by smartphones and tablets, the device that helped start the mobile communications revolution, the beeper or pager, is still a doctor's constant companion, but a study found this little device is ill suited for keeping medical information secure.

OVH suffers massive 1.1Tbps DDoS attack

OVH suffers massive 1.1Tbps DDoS attack

An internet hosting company has been the subject of a distributed denial of service attacks the likes of which the world has never seen

Uber prevents fraud and protects driver accounts with selfies

Uber prevents fraud and protects driver accounts with selfies

Uber will now require drivers to take selfies to prevent fraud and protect their accounts from compromise.

Presidential debate 2016: Candidates pledge cyber investment, differ on Russia

Presidential debate 2016: Candidates pledge cyber investment, differ on Russia

Clinton pinned hacks at the Democratic National Conference (DNC) on Russia while Trump said attribution is not clear.

Yahoo faces congressional action and class action lawsuits following historic data breach

Yahoo faces congressional action and class action lawsuits following historic data breach

Yahoo is facing both legal and congressional action in the form of multiple class-action lawsuits and one senators call for a congressional probe.

Pippa Middleton's iCloud account hacked

Pippa Middleton's iCloud account hacked

A man who allegedly hacked into the iCloud account of Pippa Middleton, sister of the Duchess of Cambridge, has been arrested.

OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks

OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks

Fourteen flaws in the OpenSSL project have been patched, including a high-severity vulnerability that can be exploited to cause a denial-of-service (DoS) attack.

IoT assault, connected devices increasingly used for DDoS attacks

IoT assault, connected devices increasingly used for DDoS attacks

While the information stored in internet of thing (IoT) devices is still valuable, researchers spotted an increase in attacks targeting IoT devices.

Cybercriminals already able to hack ATM biometric readers

Cybercriminals already able to hack ATM biometric readers

Even though biometric readers have not been rolled out on ATM's, cybercriminals have already developed tools to steal a person's fingerprint and other biological data.

Cities planning transparency laws for police surveillance tech

Cities planning transparency laws for police surveillance tech

Eleven cities are organizing local legislation intended to make the procurement and use of surveillance technologies by local police departments more transparent.

Malicious apps leveraging top UK brands has increased by 130%

Malicious apps leveraging top UK brands has increased by 130%

The number of malicious apps leveraging top UK brands has grown by 130 percent year on year.

GCHQ to fund startups to fight cyber-crime

GCHQ to fund startups to fight cyber-crime

50% of European SMEs say data security is a major barrier

50% of European SMEs say data security is a major barrier

Security raises concerns with half of SMEs saying data security is the major barrier between their organisation and the digital workplace. Another 30 percent believe cost is the key issue.

Email of White House staffer hacked, purported scan of First Lady's passport leaked

Email of White House staffer hacked, purported scan of First Lady's passport leaked

The White House has announced a cyber-security breach, as a purported photocopy of Michelle Obama's passport appears online.

SC Roundtable: The Threat Landscape

SC Roundtable: The Threat Landscape

A host of security professionals joined SC yesterday for a frank discussion on the looming threat landscape

Google reverses Allo policy, raising ire of privacy groups

Google reverses Allo policy, raising ire of privacy groups

The version of Allo that Google released on Wednesday will indefinitely store messages until they are manually deleted by the user.

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

On the cusp of a $4.8 billion acquisition by Verizon, Yahoo today disclosed a data breach in which a state-sponsored actor is believed to have stolen a copy of data linked to at least 500 million accounts.

Global data breaches up 15 percent in first half of 2016

Global data breaches up 15 percent in first half of 2016

Data breaches were up 15 percent during the first half of 2016 compared to previous six months as Gemalto researchers reported a total of 974 worldwide breaches.

Locky ransomware pushers keeping things fresh using many new attachments

Locky ransomware pushers keeping things fresh using many new attachments

The threat actors behind Locky ransomware have kept busy this year by steadily altering the types of attachments included in the spam campaigns used to spread the malware, all in order to stay one step ahead of their victim's defenses.

White hats save greybeards from black hat attack

White hats save greybeards from black hat attack

As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?

76% of security pros believe threat intelligence should be shared

76% of security pros believe threat intelligence should be shared

Many security professionals believe that they have a moral responsibility to share threat intelligence

Global study: Is IT security making progress against cyber-attacks?

Global study: Is IT security making progress against cyber-attacks?

CyberArk's 10th annual Global Advanced Threat Landscape Survey conducts research on global enterprises and whether they are learning from cyber-attacks and what priorities are being influenced.

Malicious websites visited every five seconds by enterprise workers, report

Malicious websites visited every five seconds by enterprise workers, report

A user at an enterprise organization accesses a malicious website every five seconds, according to research published by CheckPoint.

Education sector bullied by ransomware and can barely defend itself, report

Education sector bullied by ransomware and can barely defend itself, report

Researchers found the education sector has been experiencing the highest rates of attack while having the least protected systems.

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Executives at Combe Incorporated may have sprung a few new gray hairs after learning that the website for its Just for Men brand of hair coloring products was compromised to serve up malware.

RAUM weaponizes torrents to deliver malware

RAUM weaponizes torrents to deliver malware

A new and sophisticated tool dubbed RAUM has been uncovered that targets naïve torrent users who download popular software or media content and then replaces the desired content with malware.

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

Citrix is advising customers not to fret over recent research stating that 64-bit block ciphers in cryptographic protocols are susceptible to a so-called birthday attack - noting that multiple difficult conditions must be met for such a technique to be effective.

Cloudflare looks to TLS 1.3 to secure internet

Cloudflare looks to TLS 1.3 to secure internet

Amongst various security features, cloud-provider Cloudflare looks to TLS 1.3 to secure internet.

Former insurance employees appear in court over data leak

Former insurance employees appear in court over data leak

Two people have been charged with bribery offences, following an investigation into the suspected leak of confidential data by a former employee of insurance firm LV=.

Ponemon study: business innovation and IT security often do not go hand in hand

Ponemon study: business innovation and IT security often do not go hand in hand

New research from the Ponemon Institute in partnership with Micro Focus claims business innovation and IT security often do not go hand in hand.

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

High-Tech Bridge CEO Ilia Kolochenko advised a crowd at today's FT Cyber-Summit that we should all "keep is simple", as most breaches happen due to "obvious" mistakes.

SWIFT introduces daily reporting system for member customers

SWIFT introduces daily reporting system for member customers

SWIFT has introduced a daily reporting system intended to help members of the financial messaging system identify fraudulent payments made over the network.

Report, framework to balance safety and reliability needs of industrial operations

Report, framework to balance safety and reliability needs of industrial operations

The Industrial Internet Consortium (IIC) published a framework technical report to help organizations balance the safety and reliability needs of industrial operations.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

Video: ISF's Durbin advises orgs to protect mission critical info assets

Video: ISF's Durbin advises orgs to protect mission critical info assets

Information Security Forum Managing Director Steve Durbin sat down with SCMagazine.com Executive Editor Teri Robinson to discuss how organizations can better protect their mission critical information assets.

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Researchers claim they were able to crack into Tesla's CAN Bus to achieve remote control of the electric car and the DoT just issued a new policy concerning automated vehicles.

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco issued an advisory for a flaw that the company has linked to exploits released by the Shadow Brokers group.

Sixth Circuit: Nationwide insurance co.'s breach victims have standing to sue

Sixth Circuit: Nationwide insurance co.'s breach victims have standing to sue

A federal Appeals Court has reinstated a class-action lawsuit against insurance company Nationwide after concluding that individuals whose personal data was exposed in a 2012 breach have sufficient standing to sue.

DetoxCrypto ransomware imitates Malwarebytes software

DetoxCrypto ransomware imitates Malwarebytes software

Malwarebytes is warning users of a a variant of DetoxCrypto ransomware that is imitating the security vendor's software.

Energy sector cybersecurity workers overconfident in their capabilities

Energy sector cybersecurity workers overconfident in their capabilities

A Tripwire survey found IT staffers in the energy sector frequently don't have the data needed to see if their assumptions on how their security apparatus function are correct.

Crysis ransomware now attacking businesses in Australia and New Zealand

Crysis ransomware now attacking businesses in Australia and New Zealand

Australian and New Zealand businesses are being hit with a ransomware campaign.

House Committee urges Obama not to pardon Snowden

House Committee urges Obama not to pardon Snowden

The House Permanent Select Committee on Intelligence urged President Obama not to issue a presidential pardon to Edward Snowden.

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

HutZero, a first of its kind boot camp designed to help budding cyber-security entrepreneurs turn their ideas into viable business opportunities, opened last Friday. The entrepreneurs will now begin the three-month long mentorship programme to help realise their ideas.

Moral breach: Edward Snowden goes to Hollywood

Moral breach: Edward Snowden goes to Hollywood

The film Snowden opens this week recounting recent events that have sent reverberations around the world.

FBI asks ransomware victims to come forward

FBI asks ransomware victims to come forward

Updated! The FBI is continuing its effort to obtain support from businesses and private entities in its fight against ransomware by issuing a plea for victims to promptly and completely report any such incidents.

GCHQ planning use of DNS filters to curb cyber-attacks

GCHQ planning use of DNS filters to curb cyber-attacks

Boss of GCHQ and the new NCSC has revealed plans that the spy agencies are planning to partner with UK ISPs to use DNS filtering to curb cyber-attacks.

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Despite concerns over security from both the Prime Minister and one of her chiefs of staff, Hinkley Point C nuclear power station has been given a green light today for construction with backing from China.

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research from Blue Coat Systems shows how despite the increased use of social media, workers are still failing to fully protect themselves from complex social engineering techniques

Eurekalert news service attacked

Eurekalert news service attacked

Scientific news service EurekAlert suffered a breach which saw the login details of thousands of journalists stolen. The company has now reformed the technology behind its website and is promising a brand new login system.

VW launches cybersecurity joint venture as House members examine threats facing auto industry

VW launches cybersecurity joint venture as House members examine threats facing auto industry

As automakers race to develop automated vehicles, the challenge of securing these automotive systems has taken on an elevated role for automakers.

Ransomware criminals increase use of asymmetric encryption

Ransomware criminals increase use of asymmetric encryption

Ransomware criminals are growing more sophisticated in their use of encryption, as criminals increasingly use asymmetric encryption methods.

Researcher believes major DDoS attacks part of military recon to shut down internet

Researcher believes major DDoS attacks part of military recon to shut down internet

The attacks targeted major companies that provide internet infrastructure and appear to have probed the companies' defenses to determine capabilities.

Half of UK students want data security training

Half of UK students want data security training

Half of all students in the UK have no security software installed on any of their devices, even though a quarter of teenagers are 'almost constantly' connected.

Cold case: Finnish police advise owners to store smart keys in fridge

Finnish police are advising owners of cars with "smart" locking systems to put the keys in the fridge when they are at home.

FBI director uses tape over his webcams, says you should too

FBI director uses tape over his webcams, says you should too

Recent actions by FBI director James Comey suggest we should all be using tape over our webcams.

Sites associated with both presidential contenders spring leaks

Sites associated with both presidential contenders spring leaks

Data theft knows no boundaries. Personal information has been siphoned out from databases connected to both presidential campaigns.

Ransomware up 3000% since first recorded, now targeting hospitals

Ransomware up 3000% since first recorded, now targeting hospitals

In its September 2016 Threat Report, Intel Security describes how ransomware attacks are up 3000 percent since records began in 2012, and why attackers are now turning to the healthcare industry.

1 in 50 employees a malicious insider?

A survey recently conducted by Imperva showed that 36 percent of surveyed companies have experienced security incidents involving malicious employees in the past 12 months.

Cybersecurity enhancements proposed for financial firms in New York

Cybersecurity enhancements proposed for financial firms in New York

To better protect consumer data, banks and insurance companies in New York will soon be required to adhere to new cybersecurity guidelines.

Trojan distribution methods highlight need for info sharing in financial services industry

Trojan distribution methods highlight need for info sharing in financial services industry

As financial institutions scramble to prevent more attacks like the cyber heists that targeted SWIFT members, a recent report offers additional cause for the sector to improve information sharing practices.

Report uncovers the underground healthcare data market

A new report from the Institute of Critical Infrastructure Technology undresses what happens to private medical data after its stolen from the hospital and the heaving marketplaces it ends up in

NSA and Cyber Command urged to split, A.I. to become part of U.S. cyber strategy

NSA and Cyber Command urged to split, A.I. to become part of U.S. cyber strategy

President Obama may be urged to split the joint leadership of the NSA and U.S. Cyber Command in favor of two distinct forces for cyberespionage and cyberwarfare.

Study finds gamer cyber hygiene stinks

Study finds gamer cyber hygiene stinks

As online gaming grows in popularity ESET researchers found that cybersecurity measures haven't kept pace with growth.

Are our data centres insecure?

Are our data centres insecure?

Vectra Networks is claiming that attackers are turning their attention to data centres. Are our data centres as secure as we think they are?

ACLU campaign pushes Obama to pardon Snowden

ACLU campaign pushes Obama to pardon Snowden

On the eve of the release of "Snowden," the ACLU's Ben Wizner said the civil rights organization had joined forces with Amnesty International and Human Rights Watch to persuade President Obama to pardon the whistleblower.

Millions of Russians still losing personal data online

Millions of Russians still losing personal data online

Millions of Russians are still losing personal data online thanks to using vulnerable websites and being hacked.

Cyber-attacks now cost enterprises US $861K per security incident

Cyber-attacks now cost enterprises US $861K per security incident

On average, a single cyber-security incident now costs large businesses US $861,000 (£652,000). Meanwhile, small and medium businesses (SMBs) pay $86,500 (£65,500).

CREST takes over cyber-assurance programme from NSA in America

CREST takes over cyber-assurance programme from NSA in America

The National Security Agency has handed over responsibility for operating and promoting its CIRA accreditation programme to CREST, best known in the UK for its accreditation schemes with GCHQ, CESG and the Bank of England.

FBI sweep: It's a search, get a warrant, says fed judge

A court in Texas handed down a ruling that is likely to set a precedent for government access to hard drives.

Leaked Stingray documents reveal features and ease of use

Leaked Stingray documents reveal features and ease of use

Using mass surveillance software without a warrant is almost as easy as installing Skype.

WADA confirms Fancy Bear behind attack on anti-doping database

WADA confirms Fancy Bear behind attack on anti-doping database

The Russian espionage group Tsar Team, aka Fancy Bear, got into the ADAMS system through an account created by the International Olympic Committee for the 2016 Rio Games.

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

Microsoft's September Patch Tuesday offering that rolled out today is the last to be delivered under this update system with the company moving to a "monthly rollup" delivery mechanism starting in October, something not all industry insiders see as a positive move.

GartnerSEC: people-centric IT practices encouraged

GartnerSEC: people-centric IT practices encouraged

Gartner is now encouraging people-centric IT practices so IT is no longer seen as a hindrance and rather an enabler.

GovRAT 2.0 in the wild and hitting U.S. government agencies

The malicious actors behind the GovRAT malware have upgraded it to version 2.0 and using the new version to hit even more targets and increase the price of the software, now starting at $1,000.

Alleged vDOS creators nabbed in Israel

Alleged vDOS creators nabbed in Israel

Two Israeli teenagers were arrested for their alleged part in the running of vDOS, a so-called booter service selling kits for distributed denial-of-service (DDoS) attacks.

Seagate staff to sue company over data protection failure

Seagate staff to sue company over data protection failure

A hardware manufacturer may soon be sued by employees who claim the employer did not do nearly enough to protect their data.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US