Lost devices leading cause of data breaches, report

Lost devices leading cause of data breaches, report

Phishing scams and ransomware attacks may be grabbing the headlines, but for the financial sector lost or stolen mobile devices were the leading cause of data breaches over the last decade.

47% of NHS Trusts in England admit to falling victim to ransomware

47% of NHS Trusts in England admit to falling victim to ransomware

FOI request shows cyber assault on healthcare sector.

Verify service to be used outside of central government

Verify service to be used outside of central government

The interim boss of GOV.UK's Verify service is set to look for ways to use the identity-confirmation tools outside of central government.

UK 'too attractive' to DDoS attackers

UK 'too attractive' to DDoS attackers

Distributed Denial of Service (DDoS) attacks are on the up according to new research; and the UK is firmly in the crosshairs.

The media becomes the story as hackers focus efforts on news organizations

The media becomes the story as hackers focus efforts on news organizations

Updated! News reports yesterday that the New York Times and other news organizations were attacked by hackers should not only come as no surprise, but industry insiders believe news organizations should prepare to be struck again in the future.

Researchers quell Wildfire ransomware with decryption key

Researchers quell Wildfire ransomware with decryption key

Intel and Kaspersky researchers developed a free decryption tool for victims of the Wildfire variant of ransomware.

M&A deals bring added cybersecurity risks

M&A deals bring added cybersecurity risks

Security professionals are increasingly concerned by cybersecurity risks that arise as a result of mergers and acquisitions transactions, particularly the use of cyberespionage to gain information on the competition.

Twitoor first Android malware known to leverage Twitter for command and control

Twitoor first Android malware known to leverage Twitter for command and control

Researchers have found the first known Android mobile malware to use a Twitter account, rather than a traditional command-and-control server, to control infected devices.

Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet

Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet

Juniper confirms exploits leaked by the Shadow Brokers group appear to affect its firewalls, but has not yet patched the vulnerabilities.

Ransomware: The evolution of cybercrime, a roundtable

Ransomware: The evolution of cybercrime, a roundtable

The threat from ransomware continues to grow and the situation will only get darker before mitigation efforts prove reliable and the miscreants move on to another attack vector, according to a panel of cybersecurity experts gathered in Manhattan on Wednesday for the Dell Data Security Ransomware Roundtable.

NATO to spend €70 million on 'cyber-refresh'

NATO to spend €70 million on 'cyber-refresh'

The NATO Information Assurance and Cyber Defence Symposium (NIAS) in Mons is expected to outline the alliance's vision and plans to boost capabilities including cyber-security expenditure priorities.

Singapore to shut off internet access for government agencies

Singapore to shut off internet access for government agencies

The government of Singapore is to shut off access to the internet of government agencies in an effort to preempt a cyber-attack or a data breach.

French submarine builder DCNS suffers data breach

French submarine builder DCNS suffers data breach

About 22,000 documents have leaked from French shipbuilder DCNS which is building submarines for the Indian navy.

6 in 10 universities hit by ransomware, 2/3 hit multiple times

6 in 10 universities hit by ransomware, 2/3 hit multiple times

Freedom of Information requests filed by security company SentinelOne have shown that ransomware attacks appear to be rife within the UK higher education sector.

After NSA leaks, a renewed interest in vulnerability disclosure

After NSA leaks, a renewed interest in vulnerability disclosure

Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy.

USAA members hit with multiple phishing attacks

USAA members hit with multiple phishing attacks

Updated! Multiple phishing campaigns that play off consumers' fear of having their financial information being hacked are hitting customers of United Services Automobile Association (USAA).

Saving money on security software by improving cyber posture, report

Saving money on security software by improving cyber posture, report

Spending big bucks is not always necessary for corporations to put a decent cybersecurity program in place.

Two-thirds of IT security pros surveyed expect a breach to hit their company, report

Two-thirds of IT security pros surveyed expect a breach to hit their company, report

While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.

Epic hack, thousands of salted logins stolen

Epic hack, thousands of salted logins stolen

A hacker has stolen around 808,000 accounts from two forums run by Epic Games, the games maker has confirmed the hack and is investigating what happened.

India threatens jail for visiting forbidden sites

India threatens jail for visiting forbidden sites

Visiting a 'forbidden' website is now punishable with a three-year jail term in India - even without downloading anything. NordVPN predicts a surge of VPN subscriptions in India by Internet users to protect online freedom.

Ransomware rise, email scams spread, Flash & IOT vulnerabilities up

Ransomware rise, email scams spread, Flash & IOT vulnerabilities up

The top three findings from Trend Micro's TrendLabs six-monthly threat trends are the doubling of ransomware families, geographic spread of business email scams and increasing Flash and IOT vulnerabilities spotted.

Russia's Central Bank introduces new mandatory cyber-security regulations

Russia's Central Bank introduces new mandatory cyber-security regulations

Russian banks will be faced with a whole range of new regulations, and penalties for non-compliance, when it comes to cyber-security, according to the country's Central Bank

EU ministers rattle sabres at encrypted ISIS jihadi comms channels

EU ministers rattle sabres at encrypted ISIS jihadi comms channels

France and Germany discuss 'tapping' encrypted end-to-end networks such as WhatsApp and Skype

SC Magazine's September 2016 product reviews

SC Magazine's September 2016 product reviews

Well, we're well into summer and we've had a short break during our two-month combo edition for July and August so let's get back to it with one of our more active groups: data leak prevention (DLP) and endpoint security.

Trust exercise: Symantec's new website security expert is reaching out to hacker community

Trust exercise: Symantec's new website security expert is reaching out to hacker community

Tarah Wheeler, whom Symantec recently hired as principal security advocate and senior director of engineering for its Website Security team, is reportedly pledging to foster ties with the independent hacker community.

Dridex on the loose again, this time in Switzerland

Dridex on the loose again, this time in Switzerland

The meteoric rise of Locky ransomware has not completely supplanted the distribution of the notorious Dridex malware.

SC Magazine's web news team takes top honors at ASBPE Awards

SC Magazine's web news team takes top honors at ASBPE Awards

The web news team of SC Magazine received the highest honor, a Gold award, in the 2016 Azbee Awards of Excellence, produced by the American Society of Business Publication Editors (ASBPE).

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Snowden documents were published Friday, strengthening evidence that code leaked by the Shadow Brokers contains zero-day exploits used by the NSA.

Threat to SMBs from ransomware on the rise, report

Threat to SMBs from ransomware on the rise, report

Ransomware is not going away, according to a new study from Arctic Wolf Networks.

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

An independent IT security research facility has reviewed Android, and despite constant charges of insecurity, found the mobile platform to be far from wanting ?

U.S. government extends offer to protect states from electoral cyberthreats

U.S. government extends offer to protect states from electoral cyberthreats

Updated! As it considers classifying the electoral system as critical infrastructure, the U.S. government has pledged to provide states with federal assistance to help manage voting cyber risks and taking additional steps to quell fears the election this fall could be hacked.

Eddie Bauer POS systems hit with malware

Eddie Bauer POS systems hit with malware

Updated! Retailer Eddie Bauer's CEO reported that the chain's in-store point-of-sale network had been infected with malware for a six-month period during which time payment card information may have been accessed by unauthorized personnel.

Brazilians targeted in free Olympic ticket giveaway phishing scam

Brazilians targeted in free Olympic ticket giveaway phishing scam

The 2016 Olympics may be winding down, but cybercriminals are not slacking off in their efforts to use the sporting event as a way to lure victims.

Advanced persistent threats are APT to be deceptive, devious

Advanced persistent threats are APT to be deceptive, devious

Brian Laing, VP of business development and products at APT defense firm Lastline, spoke to SCMagazine.com at Black Hat about the evolution of advanced persistent threats and some of their more devious tactics.

DroidJack attacks delivered through Twilio SMS messages

DroidJack attacks delivered through Twilio SMS messages

Researchers discovered DroidJack attacks that delivered the remote access Trojan (RAT) through an "over the top" (OTT) carrier.

Operation Ghoul attacks terrorize industrial and engineering orgs

Operation Ghoul attacks terrorize industrial and engineering orgs

Kaspersky researchers spotted a wave of attacks that has affected more than 130 organizations in at least 30 countries.

Cisco shedding 7% of its workforce

Cisco shedding 7% of its workforce

The world's biggest networking equipment company, Cisco Systems, will layoff about 5.5K employees.

Snowden says Shadow Broker leak is likely a warning from Russia

Snowden says Shadow Broker leak is likely a warning from Russia

The leaker to end all leakers has taken to Twitter to provide some insight in to the recent high profile auction of NSA hacking tools.

Women receive significantly less compensation than men in IT sector, Census Bureau

Women receive significantly less compensation than men in IT sector, Census Bureau

Women continue to receive significantly less compensation than men in the IT security sector, according to a new report from the U.S. Census Bureau.

We have the power: 'Smart' sockets could be enslaved to create botnet

We have the power: 'Smart' sockets could be enslaved to create botnet

Bitdefender has discovered vulnerabilities in a popular brand of 'smart' electrical socket which could lead to attacks on your local area network or the recruitment of the IoT device as part of a global botnet.

Marcher steps up game: Malware poses as security update, imitates popular apps

Marcher steps up game: Malware poses as security update, imitates popular apps

Looking to capitalize on mobile device owners' growing security fears, a new variant of the Android malware Marcher is infecting victims by fraudulently posing as a firmware security update.

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.

Half of enterprises ill-prepared for inside attack, study

Half of enterprises ill-prepared for inside attack, study

Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.

WikiLeaks postings of Turkish emails included active links to malware

WikiLeaks postings of Turkish emails included active links to malware

WikiLeaks' practice of delivering unfiltered information to its readers backfired after a researcher discovered that its collection of leaked Turkish government emails contained over 300 active links to malware files hosted on the controversial site.

Don't get caught by the Pokemon Go ransomware

Don't get caught by the Pokemon Go ransomware

Independent researcher Michael Gillespie discovered a unique ransomware variant posing as a Pokémon Go application for Windows.

Ransomware as a service business booming and growing: Reports

Ransomware as a service business booming and growing: Reports

Ransomware as a service (RaaS) is a booming business with entrepreneurs working in this illegal space hauling in a nifty profit and continuing to roll out new types on a regular basis, according to two new studies.

The Shadow Brokers' NSA hack claim unlikely, say experts

The Shadow Brokers' NSA hack claim unlikely, say experts

Updated! The claim by the hacking group The Shadow Brokers that it has pilfered surveillance tools from another group, allegedly associated with the National Security Agency (NSA), is being called bogus by security experts, but Kaspersky Lab believes there is a connection.

After the breach: Settlement expected for 50M Home Depot customers

After the breach: Settlement expected for 50M Home Depot customers

A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.

New Zeus Sphinx banking trojan hitting Brazil

New Zeus Sphinx banking trojan hitting Brazil

Capitalizing on Olympics activity, a new version of Zeus Sphinx has been targeting banks in Brazil and Colombia.

Is the EU to blame for further prompting privacy issues with OTT services?

Is the EU to blame for further prompting privacy issues with OTT services?

The European Commission to looking to tighten its regulatory grip on US-based tech companies which are slowly replacing traditional telcos in the services they provide.

Android malvertising campaign discovered delivering Svpeng Trojan through AdSense

Android malvertising campaign discovered delivering Svpeng Trojan through AdSense

Researchers discovered a campaign that delivers a malicious banking Trojan to Android devices using Google AdSense advertisements.

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and checked out with customer data that likely includes payment card information.

Iran investigating possible cyber angle on oil fires

Iran investigating possible cyber angle on oil fires

Updated! Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.

DiskFiltration attack uses acoustics to infiltrate air-gapped computers

DiskFiltration attack uses acoustics to infiltrate air-gapped computers

A team of researchers developed a new method to leak information from air-gapped computers using intrinsic covert noises emitted from the device's hard drive.

Scotland Yard setting up Twitter police task force

Scotland Yard setting up Twitter police task force

Scotland Yard is to setup a Twitter task force which will hunt offensive online comments, and bring those posting them to justice.

Sage suffers data breach from insider

Sage suffers data breach from insider

Software company Sage has reportedly suffered a data breach orchestrated by an insider of the company. The police are investigating and the ICO has been informed.

Interior Dept. must update access control standards to meet NIST guidelines - report

Interior Dept. must update access control standards to meet NIST guidelines - report

The U.S. Department of the Interior must update its access controls to meet current standards, according to an inspector general report.

Research firm finds MICROS hackers infected more POS vendors

Research firm finds MICROS hackers infected more POS vendors

Fresh off the discovery that hackers compromised the customer support portal for Oracle's MICROS point-of-sale systems, a new shocking report surfaced, revealing that at least five more POS vendors were similarly breached.

Fallout from DNC hack broadens to donors

Fallout from DNC hack broadens to donors

The fallout from the hack into the DNC continues as it is now being reported that celebrities, C-suite executives and other high-profile donors to the Democratic party were also ensnared.

Trump beats Clinton in presidential election spam race

Trump beats Clinton in presidential election spam race

The infamy of Donald Trump is being leveraged by canny cyber-criminals for everything from spam to credential phishing.

US government accuses Hinkley point partner of nuclear espionage

US government accuses Hinkley point partner of nuclear espionage

Major partners in the controversial nuclear power plant at Hinkley Point have been accused in American courts of attempting to steal US nuclear technology.

34% of users click on links due to human curiosity

34% of users click on links due to human curiosity

With nearly a quarter of ID fraud victims being savvy users of mobile and social media platforms in the UK last year, regular device updates nor computer literacy are stopping users from engaging in harmful online behaviour.

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

Microsoft's 'golden key' bypassing Secure Boot reignites backdoor debate

Researchers published information about a Windows security error that reignites the debate involving device back doors.

USA Today and other popular sites vulnerable to serious hijacking attacks

USA Today and other popular sites vulnerable to serious hijacking attacks

A group of researchers discovered a Linux bug which could allow serious hijacking attacks against the USA Today website and other popular sites.

Most Met police computers still using Windows XP

Most Met police computers still using Windows XP

The large majority of London police computers are apparently still using the 14-year-old Windows XP operating system and jeopardising security

Israeli parliament recommends creation of national cyber-authority

Israeli parliament recommends creation of national cyber-authority

The Israeli Knesset waits on the passage of a bill which would see the amalgamation of Israel's cyber-defences into one central authority

OPM snags new CIO from Defense Dept.

As OPM CIO, Defense Department Principal Deputy CIO David De Vries will be instrumental in raising the agency's security profile.

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

While players of Valve Corporation's online battle arena game Dota 2 were busy fighting each other for supremacy, a real-life adversary stole 1,923,972 account records from the official Dota2 forum's database.

SAPCAR file decompression flaws patched

SAPCAR file decompression flaws patched

Researchers discovered a series of vulnerabilities affecting the archive program SAPCAR used to compress and decompress files.

Google, NYU reveal business model of unwanted software bundles

Google, NYU reveal business model of unwanted software bundles

Google and the NYU conducted a yearlong study into the business practices of those who pay vendors to install unwanted software in their install bundles.

Incomplete version of 'Hitler-Ransonware' discovered

Incomplete version of 'Hitler-Ransonware' discovered

AVG malware analyst Jakub Kroustek discovered an unfinished version of a new strain of ransomware, dubbed Hitler-Ransomware.

Elektrilevi joins European network for cyber-security

Elektrilevi joins European network for cyber-security

Estonia power company joins European network for cyber-security to improve its cyber-resilience.

Millions of Russians' personal data may be put at risk

Millions of Russians' personal data may be put at risk

A planned national database of personal data on Russian citizens could become a magnet for criminal cyber-attacks warn analysts.

Concern about Chinese involvement at Hinkley Point is misdirected, say experts

Concern about Chinese involvement at Hinkley Point is misdirected, say experts

Experts say that government concerns over cyber-security at the new nuclear power plant at Hinkley Point are misdirected and that the Chinese are not the real worry.

Facebook hit with hoax scams purporting terror incidents and celebrity deaths

Facebook hit with hoax scams purporting terror incidents and celebrity deaths

Facebook users are being lured into giving up their credentials in response to alarming messages about terror incidents and celebrity deaths.

Third of ICS flaws were unpatched when disclosed - report

Third of ICS flaws were unpatched when disclosed - report

Industrial control system vulnerabilities disclosed by security researchers have steadily climbed in the years following the discovery of Stuxnet worm in 2010, according to a report.

Patch Tuesday: Nine bulletins, five critical, as Microsoft patches focus on desktop

Patch Tuesday: Nine bulletins, five critical, as Microsoft patches focus on desktop

Five of the nine security bulletins released by Microsoft this Patch Tuesday are rated critical.

Connected car vulnerabilities could be reduced with an ounce of prevention

Connected car vulnerabilities could be reduced with an ounce of prevention

IOActive researchers found that half of the cyber vulnerabilities in connected vehicles could grant an attacker full or partial control of a vehicle.

FireEye layoffs as cyber-criminals gorge on low-hanging ransomware

FireEye layoffs as cyber-criminals gorge on low-hanging ransomware

Paradoxically, 'good' news for businesses and ransomware cyber-criminals alike appears to be bad news for security platform provider FireEye.

76% of organisations suffer loss or theft of data in past two years

76% of organisations suffer loss or theft of data in past two years

Over the past two years, three out of every four organisations have been hit by the loss or theft of important data.

Kaspersky: ProjectSauron, aka Strider, rivals the most elite APTs in sophistication

Kaspersky: ProjectSauron, aka Strider, rivals the most elite APTs in sophistication

The cyberespionage group identified as Strider by Symantec researchers is as sophisticated a threat as any known APT in history -- including Duqu, Flame, The Equation Group and Regin -- according to an analysis by Kaspersky Lab.

Carbanak Gang likely behind Oracle MICROS customer service portal compromise

Carbanak Gang likely behind Oracle MICROS customer service portal compromise

Oracle detected malicious code on some MICROS legacy servers but the extent of the breach is not yet known, according to KrebsOnSecurity.

Lord of the spy ring: Strider APT cites Tolkien, found snooping on Russian targets

Lord of the spy ring: Strider APT cites Tolkien, found snooping on Russian targets

Symantec yesterday disclosed its discovery of a cyberespionage group called Strider, which appears to be targeting mostly Russian entities with spyware attacks that bear the hallmarks of a sophisticated nation-state operation.

Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected

Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected

Newkirk Products, Inc. has begun notifying approximately 3.3 million people, including Blue Cross Blue Shield customers, of a data breach.

Researcher warns of flaws in Samsung Pay tokenization and mag stripe features

Researcher warns of flaws in Samsung Pay tokenization and mag stripe features

A researcher claims to have found vulnerabilities in Samsung Pay's tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users' tokens and make fraudulent purchases.

Chip drivers render 900M Android devices vulnerable to attack

Chip drivers render 900M Android devices vulnerable to attack

A set of vulnerabilities, dubbed "Quadrooter," affecting Qualcomm chipset software drivers used in Android devices, were detected by Check Point security researchers.

Smoke Loader now arriving via EK, Malwarebytes analysis

Smoke Loader now arriving via EK, Malwarebytes analysis

Once distributed primarily via spam, the Smoke Loader bot has more recently been detected being spread by an exploit kit.

UPDATED: Will Rio Olympics herald a carnival of cyber-crime?

UPDATED: Will Rio Olympics herald a carnival of cyber-crime?

Brazil puts concerns over cyber-attacks at number 23 despite hosting the Olympic games, whereas the US, Germany and Japan put cyber-attacks at number one - hence extensive cybercrime is expected during the games.

Insurance firm now offering discount on use of IoT alarm

Insurance firm now offering discount on use of IoT alarm

Insurance firm Zurich is offering a discount on monthly insurance fees should a customer use the IoT alarm offered by Cocoon, despite security concerns over IoT devices.

Gov't thinks it has right to data, Lavabit founder says

Gov't thinks it has right to data, Lavabit founder says

Lavabit founder Ladar Levison warned a Def Con audience that there's no law on the books protecting privacy.

Cyber ITL reveals testing methods, prepares for 2017 launch

Cyber ITL reveals testing methods, prepares for 2017 launch

The leaders of the non-profit group the Cyber Independent Testing Lab (CITL) gave an update on the organization's progress in creating a system to warn consumers on the cyber safety of the products they are purchasing.

Government retains dozens, not thousands, of zero-days

Government retains dozens, not thousands, of zero-days

The number of vulnerabilities in the federal government arsenal hovers in the dozens, Columbia University Senior Research Scholar Jason Healey told a DEF CON 24 audience.

Bot Mayhem takes first place in DARPA Cyber Challenge

Bot Mayhem takes first place in DARPA Cyber Challenge

Team ForAllSecure won the DARPA Cyber Grand Challenge defeating six other finalists and taking home a $2 million award for its bot Mayhem, which is the first fully automated cybersecurity defense system, Def Con attendees learned.

Google launches API to eliminate passwords on Android devices

Google launches API to eliminate passwords on Android devices

Google rolls out an API that will allow Android apps to access login credentials, essentially eliminating the need for passwords.

Advocate Health Care hit with largest HIPAA settlement

Advocate Health Care hit with largest HIPAA settlement

Advocate Health Care will pay $5.55 million for a breach that led to the exposure of personally identifiable information of four million patients.

VIDEO: Web servers running on HTTP/2 found with multiple denial-of-service vulnerabilities

VIDEO: Web servers running on HTTP/2 found with multiple denial-of-service vulnerabilities

In an analysis of five separate manufacturers' web servers running on the new HTTP/2 protocol, cybersecurity firm Imperva found that all five were vulnerable to at least one of four high-profile denial-of-service vulnerabilities.

EFF: Kazakhstan targeting journalists and dissidents with Operational Manul spyware campaign

EFF: Kazakhstan targeting journalists and dissidents with Operational Manul spyware campaign

Kazakhstan is alleged to be targeting journalists and political dissidents and their families and associates through a cyberespionage campaign.

Miller and Valasek unveil new Jeep hack at Black Hat, retire from car harcking

Miller and Valasek unveil new Jeep hack at Black Hat, retire from car harcking

Chris Valasek and Charlie Miller hung up their car hacking spikes today at Black Hat announcing at the end of their presentation that they were moving on, but not before revealing a few more vulnerabilities in a Jeep Cherokee.

Apple offers bug bounty program

Apple offers bug bounty program

Apple is offering up to $200,000 to researchers reporting critical security vulnerabilities in Apple software, including its underlying operating system.

Russians predict further attacks on Clinton's campaign HQ - immunity offered to hackers

Russians predict further attacks on Clinton's campaign HQ - immunity offered to hackers

Russian hacking groups believed responsible for the Clinton hacks may not be the Russian state but may be silently condoned by it.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US