SWIFT adds additional protective measures for members to ensure cybersecurity compliance

SWIFT adds additional protective measures for members to ensure cybersecurity compliance

For the second time this month The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has introduced new standards including mandatory security requirements for its customers.

185M incidents bypassed perimeter defenses - report

185M incidents bypassed perimeter defenses - report

Two recent reports warn of the dangers of over-reliance on perimeter security as an enterprise defense method.

Pagers found leaking patient health information

Pagers found leaking patient health information

Even in an age dominated by smartphones and tablets, the device that helped start the mobile communications revolution, the beeper or pager, is still a doctor's constant companion, but a study found this little device is ill suited for keeping medical information secure.

OVH suffers massive 1.1Tbps DDoS attack

OVH suffers massive 1.1Tbps DDoS attack

An internet hosting company has been the subject of a distributed denial of service attacks the likes of which the world has never seen

Uber prevents fraud and protects driver accounts with selfies

Uber prevents fraud and protects driver accounts with selfies

Uber will now require drivers to take selfies to prevent fraud and protect their accounts from compromise.

Presidential debate 2016: Candidates pledge cyber investment, differ on Russia

Presidential debate 2016: Candidates pledge cyber investment, differ on Russia

Clinton pinned hacks at the Democratic National Conference (DNC) on Russia while Trump said attribution is not clear.

Yahoo faces congressional action and class action lawsuits following historic data breach

Yahoo faces congressional action and class action lawsuits following historic data breach

Yahoo is facing both legal and congressional action in the form of multiple class-action lawsuits and one senators call for a congressional probe.

Pippa Middleton's iCloud account hacked

Pippa Middleton's iCloud account hacked

A man who allegedly hacked into the iCloud account of Pippa Middleton, sister of the Duchess of Cambridge, has been arrested.

OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks

OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks

Fourteen flaws in the OpenSSL project have been patched, including a high-severity vulnerability that can be exploited to cause a denial-of-service (DoS) attack.

IoT assault, connected devices increasingly used for DDoS attacks

IoT assault, connected devices increasingly used for DDoS attacks

While the information stored in internet of thing (IoT) devices is still valuable, researchers spotted an increase in attacks targeting IoT devices.

Cybercriminals already able to hack ATM biometric readers

Cybercriminals already able to hack ATM biometric readers

Even though biometric readers have not been rolled out on ATM's, cybercriminals have already developed tools to steal a person's fingerprint and other biological data.

Cities planning transparency laws for police surveillance tech

Cities planning transparency laws for police surveillance tech

Eleven cities are organizing local legislation intended to make the procurement and use of surveillance technologies by local police departments more transparent.

Malicious apps leveraging top UK brands has increased by 130%

Malicious apps leveraging top UK brands has increased by 130%

The number of malicious apps leveraging top UK brands has grown by 130 percent year on year.

GCHQ to fund startups to fight cyber-crime

GCHQ to fund startups to fight cyber-crime

50% of European SMEs say data security is a major barrier

50% of European SMEs say data security is a major barrier

Security raises concerns with half of SMEs saying data security is the major barrier between their organisation and the digital workplace. Another 30 percent believe cost is the key issue.

Email of White House staffer hacked, purported scan of First Lady's passport leaked

Email of White House staffer hacked, purported scan of First Lady's passport leaked

The White House has announced a cyber-security breach, as a purported photocopy of Michelle Obama's passport appears online.

SC Roundtable: The Threat Landscape

SC Roundtable: The Threat Landscape

A host of security professionals joined SC yesterday for a frank discussion on the looming threat landscape

Google reverses Allo policy, raising ire of privacy groups

Google reverses Allo policy, raising ire of privacy groups

The version of Allo that Google released on Wednesday will indefinitely store messages until they are manually deleted by the user.

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

On the cusp of a $4.8 billion acquisition by Verizon, Yahoo today disclosed a data breach in which a state-sponsored actor is believed to have stolen a copy of data linked to at least 500 million accounts.

Global data breaches up 15 percent in first half of 2016

Global data breaches up 15 percent in first half of 2016

Data breaches were up 15 percent during the first half of 2016 compared to previous six months as Gemalto researchers reported a total of 974 worldwide breaches.

Locky ransomware pushers keeping things fresh using many new attachments

Locky ransomware pushers keeping things fresh using many new attachments

The threat actors behind Locky ransomware have kept busy this year by steadily altering the types of attachments included in the spam campaigns used to spread the malware, all in order to stay one step ahead of their victim's defenses.

White hats save greybeards from black hat attack

White hats save greybeards from black hat attack

As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?

76% of security pros believe threat intelligence should be shared

76% of security pros believe threat intelligence should be shared

Many security professionals believe that they have a moral responsibility to share threat intelligence

Global study: Is IT security making progress against cyber-attacks?

Global study: Is IT security making progress against cyber-attacks?

CyberArk's 10th annual Global Advanced Threat Landscape Survey conducts research on global enterprises and whether they are learning from cyber-attacks and what priorities are being influenced.

Malicious websites visited every five seconds by enterprise workers, report

Malicious websites visited every five seconds by enterprise workers, report

A user at an enterprise organization accesses a malicious website every five seconds, according to research published by CheckPoint.

Education sector bullied by ransomware and can barely defend itself, report

Education sector bullied by ransomware and can barely defend itself, report

Researchers found the education sector has been experiencing the highest rates of attack while having the least protected systems.

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Executives at Combe Incorporated may have sprung a few new gray hairs after learning that the website for its Just for Men brand of hair coloring products was compromised to serve up malware.

RAUM weaponizes torrents to deliver malware

RAUM weaponizes torrents to deliver malware

A new and sophisticated tool dubbed RAUM has been uncovered that targets naïve torrent users who download popular software or media content and then replaces the desired content with malware.

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

Citrix is advising customers not to fret over recent research stating that 64-bit block ciphers in cryptographic protocols are susceptible to a so-called birthday attack - noting that multiple difficult conditions must be met for such a technique to be effective.

Cloudflare looks to TLS 1.3 to secure internet

Cloudflare looks to TLS 1.3 to secure internet

Amongst various security features, cloud-provider Cloudflare looks to TLS 1.3 to secure internet.

Former insurance employees appear in court over data leak

Former insurance employees appear in court over data leak

Two people have been charged with bribery offences, following an investigation into the suspected leak of confidential data by a former employee of insurance firm LV=.

Ponemon study: business innovation and IT security often do not go hand in hand

Ponemon study: business innovation and IT security often do not go hand in hand

New research from the Ponemon Institute in partnership with Micro Focus claims business innovation and IT security often do not go hand in hand.

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

High-Tech Bridge CEO Ilia Kolochenko advised a crowd at today's FT Cyber-Summit that we should all "keep is simple", as most breaches happen due to "obvious" mistakes.

SWIFT introduces daily reporting system for member customers

SWIFT introduces daily reporting system for member customers

SWIFT has introduced a daily reporting system intended to help members of the financial messaging system identify fraudulent payments made over the network.

Report, framework to balance safety and reliability needs of industrial operations

Report, framework to balance safety and reliability needs of industrial operations

The Industrial Internet Consortium (IIC) published a framework technical report to help organizations balance the safety and reliability needs of industrial operations.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

Video: ISF's Durbin advises orgs to protect mission critical info assets

Video: ISF's Durbin advises orgs to protect mission critical info assets

Information Security Forum Managing Director Steve Durbin sat down with SCMagazine.com Executive Editor Teri Robinson to discuss how organizations can better protect their mission critical information assets.

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Researchers claim they were able to crack into Tesla's CAN Bus to achieve remote control of the electric car and the DoT just issued a new policy concerning automated vehicles.

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco issued an advisory for a flaw that the company has linked to exploits released by the Shadow Brokers group.

Sixth Circuit: Nationwide insurance co.'s breach victims have standing to sue

Sixth Circuit: Nationwide insurance co.'s breach victims have standing to sue

A federal Appeals Court has reinstated a class-action lawsuit against insurance company Nationwide after concluding that individuals whose personal data was exposed in a 2012 breach have sufficient standing to sue.

DetoxCrypto ransomware imitates Malwarebytes software

DetoxCrypto ransomware imitates Malwarebytes software

Malwarebytes is warning users of a a variant of DetoxCrypto ransomware that is imitating the security vendor's software.

Energy sector cybersecurity workers overconfident in their capabilities

Energy sector cybersecurity workers overconfident in their capabilities

A Tripwire survey found IT staffers in the energy sector frequently don't have the data needed to see if their assumptions on how their security apparatus function are correct.

Crysis ransomware now attacking businesses in Australia and New Zealand

Crysis ransomware now attacking businesses in Australia and New Zealand

Australian and New Zealand businesses are being hit with a ransomware campaign.

House Committee urges Obama not to pardon Snowden

House Committee urges Obama not to pardon Snowden

The House Permanent Select Committee on Intelligence urged President Obama not to issue a presidential pardon to Edward Snowden.

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

HutZero, a first of its kind boot camp designed to help budding cyber-security entrepreneurs turn their ideas into viable business opportunities, opened last Friday. The entrepreneurs will now begin the three-month long mentorship programme to help realise their ideas.

Moral breach: Edward Snowden goes to Hollywood

Moral breach: Edward Snowden goes to Hollywood

The film Snowden opens this week recounting recent events that have sent reverberations around the world.

FBI asks ransomware victims to come forward

FBI asks ransomware victims to come forward

Updated! The FBI is continuing its effort to obtain support from businesses and private entities in its fight against ransomware by issuing a plea for victims to promptly and completely report any such incidents.

GCHQ planning use of DNS filters to curb cyber-attacks

GCHQ planning use of DNS filters to curb cyber-attacks

Boss of GCHQ and the new NCSC has revealed plans that the spy agencies are planning to partner with UK ISPs to use DNS filtering to curb cyber-attacks.

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Despite concerns over security from both the Prime Minister and one of her chiefs of staff, Hinkley Point C nuclear power station has been given a green light today for construction with backing from China.

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research from Blue Coat Systems shows how despite the increased use of social media, workers are still failing to fully protect themselves from complex social engineering techniques

Eurekalert news service attacked

Eurekalert news service attacked

Scientific news service EurekAlert suffered a breach which saw the login details of thousands of journalists stolen. The company has now reformed the technology behind its website and is promising a brand new login system.

VW launches cybersecurity joint venture as House members examine threats facing auto industry

VW launches cybersecurity joint venture as House members examine threats facing auto industry

As automakers race to develop automated vehicles, the challenge of securing these automotive systems has taken on an elevated role for automakers.

Ransomware criminals increase use of asymmetric encryption

Ransomware criminals increase use of asymmetric encryption

Ransomware criminals are growing more sophisticated in their use of encryption, as criminals increasingly use asymmetric encryption methods.

Researcher believes major DDoS attacks part of military recon to shut down internet

Researcher believes major DDoS attacks part of military recon to shut down internet

The attacks targeted major companies that provide internet infrastructure and appear to have probed the companies' defenses to determine capabilities.

Half of UK students want data security training

Half of UK students want data security training

Half of all students in the UK have no security software installed on any of their devices, even though a quarter of teenagers are 'almost constantly' connected.

Cold case: Finnish police advise owners to store smart keys in fridge

Finnish police are advising owners of cars with "smart" locking systems to put the keys in the fridge when they are at home.

FBI director uses tape over his webcams, says you should too

FBI director uses tape over his webcams, says you should too

Recent actions by FBI director James Comey suggest we should all be using tape over our webcams.

Sites associated with both presidential contenders spring leaks

Sites associated with both presidential contenders spring leaks

Data theft knows no boundaries. Personal information has been siphoned out from databases connected to both presidential campaigns.

Ransomware up 3000% since first recorded, now targeting hospitals

Ransomware up 3000% since first recorded, now targeting hospitals

In its September 2016 Threat Report, Intel Security describes how ransomware attacks are up 3000 percent since records began in 2012, and why attackers are now turning to the healthcare industry.

1 in 50 employees a malicious insider?

A survey recently conducted by Imperva showed that 36 percent of surveyed companies have experienced security incidents involving malicious employees in the past 12 months.

Cybersecurity enhancements proposed for financial firms in New York

Cybersecurity enhancements proposed for financial firms in New York

To better protect consumer data, banks and insurance companies in New York will soon be required to adhere to new cybersecurity guidelines.

Trojan distribution methods highlight need for info sharing in financial services industry

Trojan distribution methods highlight need for info sharing in financial services industry

As financial institutions scramble to prevent more attacks like the cyber heists that targeted SWIFT members, a recent report offers additional cause for the sector to improve information sharing practices.

Report uncovers the underground healthcare data market

A new report from the Institute of Critical Infrastructure Technology undresses what happens to private medical data after its stolen from the hospital and the heaving marketplaces it ends up in

NSA and Cyber Command urged to split, A.I. to become part of U.S. cyber strategy

NSA and Cyber Command urged to split, A.I. to become part of U.S. cyber strategy

President Obama may be urged to split the joint leadership of the NSA and U.S. Cyber Command in favor of two distinct forces for cyberespionage and cyberwarfare.

Study finds gamer cyber hygiene stinks

Study finds gamer cyber hygiene stinks

As online gaming grows in popularity ESET researchers found that cybersecurity measures haven't kept pace with growth.

Are our data centres insecure?

Are our data centres insecure?

Vectra Networks is claiming that attackers are turning their attention to data centres. Are our data centres as secure as we think they are?

ACLU campaign pushes Obama to pardon Snowden

ACLU campaign pushes Obama to pardon Snowden

On the eve of the release of "Snowden," the ACLU's Ben Wizner said the civil rights organization had joined forces with Amnesty International and Human Rights Watch to persuade President Obama to pardon the whistleblower.

Millions of Russians still losing personal data online

Millions of Russians still losing personal data online

Millions of Russians are still losing personal data online thanks to using vulnerable websites and being hacked.

Cyber-attacks now cost enterprises US $861K per security incident

Cyber-attacks now cost enterprises US $861K per security incident

On average, a single cyber-security incident now costs large businesses US $861,000 (£652,000). Meanwhile, small and medium businesses (SMBs) pay $86,500 (£65,500).

CREST takes over cyber-assurance programme from NSA in America

CREST takes over cyber-assurance programme from NSA in America

The National Security Agency has handed over responsibility for operating and promoting its CIRA accreditation programme to CREST, best known in the UK for its accreditation schemes with GCHQ, CESG and the Bank of England.

FBI sweep: It's a search, get a warrant, says fed judge

A court in Texas handed down a ruling that is likely to set a precedent for government access to hard drives.

Leaked Stingray documents reveal features and ease of use

Leaked Stingray documents reveal features and ease of use

Using mass surveillance software without a warrant is almost as easy as installing Skype.

WADA confirms Fancy Bear behind attack on anti-doping database

WADA confirms Fancy Bear behind attack on anti-doping database

The Russian espionage group Tsar Team, aka Fancy Bear, got into the ADAMS system through an account created by the International Olympic Committee for the 2016 Rio Games.

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October

Microsoft's September Patch Tuesday offering that rolled out today is the last to be delivered under this update system with the company moving to a "monthly rollup" delivery mechanism starting in October, something not all industry insiders see as a positive move.

GartnerSEC: people-centric IT practices encouraged

GartnerSEC: people-centric IT practices encouraged

Gartner is now encouraging people-centric IT practices so IT is no longer seen as a hindrance and rather an enabler.

GovRAT 2.0 in the wild and hitting U.S. government agencies

The malicious actors behind the GovRAT malware have upgraded it to version 2.0 and using the new version to hit even more targets and increase the price of the software, now starting at $1,000.

Alleged vDOS creators nabbed in Israel

Alleged vDOS creators nabbed in Israel

Two Israeli teenagers were arrested for their alleged part in the running of vDOS, a so-called booter service selling kits for distributed denial-of-service (DDoS) attacks.

Seagate staff to sue company over data protection failure

Seagate staff to sue company over data protection failure

A hardware manufacturer may soon be sued by employees who claim the employer did not do nearly enough to protect their data.

Legislators urge Commerce Dept, DoJ against transfer of ICANN internet governance

Legislators urge Commerce Dept, DoJ against transfer of ICANN internet governance

U.S. legislators urged the Department of Justice and the Commerce Department to reconsider the transfer of internet governance.

New RAA ransomware variant performs own encryption, attacks businesses

New RAA ransomware variant performs own encryption, attacks businesses

The ransomware RAA, which incorporates the information-stealing trojan Pony, has evolved to more effectively target companies, encrypting victims' files and stealing their data, most likely to infect their business contacts via spear phishing.

Amidst lawsuit, McAfee aims to innovate as a separate entity

Amidst lawsuit, McAfee aims to innovate as a separate entity

As Intel proceeds with plans to divest its majority stake in Intel Security, the chipmaker's security business unit, a lawsuit filed against Intel threatens to create challenges for the entity.

Canadian data sharing deal with EU could be illegal under European Law

Canadian data sharing deal with EU could be illegal under European Law

A top EU lawyer has concluded that the EU-Canada PNR agreement which oversees the transfer of information on flight records between the two countries goes against the EU Charter Fundamental Human Rights.

Leaked catalogue reveals disinformation campaign for sale

Leaked catalogue reveals disinformation campaign for sale

A leaked catalogue has exposed one India-based tech company's attempts to sell cyber-warfare services and disinformation campaigns

Latest Dridex includes new cryptocurrency targeting and new features to evade detection

Latest Dridex includes new cryptocurrency targeting and new features to evade detection

Despite its reduction in volume, Dridex malware is still actively being developed.

Stampado ransomware updated, but full of holes, report

Stampado ransomware updated, but full of holes, report

A cybercriminal going by the moniker The Rainmaker has updated the Stampado ransomware to a new version dubbed Philadelphia and is now selling if for $400, but the good news is the malware is flawed.

CFTC imposes cybersecurity rules for U.S. commodities, derivatives firms

CFTC imposes cybersecurity rules for U.S. commodities, derivatives firms

The new rules are designed to enhance and clarify existing requirements relating to cybersecurity testing and system safeguards risk analysis.

Paper: Only 200K mobile bots needed to impair U.S. 911 system with DDoS attack

Paper: Only 200K mobile bots needed to impair U.S. 911 system with DDoS attack

A few as 200,000 mobile bots would be enough to launch a successful DDoS attack against the U.S.' 911 infrastructure, significantly disrupting service nationwide, a new research paper from Ben-Gurion University reports.

Vendors leave crypto key in the door when it comes to security

Vendors leave crypto key in the door when it comes to security

The problem of certificates baked into firmware continues to jeopardise the security of consumer internet devices despite warnings to vendors, according to a researcher.

Google to start encryption shaming

Google to start encryption shaming

Google will start shaming websites for not encrypting connections between the user and the site itself by telling users exactly when they are visiting HTTP sites

Guccifer 2.0 again denies Russian connection, mocks reports linking hacker to APT groups

Guccifer 2.0 again denies Russian connection, mocks reports linking hacker to APT groups

An individual who self-identified as Guccifer 2.0 continues to deny reports by security firms that link the purported hacker or hacking group to Russian advanced persistent threat (APT) groups.

Post-acquisition, RSA president teases synergy opportunities with Dell SecureWorks

Post-acquisition, RSA president teases synergy opportunities with Dell SecureWorks

One day after Dell finalized its acquisition of EMC Corporation and its RSA cybersecurity division, RSA President Amit Yoran maintained his business-as-usual stance, but also acknowledged certain synergistic implications.

Wells Fargo Bank fined $185M, fires 5,300 staffers over fake account scam

Wells Fargo Bank fined $185M, fires 5,300 staffers over fake account scam

Wells Fargo Bank was fined $185 million for a five-year long scam that saw bank employees illegally creating fake accounts and email addresses and apply for credit and debit cards to meet sales goals and earn commissions.

Pokemon Go scammers turn to social media and imitation apps

Pokemon Go scammers turn to social media and imitation apps

The popularity of Pokémon Go is continuing to attract scammers looking to exploit users in search of a leg up in the game.

Reps. Chaffetz, Cummings exchange charges over Clinton email server

Reps. Chaffetz, Cummings exchange charges over Clinton email server

Republicans and Democrats on the House Oversight Committee swapped accusations over the on-going saga surrounding presidential candidate Hillary Clinton's private email server.

Tighter security, more hands needed post-OPM, security pros say

Tighter security, more hands needed post-OPM, security pros say

Security procedures need to be amended and personnel with advanced skills need to be hired, security pros say following the release of a congressional report faulting the OPM for a massive breach.

Leaked Rambler data highlights long-term risk post-breach

Leaked Rambler data highlights long-term risk post-breach

100 million user passwords from a 2012 breach at Russian internet giant Rambler were leaked online.

New research shows ransomware victims are paying up

New research shows ransomware victims are paying up

New research from security company Trend Micro shows ransomware victims are paying up, despite remaining defiant to fight it as much as possible.

NIAS 2016 - responding to the Warsaw declaration

NIAS 2016 - responding to the Warsaw declaration

An extra €70 million is to be spent in the five years from 2017 on a major refresh of cyber-capabilities.

UAE medical centre hit, hacker claims good intentions

UAE medical centre hit, hacker claims good intentions

A medical centre in the UAE has been modestly breached by a hacker who claims to want to teach them a lesson in security.

U.S. investigating intrusions, Clinton implies Russians hackers could tilt Trump victory

U.S. investigating intrusions, Clinton implies Russians hackers could tilt Trump victory

As the November election nears, Democratic presidential nominee Hillary Clinton Monday accused the Kremlin of wanting to interfere with the U.S. election.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US