VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.
Troels Oeting, CISO of Barclays bank, Tim Lansdale, head of payment security at WorldPay and Bob Tarzey, analyst for QuoCirca tell the SC Congress London what lies ahead.
Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense
As a panel of experts debates whether a security Armageddon is on the horizon - SC Congress London learnt that we're "not quite there yet, but we're close."
Fundamental concerns remain over what is described as a lack of clarity in the Draft Investigatory Powers Bill, with calls from industry bodies for earlier recommendations to be implemented.
The Judicial Redress Act was given the thumbs up by the Senate and the House Wednesday and is now headed for President Obama's desk to be signed into law.
Symantec yesterday warned online gamers of new Windows-based malware schemes victimizing fans of the strategy card game Hearthstone: Heroes of Warcraft.
Though dubbed the most successful malware in history Cryptowall can be stopped
The Internal Revenue Service pinned a recent attempt to infiltrate its systems on malfeasants using a bot and Social Security numbers stolen from other sources but said the attackers didn't compromise or expose personal information of taxpayers.
IT security professionals report that they are regularly pressured to roll out new technologies and devices regardless of whether they are secure, according to a new survey.
High-Tech Bridge released several security advisories over the last week that cover issues found within ITIL ITSM open source software and several popular web applications.
President Obama's Cybersecurity National Action Plan (CNAP) includes a significant dollar commitment in the fiscal 2017 budget and the creation of a Cybersecurity Commission and a Privacy Council established under two Executive Orders
The National Security Agency unveiled an ambitious reorganization that pulls together the agency's offensive and defensive operations.
The hacker responsible for breaching the Department of Justice's web portal has publicly posted stolen data corresponding to roughly 20,000 employees of the FBI and 9,000 from the Department of Homeland Security.
Microsoft's February Patch Tuesday contains 13 bulletins, six rated critical and all of which can allow remote code execution if exploited.
Myriad flaws in the draft Investigatory Powers Bill were highlighted by the Intelligence and Security Committee of Parliament, calling into question government's commitment to privacy
A Russian-language banking Trojan has been found manipulating the ruble-dollar exchange rate
Kaspersky has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN.
The feared Dyre banking Trojan has been almost killed off, following a reported raid by the Russian authorities on a Moscow film distribution company last November.
A hacker threatened to release information on 20,000 FBI employees and 9,000 who work for the Department of Homeland Security (DHS).
Czech security software firm Avast Software has patched a severe vulnerability in its SafeZone web browser that if exploited could have granted hackers sweeping access to compromised computers.
Draft legislation seeks to improve the Pentagon's ability to quickly develop and acquire process cyber warfare technologies.
Palo Alto Networks researchers have spotted a new, more complex backdoor trojan that is targeting Skype users and which can identify and evade the security software found on the victim's computer.
Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.
A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.
The University of Central Florida (UCF) is the target of a consumer class action lawsuit against the school by two alumni following a data breach that exposed personal information.
Oracle issued a security alert and patches for CVE-2016-0603 that can affect Java SE 6, 7 or 8 being run on the Windows.
Researcher Wesley Wineberg said he's been censured due to his participation in the Facebook bug bounty program.
In an effort to help curb terrorism, Twitter has suspended 125,000 accounts since mid-2015 that it said threatened or promoted terrorist acts.
Mozilla yesterday shed new light on its plan to phase out its Firefox operating system and instead focus on Internet of Things solutions, with an emphasis on data privacy and security.
In an oft-repeated tale, a senior at Panther Creek High School was arrested on felony and misdemeanor charges for hacking into a school computer and changing grades.
A cyberattack on a company in the energy, utility, oil and gas sectors is fully capable of causing harm to the physical plant, according to a Tripwire survey of IT professionals working in these fields.
As IT security decision-makers wrestle with how to evaluate threat intelligence solutions, especially in light of the recent demise of intel provider Norse Corp., a new report highlighted the perils of ignoring threat intelligence.
The Office of the Inspector General (OIG) said Colin Powell and Condeleeza Rice both used private email for classified information and a heavily redacted email from John Kerry showed that he likewise used a private email account
Users of the DayZ zombie shoot 'em up have been informed by the developer that their passwords and messages have been stolen by hackers.
From sales staff working the floor in large stores to corporate road warriors flitting from city to city, there is no debate about the degree to which mobile devices have increased productivity.
To meet the more stringent requirements laid out in the EU-U.S. Privacy Shield pact inked Tuesday, organizations are going to have to up their data protection game and Congress must accelerate passage of the Judicial Redress Act.
Hacking into a "smart" office building was easier than one might think with the potential end result being disastrous for the facility and the people working inside, according to a recent test conducted by IBM X-Force researchers.
The University of Central Florida today publicly acknowledged a data breach in which the Social Security (SSN) numbers of 63,000 current and former students were illegally accessed.
Russia fires a warning shot across the U.S. bows in response to the 'US offensive cyber-threat,' saying that it does not lag behind the U.S. when it comes to cyber-technology, noting that its hackers are among the best.
For anyone wanting to remain anonymous, Ashley Madison is now allowing its users to add a mask to their profile picture with a new security tool called discreet photo.
Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.
Companies looking to create strong security and privacy protocols have to encourage their IT and legal departments to not only work together, but each should learn a little of the others' job.
Companies are facing a predicament when charged with federal regulatory violations over alleged failures to establish cybersecurity policies and/or protect personally identifiable information (PII).
FireEye Inc. acquired Invotas International Corp., a cybersecurity company that focuses on security automation and orchestration.
Researchers at Dr. Web spotted the Android.Xiny.19.origin trojan incorporated into more than 60 games in the Google Play Store.
An amateurish ransomware known as DMA Locker could crash while encrypting files, leaving users confused as to why their machines aren't operational.
IT pros look at lessons that can be learned from the collapse of Norse Corp.
Crypto-currencies like Bitcoin may not be as anonymous as they once were as the European Commision announces its intention to regulate the virtual currency exchanges that, the Commission says, aid terrorist financing.
Information governance (IG) is nearly impossible to achieve, but is a goal worth pursuing to protect the privacy of sensitive data and ensure organizations can meet discovery requests, according to a panel at the LegalTech show in New York.
A former Department of Energy (DOE) employee pleaded guilty for attempting spearphishing attacks against other DOE workers.
Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.
Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.
Corporate legal departments are grappling with the changing role of corporate legal departments as they assume a greater role in security and privacy.
Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot via spearphishing emails.
The threat landscape and nature of data breaches are constantly changing, requiring lightning fast response and throwing organizations into an nearly perpetual state of transformation, a panelist told attendees at the LegalTech Show in New York on Tuesday.
Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.
The advent of free, or very inexpensive cloud storage, is presenting organizations with the dilemma of what data to save and what to ditch in order to both save money and mitigate risk.
U.S. and European officials announced a new data-transfer deal on Tuesday designed to replace the Safe Harbor agreement that was ruled invalid by a European court three months ago.
Researchers at Rapid7 discovered vulnerabilities in Fisher-Price's Smart Toy and hereO's GPS platforms that could expose user data.
A new report from the U.S. Government Accountability Office exposes multiple perceived flaws in the Department of Homeland Security's National Cybersecurity Protection System, otherwise known as EINSTEIN.
With the knowledge that an organization sooner or later will suffer a breach, IT security professionals have to focus on protecting their company's most important nuggets of information.
Hacking group AnonSec released 250 GB of data that it says proves it commandeered a $222.7 million NASA drone and for months pilfered information.
A report today from Harvard University's Berkman Center for Internet and Society predicts that in lieu of backdoors to encrypted messaging apps, intelligence agencies will increasingly turn to less fortified vectors to conduct digital surveillance.
William Noonan, U.S. Secret Service, says organizations must work together to prevent new threats.
A default configuration used by the Apache server has been discovered as vulnerable to uncovering the identity of Tor users.
Tax preparation software publisher TaxSlayer notified about 8,800 of its customers last week that an unauthorized third party may have gained access to the personal information contained on their tax return.
Independent security researcher Justin Case discovered a "backdoor" in a processor made by manufacturer MediaTek.
The founder of Liberty Reserve virtual currency pleaded guilty to running an enterprise that laundered more than $250 million obtained by criminals through identity theft, credit card fraud, computer hacking and other illicit activities.
If they are to limit damaging effects, enterprises must prepare and equip themselves with the proper skills to react to and prevent cyber-attacks.
Lincolnshire county council is back up and running after having been infected with ransomware last week.
Talk Talk has lost seven percent of its broadband customers since its data breach, and in India arrests have been made as part of an investigation into phone scams targeting TalkTalk customers.
Cyber Caliphate announced in a post on its Telegram account on Friday that he jihadi hacking group would migrate communications to Threema.
Researchers at BugSec and Cynet discovered a bug in the LG G3 Android smartphone that could allow an attacker to run arbitrary code.
American consumers are more preoccupied with data privacy than losing their main source of income with 92 percent of respondents in a new survey.
HSBC UK this morning was the target of a DDoS attack that flooded the financial institution's systems with manufactured traffic, much to the dismay of online banking customers who were unable to access and manage their accounts.
FireEye researchers have released a report which details potential security issues with software used to dynamically patch iOS apps.
An IRS program launched to improve fraud prevention needs improvements, the Treasury Inspector General for Tax Administration said -- as the FTC rolls out an upgraded identity theft website.
Two new reports from recruitment company BeecherMadden have shown demand for cyber-skills to be rising massively with few able to meet that demand while CISO salaries are also going up.
The Senate Judiciary Committee gave the nod to the Judicial Redress Act, which would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement, sending it on to the full Senate.
With Data Privacy Day now upon us, cybersecurity experts from across the industry have offered their advice on how both individuals and organizations can protect their data.
The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.
SCMagazine.com asked key thought leaders to identify key events in last year that have reshaped public policy and expectations of what happens—and what should happen—to personally identifiable information when users go online.
An authentication bypass in NSDP on the Netgear ProSafe GS105Ev2 gigabit switch is possible due to a password reset vulnerability.
New research by the Ponemon Institute commissioned by Gemalto is showing there is a critical need for organisations to improve their payment data security practices.
The latest maintenance release from Samsung will include security patches that address several vulnerabilities capable of triggering arbitrary code executions, causing memory corruptions, or rebooting factory reset protections and reactivation locks (FRP/RL).
Unit 42 researchers said Scarlet Mimic is behind attacks against minority rights activists that began more than four years, though they've shifted both their tactics and the malware used.
Despite the safety mechanisms baked into the Chrome browser and ChromeOS, Malwarebytes has found hackers are using rogue extensions to perform everything from malvertising attacks to installing adware.
Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.
DDoS attacks are on the increase and getting bigger and more widespread, according to research released by Arbor Networks.
The majority of consumers surveyed by YouGov are skeptical that organizations securely handle the data they share online.
The Maryland Attorney General argued on appeal of a lower court ruling that the warrantless use of a stingray did not violate a suspect's Fourth Amendment right.
Bernard Cazeneuve, France's minister of the interior, has called for greater cooperation between states, businesses and citizens in the fight against online radicalisation and cyber-crime.
Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.
Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computer's Lawrence Abrams.
In observance of the 30th anniversary of the Computer Fraud and Abuse Act, attorney Peter J. Toren argued that the law remains too vague.
Mushrooming numbers of BYOD and IOT devices is putting corporate networks at risk, says ForeScout CEO Michael DeCesare in an exclusive video interview.
Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.
The Obama administration is establishing a new agency tasked with conducting background checks on contractors and government employees.
An aircraft components designer and a Belgian bank were the latest victims of the business email compromise (BEC), prompting the IC3 to issue an alert.
Sign up to our newsletters
SC Magazine Articles
- Skype targeted by T9000 backdoor trojan
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Student SSNs exposed in University of Central Florida breach
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers