Top 10 cyber-weapons; weaponised IT the preferred attack vehicle once inside

Top 10 cyber-weapons; weaponised IT the preferred attack vehicle once inside

Top ten hacker tools identified - misuse of legitimate tools dominates inside the network.

Microsoft Office 365 hit with massive Cerber ransomware attack, report

Microsoft Office 365 hit with massive Cerber ransomware attack, report

Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week.

Lauri Love suicide fear if sent to US for hacking trials

Lauri Love suicide fear if sent to US for hacking trials

An extradition hearing in London today heard claims that Lauri Love would kill himself if extradited to the US to face trial for allegedly hacking several US federal agencies.

Russia's Duma approves bill requiring decryption backdoors

Russia's lower house of parliament approved sweeping anti-terrorism legislation that requires companies to decrypt any message sent by users.

SWIFT robbers swoop on Ukrainian bank

SWIFT robbers swoop on Ukrainian bank

Yet another bank has been hit via the SWIFT messaging system, this time in Ukraine. This may only be the fifth publically disclosed SWIFT heist, but commentators suggest that there plenty of silent victims

112K French policemen doxxed on Google Drive

A disgruntled ex-employee of an insurance firm uploaded the personal details of 112,000 French police officers to a Google Drive account on June 2, possibly exposing the officer's personal information, including addresses.

Retefe banking Trojan now targeting UK banking customers

Retefe banking Trojan now targeting UK banking customers

Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.

Malware spawns botnet in 25,000 connected CCTV cameras

Malware spawns botnet in 25,000 connected CCTV cameras

Tens of thousands of security cameras are the newest recruits to an DDoS botnet, noted for its powerful and unrelenting attacks

Google encryption flaw could allow video piracy

Google encryption flaw could allow video piracy

A Google encryption vulnerability could allow bad actors to hijack video content from protected videos.

IoD members warn of Brexit hiring freeze

The BBC is reporting that after surveying 1000 of its members, the Institute of Directors (IoD) has found that a quarter planned to freeze recruitment and five percent would be planning to cut jobs.

Russians deny responsibility for cyber-attacks on German parliament

Russians deny responsibility for cyber-attacks on German parliament

Russian officials deny any state involvement in cyber-attacks on Geman parliament.

Medical staff routinely ignore IT security to do their jobs

Medical staff routinely ignore IT security to do their jobs

Doctors and nurses would rather save a patient's life than adhere to infosec best practices, according to new research into healthcare cyber-security.

Fake signatures found on second EU referendum petition

Fake signatures found on second EU referendum petition

The House of Commons Petitions Committee has revealed that over 77,000 fraudulent entries were entered into the petition asking for a second EU referendum.

Check Point claims its report has shut down the Nuclear EK

Check Point claims its report has shut down the Nuclear EK

Check Point Software Technologies is claiming that once it released the Check Point Investigative Report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation.

Google CEO Sundar Pichai Quora account hijacked by Zuckerberg hackers

Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.

Brexit will 'prove challenging' to UK universities and tech sector

Brexit will 'prove challenging' to UK universities and tech sector

Following the announcement on Friday that the country had voted in favour of leaving the EU, commentators have been assessing the impact on UK tech.

Updated: How will Brexit affect the cyber-security industry in UK and Europe?

Updated: How will Brexit affect the cyber-security industry in UK and Europe?

The British public has voted to leave the European Union by a margin of 52 to 48 percent. Are there any implications for people working in the cyber-security industry?

Code generator for Swagger spec vulnerable to remote code execution

Rapid7 yesterday publicly disclosed a class of vulnerabilities in Swagger-codegen, a code generator for the OpenAPI specification, aka Swagger.

Blasphemy! Godless malware preys on nearly 90 percent of Android devices

Blasphemy! Godless malware preys on nearly 90 percent of Android devices

Godless, an emerging mobile malware threat capable of rooting Android phones, has started to adopt the traits of an exploit kit, in that it searches for multiple vulnerabilities through which it can automatically infect a victim.

ICYMI: GDPR and fines, ICO and TalkTalk and GCHQ and bulk data

ICYMI: GDPR and fines, ICO and TalkTalk and GCHQ and bulk data

The latest In Case You Missed It (ICYMI) recalls GDPR ignorance, ICO somnolence, GCHQ song and dance, Guccifer arrogance and the many cases of basic lack of vigilance.

Chinese tech professional caught selling secrets

Chinese tech professional caught selling secrets

In the ongoing saga of Chinese-American economic espionage, a Chinese ex-IBM employee has been arrested for trying to sell source code and trade secrets to the Chinese government.

Necur botnet resurfaces with added ransomware

Necur botnet resurfaces with added ransomware

Dridex and Locky delivered to victims via compromised computers as the Necurs botnet, dark since late May, starts up again.

Darktrace boss says we are living in a "golden age of criminality"

Darktrace boss says we are living in a "golden age of criminality"

Darktrace's CTO, Dave Palmer, says that while ransomware is on the rise and law enforcement can do very little to help, we are living in a "golden age of criminality".

Many IT pros are still not sure what the EU GDPR means to them

Many IT professionals are still unaware of what the EU GDPR means to their organisation with 20 percent being oblivious to the possibility that a data breach could lead to fines of up to €30m (£23m) or four percent of annual turnover.

Conficker tops ranking of most common malware family

Conficker maintains its rank as the most common malware family, according to Check Point's May 2016 Threat Index.

Facebook chief Zuckerberg covers his webcam with tape - should you?

Facebook chief Zuckerberg covers his webcam with tape - should you?

A photograph of Facebook founder Mark Zuckerberg has been released showing tape being used to cover his MackBook Pro's webcam and microphone. The photo was uploaded to celebrate Instagram reaching 500 million users on Tuesday.

Email attacks targeting online networkers, says Intel's Samani

Email attacks targeting online networkers, says Intel's Samani

Raj Samani, CTO EMEA of Intel Security, has warned of the risks of employees networking online. As social networking sites contain a wealth of information on an organisation, they can be a treasure trove for criminals wanting to carry out email-based attacks.

DDoS it matter what motivates Lizard Squad?

DDoS it matter what motivates Lizard Squad?

Lizard Squad is best known for launching DDoS attacks against Microsoft Xbox Live and Sony PlayStation Network, and doing so 'for the lulz!' SC Magazine UK has been pondering whether the motivation actually matters?

CYBERCOM 'reluctant' to cut off Islamic State internet

CYBERCOM 'reluctant' to cut off Islamic State internet

The US Cyber-Command is hesitant to shut down the Islamic State's online capability, and with apparently good reason

Check Point tracks two waves of Cerber ransomware hitting US, UK

Check Point tracks two waves of Cerber ransomware hitting US, UK

A team of Check Point researchers has tracked two large waves of attacks using Cerber ransomware in the last few months, with more spikes in the number of incidents expected.

Pen testers discover mega vulnerabilities in Uber

Pen testers discover mega vulnerabilities in Uber

Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.

Video: Outlandish hacking demo shows how fragile cars can be

Video: Outlandish hacking demo shows how fragile cars can be

SCMagazineUK.com caught up with Pen Test Partners' Ken Munro at InfoSec 2016 to talk about how he recently hacked his own Mitusbishi Outlander Hybrid

No more pesky codes with Google's new and easy two-step verification

Google has introduced a new process that simplifies two-factor authentication for users to secure access to accounts and web-based services.

Cloud & DevOps World 2016: Cloud-services cheaper and more reliable than on-prem

Cloud & DevOps World 2016: Cloud-services cheaper and more reliable than on-prem

Nick Ioannou, head of IT for the Ratcliffe Groves Partnership, draws on his 26 years of experience in IT to claim using a combination of 26 different cloud based services means the company has IT power which could "compete with the big boys" in his industry.

Apple fixes memory corruption vulnerability in AirPort product line

Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products.

NSFOCUS receives Bounty Award for fourth consecutive year

For the fourth consecutive year, NSFOCUS has received the honour of the Microsoft Mitigation Bounty Award.

Five-fold rise in crypto-ransomware hits 718,000 users in a year

As if we didn't know it, ransomware is on the rise but Kaspersky Lab has produced statistics to benchmark just how bad the problem is getting.

GCHQ sets out 'operational case' for bulk collection

GCHQ sets out 'operational case' for bulk collection

GCHQ has released a new document advancing the 'operational case' for bulk collection, arguing that fighting terrorism is only part of the picture.

Bitcoin phishing is easy, nearly risk free and on the rise

Bitcoin phishing is easy, nearly risk free and on the rise

Phishing attacks lead to rogue "bulletproof" hosting firm which has a history of hosting malware and other illegal content, researchers claim.

Cloud & DevOps World 2016: Sky CISO says staff training key to data governance

Cloud & DevOps World 2016: Sky CISO says staff training key to data governance

Sky's CISO and head of content protection, Philip Davies, explains why Sky's data governance strategy is focused on clear lines of communication throughout the organisation.

Updated: Apple reveals potential iOS security flaws in unencrypted kernel release

Updated: Apple reveals potential iOS security flaws in unencrypted kernel release

Apple has released an unencrypted version of its latest operating system for iOS 10, giving security researchers an unprecedented opportunity to scour the kernel for security flaws.

Rate of successful visual hacks in the UK is 87%

In the UK, the rate of successful 'visual hacks' — many achieved by viewing people's computer screens — was 87 percent. The worldwide average is 91 percent.

1.5m T-Mobile records likely exposed in Czech Republic

Customers are at risk of marketers using the data to approach them with unsolicited offers.

Sophisticated 'password attacks' continue, Citrix latest victim

Sophisticated 'password attacks' continue, Citrix latest victim

Hackers used login information to launch a "sophisticated password attack" to login to Citrix's GoToMyPC user accounts, according to a company blog post.

China's economic cyber-espionage drops dramatically, sharpens focus

China's economic cyber-espionage drops dramatically, sharpens focus

FireEye's new report assesses the fluctuations in Chinese cyber-activity since Barack Obama and Xi Jinping's momentous talks on intellectual property theft last year.

GoToMyPC, but not until you reset your password

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

40% of UK workers prefer to keep their data stored in the EU

British workers prefer putting their trust in a European Union (EU) state to store their data (40 percent) rather than their own country (38 percent) or those from outside the EU (22 percent).

Commons committee lambasts ICO for lack of TalkTalk report

Commons committee lambasts ICO for lack of TalkTalk report

The Culture, Media and Sport Committee report on cyber-security opened with criticism of the ICO and then moved on to recommendations for escalating the visibility of cyber-security within organisations.

US gov vulnerability disclosure requires oversight, says new report

US gov vulnerability disclosure requires oversight, says new report

A new report has called for greater accountability and oversight in the way the government reports the software vulnerabilities that it discovers.

APT group exploits zero-day Flash exploits to hack enterprises

APT group exploits zero-day Flash exploits to hack enterprises

The ScarCruft group have left victims all over the world by using a previously unknown zero-day vulnerability in the Adobe Flash Player, according to Kaspersky Lab which has dubbed the attack Operation Daybreak.

46% of Brits prefer to give up the gym instead of internet connection

Almost half (46 percent) of UK consumers would sacrifice their membership to the gym instead of their internet connection.

Stolen credentials used to breach GitHub accounts

GitHub reported on 14 June someone launched a campaign to access several GitHub.com accounts using stolen login credentials.

New RAA ransomware written in JavaScript discovered

New RAA ransomware written in JavaScript discovered

A new variety of ransomware called RAA has been discovered that has the somewhat unusual attribution of being coded in JavaScript instead of one of the more standard programming languages making it more effective in certain situations.

Unauthorised access leads to data breach of Acer's e-commerce site

Acer has suffered a data breach in its online store. Users that accessed its e-commerce site between 28 April 2016 and 12 May 2016 may have had their information compromised due to unauthorised access of a third party.

Microsoft unveils "Project Bletchley" secure blockchain framework

Microsoft unveils "Project Bletchley" secure blockchain framework

Project Bletchley has been introduced by Microsoft and will use blockchain to secure financial transaction history and protect against fraud

'Guccifer 2.0' claims glory for DNC Hack, more documents leaked.

'Guccifer 2.0' claims glory for DNC Hack, more documents leaked.

A hacker named Guccifer 2.0 has come out to claim responsibility for the recent hack on the Democratic National Committee

'Hidden' data found in 92% of interactions with UK companies

'Hidden' data found in 92% of interactions with UK companies

Ground Labs have identified tonnes of data left lying around, and many UK organisations unaware of what that means for the incoming GDPR

Hacker pleads guilty after stealing PII on US soldiers, fed employees for ISIS

In a first of its kind case, an ISIS-linked hacker pleaded guilty to providing material support to a designated foreign terrorist organisation.

Has ransomware become the Chicken Little of the security industry?

Has ransomware become the Chicken Little of the security industry?

That ransomware is a problem cannot be doubted. Whether the current level of media coverage, fuelled by vendor press releases, is doing more harm than good is more open to debate..

30% of UK councils victimised by ransomware in 2015

Councils in the UK are being held to ransom by cyber-criminals attempting to collect profitable financial rewards.

Siemens update advised following US CERT advisory

Siemens update advised following US CERT advisory

Updates are available following US Computer Emergency Response Team (CERT) issuing advisory warning of "weakly protected" credentials in Siemens SIMATIC WinCC flexible industrial control system.

Russian police to target credit-card credential thieves

Russian police to target credit-card credential thieves

Russia is planning to find ways to fight cyber-criminals specialising in the theft of bank-card personal data.

Developing: Mossack Fonseca IT worker arrested

Developing: Mossack Fonseca IT worker arrested

An employee in the IT department of Mossack Fonseca, recently the subject of a massive leak, has been arrested in Geneva sparking suspicion that this may have been 'the inside man'

Infosec 2016: While cybercriminals cooperate, cops and businesses stumble

Infosec 2016: While cybercriminals cooperate, cops and businesses stumble

While cyber-criminals work together, businesses and law enforcement have a harder time doing so.

Hacker posts gay porn on IS social in retaliation for Orlando

Following the Orlando tragedy, an Anonymous hacker hijacked the Twitter accounts of ISIS supporters and flooded their profiles with gay porn.

IBM & Ponemon study: Data breach costs rising, now £2.8 mil per incident

IBM Security today announced the results of a global study which found that the average cost of a data breach for companies surveyed has grown to £2.8 million, representing a 29 percent increase since 2013.

Ransomware created using only JavaScript discovered

Ransomware created using only JavaScript discovered

Security researchers have unearthed new ransomware that has been created only using JavaScript.

InfoSec 2016: Mikko Hypponen says SWIFT heists 'never seen before'

InfoSec 2016: Mikko Hypponen says SWIFT heists 'never seen before'

Mikko Hypponen undressed the recent SWIFT affiliate heists at Infosec 2016

TalkTalk TeamViewer users in remote-control hijack 'PC seizure'

TalkTalk TeamViewer users in remote-control hijack 'PC seizure'

TalkTalk confirms that firm does not use TeamViewer, while TeamViewer confirms position of innocence -- problem still exists, move your mouse if you're in a panic.

Report identifies path from online gaming to cyber-criminality

Report identifies path from online gaming to cyber-criminality

Online gaming can become a gateway into cyber-criminality for vulnerable young people, according to a report from CREST and the NCA which recommends strategies for diverting gamers into more socially useful activities.

Russian hackers access Trump files in DNC hack

Russian hackers access Trump files in DNC hack

Russian government hackers apparently broke into the Democratic National Committee (DNC) computer system and accessed the party's entire database on Republican candidate Donald Trump.

IT pros are not sure how to properly secure their IoT devices

While most IT professionals acknowledge the growing amount of IoT devices on their networks, they are unaware of how to properly secure them.

Online travel fraud increases worldwide during summer months

Along with the significant worldwide increase of mobile transactions for the booking of flights, hotels and rental cars during the summer months, fraudulent activity against online travel companies go up as well.

Russian banker trojan 'Lurk' flies under radar, picked up by researchers

Kaspersky Lab researchers spotted a unique Russian banker trojan, dubbed "Lurk" targeting various industries.

Microsoft acquisition of LinkedIn raises privacy questions

Microsoft acquisition of LinkedIn raises privacy questions

While Microsoft's £18.6 bil ($26.2 billion) acquisition of data-rich LinkedIn will enhance business, the company has not yet said how it plans to protect the privacy of personal data of LinkedIn members.

Unlimited size message vulnerability found in Telegram

Unlimited size message vulnerability found in Telegram

Two researchers have found a rather annoying exploit in the Telegram encrypted communications app

UK firms unaware on impact of GDPR taking effect in T-minus 2 years

Most (82 percent) of the UK's small and medium sized businesses (SMEs) have not heard of or are unsure about the impact of the GDPR taking effect in under two years.

DNS attacks cost businesses more than £702K

DNS attacks are costing businesses more than $1 million (£702K), however 25 percent of organisations still are not implementing any kind of basic security software

ISIS radicalises 'lone wolves' through strong social media presence

ISIS radicalises 'lone wolves' through strong social media presence

The recent tragedy at the Orlando nightclub has perhaps given new meaning to a report by ICIT on how radical groups like IS use social media to radicalise potential recruits

North Korea prepared for massive cyber-attack on South Korea

South Korean law enforcement officials said North Korea spent two years hacking into more than 100,000 computers as a prelude to a nationwide cyber-attack.

Video: ISC(2) CEO David Shearer says APAC suffers from same cyber-skills gap

Video: ISC(2) CEO David Shearer says APAC suffers from same cyber-skills gap

ISC(2) CEO David Shearer says APAC suffers from same cyber-skills gap despite putting out more qualified STEM majors.

New device can allegedly clone 15 contactless bank cards a second

New device can allegedly clone 15 contactless bank cards a second

The Daily Star newspaper is reporting that a new device has surfaced online which has the ability to clone 15 contactless bank cards a second.

Vawtrak malware updated to break tools used by researchers

A new version of banking malware includes updates that break tools typically used by security researchers to analyse the Vawtrak trojan.

Intel looks at stopping hackers and malware at the processor level

Intel looks at stopping hackers and malware at the processor level

Plans are being hatched to prevent return-oriented programming attacks on memory flaws

Windows zero day devalued as supply and demand takes hold, experts speculate

Windows zero day devalued as supply and demand takes hold, experts speculate

Market forces are beginning to have an effect on zero days, evidenced by a new drop in the price of a significant zero-day.

Ipswitch survey says 'intelligent' systems already affecting business

Ipswitch survey says 'intelligent' systems already affecting business

Security company Ipswitch has released new research which has shown that intelligent systems are coming fast but businesses are ill equipped to protect themselves from them.

36% of organisations have no cyber-attack response plan in place

An alarming 36 percent of businesses have yet to develop a cyber-attack response plan.

Researchers find exploit affecting Microsoft's BITS

Researchers discovered an exploit against Background Intelligent Transfer Service, a component of Microsoft's Windows 2000 that is used to transfer files asynchronously between a client and a server.

Teslacrypt RIP: Cisco Talos decryptor on the job

Cisco Talos stated today that it has a Teslacrypt decryptor tool up and running and ready for download that will work against any variant of this ransomware.

75% of cloud apps are not compliant with the EU GDPR

Three quarters (75 percent) of cloud apps are not GDPR-ready as they lack key capabilities to ensure compliance. 11 percent of enterprises have sanctioned apps laced with malware, indicating that cloud apps are a growing and vulnerable threat vector.

Hackers shift to Neutrino exploit kit to spread CryptXXX ransomware

Hackers shift to Neutrino exploit kit to spread CryptXXX ransomware

Change of tactics from cyber-criminals may be an attempt to bypass signature detection and improve infection performance.

InfoSec 2016: How to manage huge risk of privileged insiders

InfoSec 2016: How to manage huge risk of privileged insiders

In the drive to increase efficiency, organisations have outsourced many 'non-core' functions so how can they mitigate the information risks of using third-party IT suppliers?

Skype being used to distribute malware

Skype being used to distribute malware

Skype is being used to distribute QRAT malware to unsuspecting travellers looking for help on filling out US, travel documents.

Breached perimeter defences ruin security confidence for most ITDMs

Most organisations do not possess confidence in their ability to protect data after experiencing a data breach. One third have experienced a data breach in the past year.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US