Robin Who? Dridex botnet replaced with antivirus software

Robin Who? Dridex botnet replaced with antivirus software

A mysterious Good Samaritan has replaced the code on certain parts of the villanous Dridex botnet with Avira Anti-virus installers.

Clean house to keep WordPress infection from coming back again and again

Clean house to keep WordPress infection from coming back again and again

Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.

Thunderstrike 2 creators join their one-time target Apple

Apple has brought on board two security researchers who previously worked to develop the infamous Thunderstrike 2 worm.

Report notes shift from individual cyber-crims to skilled adversaries

Report notes shift from individual cyber-crims to skilled adversaries

A new report from threat-intelligence experts Crowdstrike has highlighted the continuous shift from individual cyber-criminals and cyber-gangs to skilled adversaries such as governments and large organisations.

DayZed and confused: users' data purloined from zombie server

DayZed and confused: users' data purloined from zombie server

Users of the DayZ zombie shoot 'em up have been informed by the developer that their passwords and messages have been stolen by hackers.

ICYMI:; Backdoor concerns; TalkTalk losses; EBay exploit; Safe-Harbour 2; Malwarebytes flaw

ICYMI:; Backdoor concerns; TalkTalk losses; EBay exploit; Safe-Harbour 2; Malwarebytes flaw

The latest In Case You Missed It (ICYMI) looks at; Investigatory Powers Bill; TalkTalk woes continue; EBay exploit unfixed; EU-US Privacy Shield agreed; Malwarebytes apologises for flaw.

IP theft is 'most damaging' cyber-crime for UK businesses

Due to a failure to protect valuable data, businesses are leaving themselves exposed to unnecessary levels of risk.

UK school awareness on secure logins is lacking

A UK school technology supplier has committed to providing secure logins for a service used by many schools.

UN panel: Assange in "arbitrary detention" in Ecuador's embassy

A United Nations panel declared that the past three-and-a-half years that Julian Assange spent in Ecuador's embassy in the UK were effectively an "arbitrary detention", as the WikiLeaks founder fights extradition to Sweden.

DMA Locker's encryption may be weak but its flaws are dangerous

An amateurish ransomware known as DMA Locker could crash while encrypting files, leaving users confused as to why their machines aren't operational.

Australian SMBs must comprehend cyber-security as much as finance

Every day cyber-criminals are benefiting from Australian SMBs that are uneducated and unwilling to properly protect their data.

Researchers spot bugs in toys that could expose personal data

Researchers spot bugs in toys that could expose personal data

Researchers at Rapid7 discovered vulnerabilities in Fisher-Price's Smart Toy and hereO's GPS platforms that could expose user data.

End of days: Are we on the verge of a DDoS Armageddon?

End of days: Are we on the verge of a DDoS Armageddon?

High profile attacks backed by ever-growing firepower are pointing to an arms race in DDoS attacks. Are we heading for a doomsday scenario?

Costs of TalkTalk breach amount to £60m

TalkTalk has revealed that the October data breach has cost the firm up to £60m, resulting in the loss of over 100K customers.

Researchers spot trojan targeting dozens of Google Play games

Researchers spot trojan targeting dozens of Google Play games

Researchers at Dr. Web spotted the Android.Xiny.19.origin trojan incorporated into more than 60 games in the Google Play Store.

Russia to spend $250m strengthening cyber-offensive capabilities

Russia to spend $250m strengthening cyber-offensive capabilities

Russia fires a warning shot across the US bows in response to the 'US offensive cyber-threat,' saying that it does not lag behind the US when it comes to cyber-technology, noting that its hackers are among the best.

EC wants to crack down on virtual currency exchanges

EC wants to crack down on virtual currency exchanges

Crypto-currencies like Bitcoin may not be as anonymous as they once were as the European Commision announces its intention to regulate the virtual currency exchanges that, the Commission says, aid terrorist financing.

European business people take most risks with mobile security

European business people are more prone to malware attacks through their smartphones than children and millennials.

Local government must be part of national cyber-security 'ecosystem'

A provider of IT infrastructure has called for central government to include local government more in mapping out national cyber-security policies.

Researchers spot macro malware used to spread Neutrino

Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot via spearphishing emails.

New security tool to mask your face available on Ashley Madison

For anyone wanting to remain anonymous, Ashley Madison is now allowing its users to add a mask to their profile picture with a new security tool called discreet photo.

New research reveals 71 percent of UK organisations not cyber-resilient

New research reveals 71 percent of UK organisations not cyber-resilient

Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.

Hackers claim to post 250gb of NASA data on the internet

Hackers claim to post 250gb of NASA data on the internet

US space agency denies it has a problem as AnonSec claims to have easily guessed passwords for devices once they had breached the perimeter.

EU-US Safe Harbour agreed - for now

EU-US Safe Harbour agreed - for now

A last minute agreement on EU-US Safe Harbour transatlantic data transfers has been announced, but civil liberties objections are expected by those who believe initial concerns are not fully addressed.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Spies R Us - GCHQ trains next gen hackers

Year 9 students will attend a Smallpiece Trust course, supported by GCHQ, to learn the latest cyber-security technology and techniques.

Hanom1960 breaches and leaks data from Colombian government sites

A new South American hacker and LulsZec member, Hanom1960, has breached Colombian government websites.

Linux and Windows impacted by new backdoor-installing malware

Researchers at SecureList have uncovered a new family of backdoors for Linux and Windows.

BlackEnergy now using Word documents

BlackEnergy now using Word documents

Kaspersky Lab had discovered several new developments in the ongoing BlackEnergy Saga

What's all this then? America's largest police union hacked

What's all this then? America's largest police union hacked

Security researcher, CthulhuSec has released a data dump of thousands of internal files from America's largest police union handed to him by an unknown hacker.

Lincolnshire county council resolves ransomware restlessness

Lincolnshire county council resolves ransomware restlessness

Lincolnshire county council is back up and running after having been infected with ransomware last week.

Snap vulnerability in LG G3 Android phones leave users at risk of data theft

Snap vulnerability in LG G3 Android phones leave users at risk of data theft

Users urged to apply patch to Android vulnerability as soon as possible.

Android ransomware threatens to expose browser histories

Crooks have developed a strain of Android ransomware that threatens to expose a user's browsing history.

Rough start of the week for the Home Office

Rough start of the week for the Home Office

Dubbing Theresa May's Investigatory Powers Bill as 'confusing', MPs in the science and technology committee released a report which says firms are fearing a rise in hacking due to encryption 'back doors'.

ISIS/Daesh 'Cyber-Caliphate' migrating to new communications platform

Cyber-Caliphate announced in a post on its Telegram account on Friday that the jihadi hackers would migrate communications to Threema.

Phishing scheme mimics iCloud to activate stolen iPhones

Researchers at Malwarebytes have spotted thieves using a phishing scheme to unlock stolen iPhones.

TalkTalk loses 250,000 customers post-breach - now supplier scam too

TalkTalk loses 250,000 customers post-breach - now supplier scam too

Talk Talk has lost seven percent of its broadband customers since its data breach, and in India arrests have been made as part of an investigation into phone scams targeting TalkTalk customers.

HSBC DDoSed

HSBC DDoSed

Banking giant HSBC's online banking portal has been taken by a large DDoS attack, just a couple of days before taxes are due in.

Israeli Electricity Authority was hit by ransomware, power grid not affected

Israeli Electricity Authority was hit by ransomware, power grid not affected

Yuval Steinitz, Israel's energy minister reported Israel's Electricity Authority, the regulator of the actual Israeli power company, was hit by a 'severe' cyber-attack. The power grid itself not affected in any way.

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye report identifies iOS security storm-in-a-tea-cup

FireEye researchers have released a report which details potential security issues with software used to dynamically patch iOS apps.

The Power of Privacy: review

The Power of Privacy: review

The Guardian and Silent Circle have teamed up to bring 'The Power of Privacy',a look at the world of cyber-security and the future of our data.

ICYMI: €50 m cyber-fraud; Codoso back; MS/US gov clash; Adultery extortionists; Apple's encryption key

ICYMI: €50 m cyber-fraud; Codoso back; MS/US gov clash; Adultery extortionists; Apple's encryption key

The latest In Case You Missed It (ICYMI) looks at €50 m aeroplane cyber-fraud; Chinese cyber-espionage returns; MS resists US claim on data; Extortion of Ashley Maddison members; Apple iCloud Backup insecure.

GCHQ certified course to improve cyber-attack response and recovery

If they are to limit damaging effects, enterprises must prepare and equip themselves with the proper skills to react to and prevent cyber-attacks.

Lincolnshire County Council shuts down after hit by ransomware

Lincolnshire County Council had to turn off all network computers yesterday after being hit by ransomware on 300 of the staff's computers.

Mozilla patches 11 issues with Firefox, three rated critical

Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.

2015 was Data Protection Awareness Year

2015 was Data Protection Awareness Year

With the General Data Protection Regulation (GDPR) looming over the cyber-security industry, this year's Data Protection Day has a certain resonance to it.

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

CISO salaries and demand for cyber-skills skyrockets, surprising no-one

Two new reports from recruitment company BeecherMadden have shown demand for cyber-skills to be rising massively with few able to meet that demand while CISO salaries are also going up.

Adrian Davis: Is the free market failing cyber-security?

Adrian Davis: Is the free market failing cyber-security?

Dr Adrian Davis of (ISC)2 spoke to SC about how cyber-security will affect all of our lives in the coming decade and how it can't be left up to the market to decide how.

Lucrative pay offered to hackers in India to work for ISIS

Hackers in India are being handsomely rewarded for taking on work for ISIS.

Has Lenovo lost the security plot?

Has Lenovo lost the security plot?

Less than a year after Superfish, Lenovo is making the security news once more for all the wrong reasons.

Zero-day affects Linux computers—and Android devices?

A zero-day bug in version 3.8 of Linux can potentially affect millions of Linux computers and servers as well as 66 percent of Android devices.

PayPal's business site vulnerable to remote code execution

PayPal's business site vulnerable to remote code execution

Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.

Gemalto reporting on a global lack of payment data security

Gemalto reporting on a global lack of payment data security

New research by the Ponemon Institute commissioned by Gemalto is showing there is a critical need for organisations to improve their payment data security practices.

Symantec detects 3500 servers infected with a malicious script

Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.

Malicious Chrome extension inundates users with annoying popups

A malicious Google Chrome extension forces users to install it via its irritating installation popups and then spies on browser histories and sends them to a remote server.

DDoS attacks on the rise - touching 500gbps

DDoS attacks on the rise - touching 500gbps

DDoS attacks are on the increase and getting bigger and more widespread, according to research released by Arbor Networks.

FIC 2016: Is security the main challenge of the Internet of Everything?

FIC 2016: Is security the main challenge of the Internet of Everything?

Christophe Jolly of Cisco France took the stage at FIC 2016 to outline the fundamental security problems in the looming "internet of everything".

Unencrypted web form and travel delays anger UK c2c rail commuters

Train travel via rail operator c2c in southeast England has recently become more of an annoyance for already angry commuters.

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

FIC 2016: Bernard Cazeneuve says 'do away with internal partitions'

Bernard Cazeneuve, France's minister of the interior, has called for greater cooperation between states, businesses and citizens in the fight against online radicalisation and cyber-crime.

New Magic ransomware abuses open-source 'educational' code

New Magic ransomware abuses open-source 'educational' code

Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computer's Lawrence Abrams.

Aeroplane part maker claims cyber-fraud cost it €50 million

Aeroplane part maker claims cyber-fraud cost it €50 million

An Austrian firm that supplies parts for Airbus and Boeing has admitted that it was the victim of cyber-fraud that cost the company €50 million.

Video: 'It's asymmetrical warfare' between the hackers and defenders

Video: 'It's asymmetrical warfare' between the hackers and defenders

Mushrooming numbers of BYOD and IOT devices is putting corporate networks at risk, says ForeScout CEO Michael DeCesare in an exclusive video interview.

Financial institutions will suffer from data breaches in other industries, says report

Financial institutions will suffer from data breaches in other industries, says report

Respondents to a new survey from FICO unanimously agreed: Data breaches this year in other industries will damage financial institutions.

Social media and tech giants must combat online extremism better

In the past year, Islamic State (IS), formerly ISIS/ISIL, has used social media and encrypted online platforms to recruit terrorists and promote propaganda content.

Magento issues fixes for 20 vulnerabilities, two rated critical

E-commerce content management provider Magento issued several patches to fix XSS vulnerabilities that could have injected a malicious JavaScript code into the company's online ordering form allowing the system to be taken over remotely.

Symantec reseller caught using Norton name in tech support scam

Malwarebytes discovered a tech support scam run by a member of Symantec's partner programme that not only sells its victims unnecessary tech support services, but also legitimate Norton products.

FIC 2016: The cyber-security arms race

FIC 2016: The cyber-security arms race

IBM's Jeff Penrose spoke at FIC 2016 on how law enforcement can win the 'cyber-security arms race'.

Strasbourg approves unified approach to digital single market

Strasbourg approves unified approach to digital single market

The European Parliament has approved its report, Towards a Digital Single Market Act, with cyber-security a major concern. We speak to Estonian MEP Kaja Kallas.

BlackBerry: police did not break our encryption

BlackBerry would like its users to know its phones are "as safe as they have always been" after reports that Dutch police are capable of reading encrypted BlackBerry messages.

UK privacy watchdog warns consumers that shops can track them

The UK's privacy watchdog warns that facial recognition software and handset identifiers broadcasted via Wi-Fi are allowing UK retailers to track and target their customers through their smartphones.

Chinese cyber-espionage group Codoso 'back in action'

Chinese cyber-espionage group Codoso 'back in action'

Palo Alto Networks is reporting that after a three month hiatus Chinese cyber-espionage group Codoso - which carried out the attack on Forbes.com - is back in action.

Cyber-police to deter cyber-attacks in Ukraine

Cyber-police to deter cyber-attacks in Ukraine

The Ukrainian police service has begun hiring officers to fill a new cyber-policing agency in cooperation with the US Department of Justice, according to the country's interior minister.

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Security firm goes full disclosure on mechanics of SSH issue and finds three more vulnerabilities

Microsoft and US government clash over Ireland-held cloud data

Microsoft and US government clash over Ireland-held cloud data

Microsoft has rejected a request by the US government to hand over data the software giant holds in Ireland, claiming that the data in question doesn't belong to the company and raising questions of data jurisdiction.

Hungarian government guilty of snooping on its citizens

Hungarian government guilty of snooping on its citizens

The European Court of Human Rights has found the Hungarian government guilty of violating article eight of the European Convention of Human rights: the right to privacy

Nest, other IoT devices, sent user info in the clear

Nest, other IoT devices, sent user info in the clear

Researchers at Princeton University's Center for Information Technology Policy (CITP) found security vulnerabilities in many of the most popular IoT devices that they looked at, including Google's Nest Thermostat.

Ashley Madison users threatened with extortion in letters

Since the Ashley Madison breach, some users of the infidelity service have received blackmail letters via the US postal system from extortionists threatening to blow their cover.

ICYMI: New PayPal spam; WEF top risks; Ukraine cyber-attack; OpenSSH vulnerabilities; IoT Doorbell flawed;

ICYMI: New PayPal spam; WEF top risks; Ukraine cyber-attack; OpenSSH vulnerabilities; IoT Doorbell flawed;

The latest In Case You Missed It (ICYMI) looks at a new type of PayPal spam, WEF names cyber-attacks as one of its top three threats, Ukraine suffers major cyber-attack on main airport, OpenSSH open to MitM attacks and the IoT doorbell that reveals its owners wifi key.

Dutch watchdog sues Samsung over lack of Android security updates

Dutch watchdog sues Samsung over lack of Android security updates

Consumer group in the Netherlands sends in the lawyers over Samsung's allegedly "poor software update policy for Android smartphones".

Nivdort trojan found in new Facebook phishing attack

The cyber-criminals who targeted WhatsApp users with malware may be behind a phishing scam that is now going after Facebook users, according to a new report.

Bridging the Linux security perception gap

Bridging the Linux security perception gap

A newly-discovered privilege-escalation vulnerability in the Linux kernel has once again opened the debate around just how secure the open-source operating system really is.

Attacks redoubled on Ukrainian power - but who is to blame?

Attacks redoubled on Ukrainian power - but who is to blame?

Slovakian IT security company, ESET, has discovered a new wave of attacks against Ukrainian critical industries, recalling the malicious power outages of the last few years.

House of Cards star fears Sony hack repeat

Having recently taken on the studio boss role at Relativity Studios, House of Cards star Kevin Spacey fears a hack similar to that of Sony Pictures will occur again.

DDoS attack disrupts Irish National Lottery

The Irish National Lottery website and ticket machines operations have been disrupted by a cyber-attack.

Android devices more susceptible to vulnerabilities, says new study

Android devices more susceptible to vulnerabilities, says new study

Some worrying trends were revealed in a new study by the Duo Labs team that analysed the state of security on Android devices.

Apple updates iOS, OS X and Safari

Apple released patches for iOS, OS X and Safari after Synack's Patrick Wardle demonstrated that it was still possible for attackers to bypass Apple's Gatekeeper program.

Bot fraud will net criminals $7.2bn from advertising budgets in 2016

Bot fraud will net criminals $7.2bn from advertising budgets in 2016

Advertisers are losing billions to ad-clicking botnets that generate fake traffic, according to a study by the Association of National Advertisers and security vendor White Ops.

Trustwave faces £280,000 lawsuit over "woefully inadequate" breach probe

Trustwave faces £280,000 lawsuit over "woefully inadequate" breach probe

Trustwave is facing yet another lawsuit from a gambling company who claims Trustwave failed to spot several pieces of malware when investigating a breach.

Cops aim to enlist volunteers in fight against cyber-crime

Cops aim to enlist volunteers in fight against cyber-crime

The Home Secretary has announced her plans to grant police forces powers to recruit expert volunteers with policing powers to help fight crime online.

Crackas strike again! Xfinity account of John Holdren is breached

The Xfinity account of John Holdren, senior advisor on science and technology to US president Barack Obama, has been breached.

Cyber-security threat could cause 'Fukushima-like disaster'

Cyber-security threat could cause 'Fukushima-like disaster'

A new report has warned of the dangers of bad cyber-security when it comes to nuclear power, handing out '0' ratings to tens of countries around the world and warning of a Fukushima-scale threat.

Princeton PhD candidate develops framework for measuring web privacy

Princeton PhD candidate develops framework for measuring web privacy

Steven Englehardt, a PhD candidate at Princeton University, unveiled his open source web measurement platform developed to allow for online tracking measurement.

Kernel bug allows full takeover of Linux devices

Researchers discovered a serious vulnerability in the Linux operating system kernel that could allow attackers to take full control of Linux devices, including PCs, Android phones and servers.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US