Jetty web servers vulnerable to Heartbleed-style attacks

Jetty web servers vulnerable to Heartbleed-style attacks

A critical flaw found on open-source Jetty HTTP web servers could - if left unpatched - lead to hackers hijacking internet sessions and stealing sensitive data.

Banking Trojan 'Vawtrak' spotted in the wild

Banking Trojan 'Vawtrak' spotted in the wild

Banking Trojan 'Vawtrak' has been spotted in the wild, and it's 'much improved' compared to a year ago.

Lizard Squad downs DNS registrar, hacks Lenovo website

Lizard Squad downs DNS registrar, hacks Lenovo website

Less than a week after the discovery of the pre-installed Superfish bloatware on Lenovo laptops, the company's website has been hacked, believed to be by the Lizard Squad.

Global phone firm Gemalto confirms likely GCHQ/NSA attacks

Global phone firm Gemalto confirms likely GCHQ/NSA attacks

European SIM card supplier Gemalto, which supplies billions of phone cards and services to operators like Vodafone and Verizon, has confirmed it was "probably" hacked by spies from GCHQ and America's NSA.

18 of 25 top vulnerable mobile apps remain unpatched

The McAfee Labs Threats Report: February 2015 demonstrates how failure to patch is leaving mobile apps exposed to SSL vulnerabilities.

FBI offers US$ 3m bounty for Gameover Zeus kingpin

The FBI is offering a US$ 3 million (£1.93 million) reward for information that leads to the arrest of Russian hacker Evgeniy Mikhailovich Bogachev, who is accused of being behind the Gameover Zeus botnet.

UK's NCA leads Europol take-down on Ramnit botnet

UK's NCA leads Europol take-down on Ramnit botnet

The National Crime Agency has led its latest major malware take-down, clubbing together with Europol's European Cybercrime Centre (EC3), private sector and CERT-EU to disrupt the widely-spread Ramnit botnet

More NSA calls for backdoors

More NSA calls for backdoors

Industry reaction to renewed calls for technology backdoors by government agencies has been predictably negative.

Facebook privacy policy 'breaking EU law'

Facebook's revised data privacy policy is breaking European law, according to an analysis carried out by a Belgian privacy watchdog.

Telegram encryption undermined, 'no better than SSL'

Telegram encryption undermined, 'no better than SSL'

Mobile app Telegram's end-to-end encryption security credentials are questioned after researcher accesses plain-text messages.

EU Council urged: Get internet giants to hand-over encryption keys

EU Council urged: Get internet giants to hand-over encryption keys

The European Council is being encouraged to consult with internet companies to find a way around encryption in order to stop terrorists. But, at the same time, the EU Parliament continues to review how NSA's spying impacts upon the privacy of citizens.

Son of Superfish, Lenovo bloatware variants start to surface

Son of Superfish, Lenovo bloatware variants start to surface

There are as many as a dozen variants of the Superfish bloatware found last week on Lenovo laptops, it has been discovered.

Secret NSA/GCHQ unit 'hacked Gemalto, stole SIM encryption keys'

Secret NSA/GCHQ unit 'hacked Gemalto, stole SIM encryption keys'

A secret division of NSA and GCHQ hackers reportedly hacked into Gemalto's networks, breached the firm's SIM card database and stole private encryption keys from 2010 to 2011, enabling the agencies to monitor a "large portion of the world's cellular communications."

BadUSB malware could be used to infect ICSs

BadUSB malware could be used to infect ICSs

BadUSB malware could be used to manipulate industrial systems, says one security researcher.

FireEye roasts Apple crumble over revived iOS Masque attack

FireEye roasts Apple crumble over revived iOS Masque attack

Researchers at network threat prevention company FireEye have uncovered a revived iOS Masque Attack, a vulnerability that originally surfaced in November 2014.

Social engineering the new norm for hackers, nation-states

Social engineering the new norm for hackers, nation-states

McAfee's new 'Hacking the Human Operating System' whitepaper focuses on the use of social engineering to attack home and business users, and finds once again that people are the weakest link.

Pre-installed Lenovo adware hijacks TLS/SSL encryption

Pre-installed Lenovo adware hijacks TLS/SSL encryption

Lenovo's consumer laptops ran pre-installed adware/malware which could be used to intercept and hijack encrypted SSL/TLS web sessions.

RBS and NatWest to let mobile customers sign-in with biometrics

RBS and NatWest to let mobile customers sign-in with biometrics

The gradual shift to biometric authentication continues with the news that two UK banks will allow customers to sign-in to their accounts by using Apple iPhone's fingerprint recognition technology.

After Carbanak, bank CEOs fear cyber-attacks will harm business growth

After Carbanak, bank CEOs fear cyber-attacks will harm business growth

Just days after the world's "biggest-ever online heist", a new study reveals that bank CEOs are concerned cyber-risks will harm business growth.

Huge spam campaign drops Trojan on UK bank customers

Huge spam campaign drops Trojan on UK bank customers

A huge spam campaign has been installing the Dyreza banking Trojan on tens of thousands of UK computers, specifically targeting those with accounts at major banks.

Is NSA 'World's most advanced threat actor' revealed by Kaspersky?

Is NSA 'World's most advanced threat actor' revealed by Kaspersky?

Equation Group, the most advanced threat actor yet seen according to Kaspersky, may be the NSA.

US President Obama calls for cyber-security collaboration

US President Obama calls for cyber-security collaboration

The US government and the IT industry continue to lock horns over encryption, despite the US president's plea for greater co-operation between government and vendors.

Under-fire Google tweaks bug disclosure policy

Under-fire Google tweaks bug disclosure policy

After stinging criticism from Microsoft and others over how and when it reported zero-day flaws, Google has changed its vulnerability disclosure policy.

Royal Navy under threat from cyber-attacks

Royal Navy under threat from cyber-attacks

The Royal Navy is under an increasing danger of cyber-attack and the government should ramp up training to deal with the threat.

European banks getting targeted by malware

European banks getting targeted by malware

At least one in twenty devices used by the customers of major European banks is riddled with malware, according to new claims from one security company.

Demo hack shows how to crash a plane; air cyber-security being improved

In separate developments, a demo hack in Amsterdam shows how to crash a plane, while the US Federal Aviation Administration seeks to improve air cyber-security.

Ukrainian government to counter cyber-attacks

Ukrainian government to counter cyber-attacks

Ukraine has draw up a new state strategy for IT security following wholesale breaches of the government's online presence.

UK named and shamed as Europe's worst country for data breaches

UK named and shamed as Europe's worst country for data breaches

Over one billion records were compromised last year as data breaches became a regular occurrence, especially in the UK, according to a new report.

UK trials driverless cars amid security concerns

UK trials driverless cars amid security concerns

The UK government is spending £19 million on trialling driverless cars across four major cities, but the news has been met with some caution by experts warning of liability and security issues.

Visitors to Forbes news site hit by 'Chinese hackers'

Visitors to Forbes news site hit by 'Chinese hackers'

Cyber-spy group exploited two Adobe and Internet Explorer zero-days to infect one of the world's most popular websites, say researchers.

Iran and North Korea: The new kids on the (cyber-warfare) block

Iran and North Korea: The new kids on the (cyber-warfare) block

North Korea and Iran are the new players among at least 39 with military cyber-space operations, according to a new report.

Face to Facebook

Face to Facebook

As DeepFace facial recognition rolls out on Facebook its still unclear exactly what the privacy implications may be.

US government to create cyber-intelligence agency

US government to create cyber-intelligence agency

The Obama administration is expected to announce a new intelligence agency charged with sharing intel on cyber-attacks, in the wake of high-profile data breaches at Sony and Target.

EU Parliament blocks Microsoft Outlook apps over privacy fears

EU Parliament blocks Microsoft Outlook apps over privacy fears

The European Parliament has reportedly become the latest organisation to block members from using Microsoft's new Outlook apps because of "serious security issues".

Not so smart: Samsung's web-connected TVs capture conversations

Not so smart: Samsung's web-connected TVs capture conversations

Samsung's latest line of internet-connected 'smart' TVs capture conversations through its Voice Recognition software, before sending this information onto third-parties.

Security 'attitude' depends on corporate personality

Security 'attitude' depends on corporate personality

Management style and geographic location are key influencers on companies' approach to cyber-insurance, finds new report.

BMW ConnectedDrive flaw exposes 2 million cars to remote unlocking

BMW ConnectedDrive flaw exposes 2 million cars to remote unlocking

A German motoring organisation has highlighted a weakness in BMW's ConnectedDrive technology, a flaw that could lead to unauthorised users being able to open the vehicles.

GCHQ internet spying was illegal, rules secret court

GCHQ internet spying was illegal, rules secret court

The UK's Investigatory Powers Tribunal (IPT) has ruled that the information sharing between the NSA and GCHQ was unlawful up until December 2014.

Experts weigh in on Anthem breach, speculate on how attackers broke in

Experts weigh in on Anthem breach, speculate on how attackers broke in

Experts are speculating that attackers exploited a vulnerability in Anthem's IT system, or obtained credentials via social engineering.

Prolific espionage group returns with iOS spyware

Prolific espionage group returns with iOS spyware

A prolific cyber-espionage group has been actively targeting politicians, journalists, military and other entities by using spyware against Apple iOS devices.

DDoS increasingly used in advanced cyber-attacks

DDoS increasingly used in advanced cyber-attacks

Two new reports chart the increasing complexity and strength of DDoS attacks, which researchers say are now used in wider, more advanced cyber-attacks.

Sony's 'small' spend on breach remediation - but are Russians inside network too?

Sony's 'small' spend on breach remediation - but are Russians inside network too?

Sony Pictures Entertainment has spent around US$ 15m (£9.87m) on investigating and remediating last year's data breach, which saw hackers steal terabytes of data.

Internet Explorer XSS flaw opens door to thieves and phishers

Internet Explorer XSS flaw opens door to thieves and phishers

A critical new cross-site scripting (XSS) flaw affecting fully-patched versions of Internet Explorer 11 on Windows 7 and 8 could make users vulnerable to phishing and malvertising attacks, as well as data and log-in credential theft.

How vulnerable is satellite broadband?

How vulnerable is satellite broadband?

Cyber communications are vulnerable to both cyber-attack and kinetic attacks on physical infrastructure, with satellites potentially at risk says new report.

National Control Centre designed to ensure Russian IT security

National Control Centre designed to ensure Russian IT security

A new National Control Centre of Defence is intended to combat cyber-threats targetting Russia and its governmental websites.

Europol plans more malware 'takedowns'

Europol plans more malware 'takedowns'

Europol agency EC3 is partnering with Zeus and CryptoLocker threat specialist AnubisNetworks, as it bids to make take-downs more successful.

Europol cyber-crime chief becomes Barclays CISO

Europol cyber-crime chief becomes Barclays CISO

Troels Oerting, the director of Europol's European Cyber Crime Unit (EC3), has left his post to become Group CISO at Barclays Bank.

British army unit to tackle web-enabled warfare

British army unit to tackle web-enabled warfare

A new British army brigade comprising military personnel and civilians will use psychological operations (psyops) and social media to engage in "non-lethal warfare".

Skype hackers breach Syria battlefield intelligence

Skype hackers breach Syria battlefield intelligence

An unspecified cyber-espionage group has reportedly used Skype and social media to steal battle plans belonging to opponents of Syrian president Bashar Al-Assad according to a report issued by FireEye.

Up to 100K Archos customers compromised by SQL injection attack

Up to 100K Archos customers compromised by SQL injection attack

French smartphone maker Archos was compromised by a SQL injection attack last Christmas, resulting in the leak of up to 100,000 customer details. But fortunately, passwords and credit card details were not stolen.

ENISA launches cloud certification framework

ENISA launches cloud certification framework

The European Union has introduced a new scheme to help customers negotiate the security minefield when buying cloud services.

New EU data protection law to arrive in 2015

New EU data protection law to arrive in 2015

The European Union has indicated that the widely-awaited General Data Protection Regulation (GDPR) will come to fruition before the end of the year.

UK lawyer warns of cyber-insurance loopholes

UK lawyer warns of cyber-insurance loopholes

A leading UK lawyer has said that cyber-insurance can play a part in a business cyber-security strategy, so long as the risks are understood.

Ghostbusting in the 'critically' vulnerable Linux machine

Ghostbusting in the 'critically' vulnerable Linux machine

Whose afraid of GHOSTs? Disagreement over potential risks of new Linux vulnerability, but layered defence is recommended.

NHS data privacy plans 'flawed'

NHS data privacy plans 'flawed'

Big Data analysis allows identification of individuals via anonymised data.

Google in no rush to patch Android Wi-Fi Direct flaw

Google in no rush to patch Android Wi-Fi Direct flaw

Security researchers have discovered a denial-of-service (DoS) vulnerability in Wi-Fi Direct which affects various Android devices. But Google is in no rush to issue a patch.

UK start-ups look to cash in on cyber-security

UK start-ups look to cash in on cyber-security

As news breaks of the UK's first accelerator for cyber-security start-ups, experts say that local firms could take advantage of a worldwide trend - being safe online.

QWERTY keylogger claimed to link Regin malware to NSA

QWERTY keylogger claimed to link Regin malware to NSA

QWERTY module from Snowden linked to Regin, strengthening case for NSA origin.

Infosec teams unprepared for new EU data protection laws

Infosec teams unprepared for new EU data protection laws

More than a third of IT security teams are unprepared for the EU's two incoming data protection laws, according to a new study from FireEye.

UK government extends Cyber Essentials to charities

UK government extends Cyber Essentials to charities

The UK government has partnered with the IASME consortium and the Give01Day not-for-profit organisation to offer Cyber Essentials certification to UK charities to help them keep safe online.

Will OpenDaylight 'Lithium' release be safe or bipolar?

Will OpenDaylight 'Lithium' release be safe or bipolar?

OpenDaylight's troubles highlight the problems with security in the open source world ahead of Lithium release.

Estonia President wants China and Russia to help fight cyber-crime

Estonia President wants China and Russia to help fight cyber-crime

The Estonian president says that international collaboration is vital to fighting back against cyber-criminals.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US