ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
Our roundup of top stories from this week, have a great weekend!
Tech companies are seeking to move their data centres out of the UK's jurisdiction to avoid any data privacy issues due to Brexit and the GDPR.
Most companies (90 percent) agree that identity and access management (IAM) is important to their company's digital transformation success.
Study reveals 48 percent of people will close accounts following a data breach.
One of Imperva's security researchers has warned of automated registration bots, says "they're great at concealing fraud."
A four-year long investigation by various multinational law enforcement agencies including Europol, the FBI and the US Justice Department, has brought down the international criminal infrastructure platform known as 'Avalanche'.
Cyber-criminals have updated a two-year old banking app scam that grabs control of a victim's smartphone, locks them out and then drains their bank account while the person struggles to regain control of their device.
Apple users over the last few weeks have reportedly been besieged with spam hitting their iCloud calendars in the form of unwanted invites, after cyber-criminals figured out that they could send their junk offers directly to recipients' iCloud accounts.
With reports of outages to customers of Post Office broadband and TalkTalk, the attack that that nearly a million Deutsche Telekom customers over the weekend appears to have made its way to the UK's shores.
A third of companies are not clear on what specific information is archived and stored in their tape storage, posing risk and high cost to their business.
Shamoon wiper malware has been spotted for the first time in four years, according to Palo Alto and Symantec
A Tor executive has confirmed that a zero-day vulnerability impacting Tor and Firefox has been spotted being used to execute malicious code, but it has been reported to Mozilla, according to ARS Technica.
Unprotected classified Europol files were linked to the internet and accessible via a hard drive found through Shodan
A newly discovered malware program that targets older versions of the Android OS has infected roughly 1.3 million Google accounts, currently breaching devices at a rate of 13,000 victims per day.
It's not that organised cybergangs are raking it in. It's more that a larger number of small operators are benefiting from automated services that can earn them an average of $2,000 (£1593) a month, according to a new report .
Researchers have confirmed that it was a variant form of Mirai that was used to try and turn nearly a million Deutsche Telekom customers routers into a botnet over the weekend.
Payment services firm put out patch to stop hackers stealing OAuth tokens but only after security researcher persisted in telling them the service was vulnerable.
The president of Germany's Federal Intelligence Service said he expects Russian cyberattacks to interfere with upcoming electoral processes across Europe, but particularly in Germany.
Sixty five percent of these social engineering attacks compromised employee credentials and 17 percent of these attacks breached financial accounts.
Criminals used a remote access trojan with keylogging capabilities rather than traditional point-of-sale malware.
Five-step approach identified by The Internet Society to address data breaches and increase online trust as it claims online trust is lower than ever before.
Camelot, operator of the UK's National Lottery, has cited possible password reuse as the reason for a breach of 26,500 of its user accounts.
The scholarships offered by Google and Bertelsmann are part of an initiative to boost digital skills.
Tesco Bank was allegedly warned of fraudsters using "Glitch 91" to steal money, and failed to protect its customers.
UK Government statistics claim 72 percent of large companies and 49 percent of SMEs in the UK are currently suffering the effects of the digital skills gap.
East African banks are on high alert as experts bring news of zero day attacks on the continent's banks.
Fancy Bear are continuing to target the western sports establishment, publishing a series of emails from inside the World Anti Doping Agency, illustrating a number of small allegedly scandalous details from inside the organisation.
Nearly a million customers of telecoms company Deutsche Telekom AG began experiencing network outages, possibly to due hacker sabotage.
Cyber-criminals are trading hundreds of thousands of xHamster porn account details on the digital underground.
ESET security researchers have created and released a free decryption tool to help combat Crysis ransomware.
Japanese Defence Ministry and Self-Defense Force (SDF) was targeted in September by a sophisticated cyber-attack, according to sources cited by The Japan Times.
Microsoft patches configuration hole that allowed hackers to upload software packages to its Azure update infrastructure.
Experts are claiming the Investigatory Powers (IP Bill) and Digital Economy (DEB) Bills could hurt the UK economy.
San Francisco's Municipal Transportation Agency was caught with a HDDCryptor Ransomware infection over the weekend, leaving the agency unable to sell tickets or charge customers for transport, unless they pay the hackers demands of 100 Bitcoin.
The European Commission was the victim of a DDoS attack this afternoon that blocked internet connectivity on-and-off for several hours.
YouTube appears to be the latest host of cybercrime advertising, as researchers unveil that they've found criminals advertising phishing kits on the video hosting site.
Now that the Investigatory Powers Bill has been passed, tech firms are looking for ways to offer customers ways to circumvent the spying associated with the law.
This week, A Blacknurse DDoS that can cripple with only one laptop, Facebook spam delivers Locky, ATM scammers, NSA's dark tower and two arrests after the three data breach.
A specially crafted webpage could hook a dangling pointer created by Google Chrome and Chromium's speech recognition API object and use it to access a block of memory on a user's machine.
Stampado ransomware was first spotted in the wild in July, but has spawned new variants capable of self propagating and re-encrypting files previously locked up by other ransomware, and all for a rock bottom price on the dark web.
Black Friday, the annual American-inherited discount day, has come around once again. Busting in with its cut-price retail goods and heightened tizzy of consumers looking for the best deals, so does the risk of fraud, cyber-attacks and cyber-crime shoot up like a 4th of July firework.
The US Navy announced today that the personal data of 130,000 of its enlisted men was accessed after a contractor's laptop was breached back in October.
While industry is starting to wake up to cyberthreats, is there too much noise to tell whats really threatening and whats benign?
Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organisation's five major venues during the last year.
Sensepost's CSO Charl Van Der Walt, addressed a crowd at the science museum yesterday to explain exactly what Russian warfare doctrine can tell us about protecting the enterprise.
Research has demonstrated that cyber-criminals could take control of Tesla vehicles, to the point where they can locate, unlock and drive the car away unhindered.
Scientists and activist have urged Hilary Clinton to challenge the recent presidential election outcome, claiming to have new evidence that voting machines in key states were hacked into.
The widespread and ever-evolving Cerber ransomware has upped its game as it targets enterprises with a new capability to encrypt database files.
UK's first National College of Cyber-Security will open on the site of Bletchley Park by 2018 as part of wide-ranging plans to nurture the country's brightest cyber-security talent.
Headphones plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.
A static code analysis of 12 commonly used WordPress e-commerce plug-ins found that at least four of them contained one or more high-risk vulnerabilities.
Large volumes of employees moving from job to job increases the number of employment records that must be retained by HR departments, stored securely and ultimately destroyed within a legally determined timeframe.
The BBC's Watchdog programme has revealed its investigation into food delivery app Deliveroo which has been sending food to criminals who are using stolen login credentials to get into accounts.
Coralie Mesnard, digital identity innovation manager, identified four distinct models of digital identity, crucial to future governance, at last weeks ISSE 2016
Security researchers at Malwarebytes have worked out how to extract the encryption key from TeleCrypt ransomware and build a tool for recovering scrambled files.
Nearly three-quarters of IT pros work unpaid overtime each week, with 34 percent working more than 15 hours extra.
The old adage that crime does not pay is not only applicable those cyber-criminals who are caught, but also to many of the victims of the Gatak Trojan who download it while attempting to gain access to pirated software.
The European Commission's European Banking Authority has detailed plans to heighten payment security, however payment provider worry this could greatly hamper usability.
Russia's state holding company for high-tech industrial products for the civil and defence sectors aims to create a unified cyber-defence centre.
Italy is measured and found wanting in a country report produced by the author of the Cyber Readiness Index 2.0 which aims to benchmark the major economies of the world.
Over the weekend two security researchers spotted a Facebook spam campaign delivering Nemucod as well as Locky ransomware
More than half of UK millennials are concerned about having their identity stolen online, or through mobile/app-based activities, with women more concerned than men by a margin of 65 percent.
An open port linked to remote management software on Eir's D1000 modem router can allow an attacker to take over consumers' networks.
Comodo Threat Research Labs has recently detected the "Gugi/Fanta/Lime" family of financial malware within the Russian economic sector.
Cyber-security firm Group IB has released a report on a group currently ransacking ATMs throughout Europe using malware which causes ATMs to spit out cash.
A security expert who hooked up an internet-connected surveillance camera for research purposes reported via Twitter on Friday that the device was compromised by IoT malware after just 98 seconds of being online.
Over a third of Brits are planning to gift an internet-connected device this Christmas. The two most popular gifts - smartphone/tablets and laptops - this year are also the two most easily and frequently hacked.
Subscribers to the hookup site Adult Friend Finder received notification of a massive hack, but only if they logged in.
The BlackNurse Denial of Service attack uses carefully crafted ICMP messages to clog up firewalls with traffic they can't ignore.
White hat hackers invited to squash bugs in processors from chip vendor Qualcomm in a bid to fix the "Achilles Heel" of the IT industry.
Market for software vulnerabilities grows in Russia, security services deny involvement.
President-elect Trump has tapped Rep. Mike Pompeo (R-Kan.) as CIA director, and retired Army Lt. Gen. Michael Flynn as national security advisor, and Sen. Jeff Sessions (R-Ala.) as attorney general.
African businesses a particular cyber-security risk due to skills shortages, with expenditure expected to rise, especially in S Africa and Nigeria.
WhatsApp co-founder Jan Koum said the messaging service will add encrypted video calling on Monday, according to a report.
A telecommunications hub built in 1969 to withstand a nuclear attack, now "appears" to serve as a surveillance site for the National Security Agency (NSA).
ICYMI: Michael page CV leak; Barclays vulnerability; Tesco hack; Russia's Microsoft probe; Talk Talk conviction
In this week's In Case You Missed it we look at: Capgemini leaks 780,000 Michael Page job candidate CVs; Barclays LFI vulnerability; Tesco hack details?; Microsoft investigated in Russia; Talk Talk 17 yr old convicted
Mobile operator Three acknowledges that its internal systems were breached through stolen credentials, resulting in the theft of hundreds of high-value mobile phone handsets.
Only 32 percent of IT and security professionals say their organisation has a high level of cyber-resilience.
Millions of mobile app gamers are putting themselves at risk of social engineering by allowing apps to access and sometimes control their devices.
Nearly half of hiring managers in IT expect more demand in 2017 than they did in 2016.
LinkedIn initiated negotiations with Russian authorities due to recent blockage of its web-site in Russia but the blocking has now been enforced due to servers being located outside the country.
Security researcher Samy Kamkar rolled out a hacking tool dubbed PoisonTap that can crack into a locked computer fully exposing the device to a myriad of potential hacking problems.
The Investigatory Powers Bill has now completed its parliamentary process and is expected to become law within the next few weeks. No one seems that thrilled besides the government.
An international swoop on payment card fraudsters - or 'carders' - has resulted in the arrest of 15 suspects in Canada, Finland, Spain and the UK including an 18-year-old man in Birmingham.
Some NHS trusts were spending as much as £100,000 a year on cyber-security in 2015 while others were spending nothing, according to figures collated by Sky News.
After a Tesco Bank breach exposed data of 9,000 accounts and the theft of £2.5 million, a cyber-security firm uncovered boasts on underground forums from two months ago that the company was an easy target.
Firmware on some Android phones has been detected collecting user data and transmitting it to third-party servers in China, according to mobile security firm Kryptowire.
A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".
Dr Maarten Wegdam took the stage at ISSE 2016 to say that while online identity verification is nearly sorted, making sure that identity is a real one, is much harder
Jan Rochat, CTO of AET technologies, reminded an ISSE 2016 audience that the security boundaries of critical infrastructure are not quite as concrete at they seem
FireEye's Kevin Mandia shared insights into the world of cyber-intelligence this morning at a press briefing in London's Ritz Hotel.
Researchers from a collection of universities in China and the US have apparently created a method of discovering passwords by looking for the interference that body movement makes in WiFi signals.
As a growing number of cities provide free WiFi networks become, a security researcher demonstrated his successful hack of his city's WiFi network.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry