FBI, Europol and MI6 gang up on tech firms over encryption

FBI, Europol and MI6 gang up on tech firms over encryption

Worldwide law enforcement continues to voice concerns over technology companies' increasing use of encryption.

UK Safari users able to sue Google over privacy

UK Safari users able to sue Google over privacy

Courts tell Safari users they can sue Google over cookie privacy violation, considered ironic given Google's support for combatting government surveillance.

UK firms at risk from attacks on crypto keys, digital certificates

UK firms at risk from attacks on crypto keys, digital certificates

A joint study from Venafi and the Ponemon Institute reveals that digital keys and certificates are in peril, especially at UK organisations.

Interpol 'agents' detail virtual currency malware threat

Interpol 'agents' detail virtual currency malware threat

The international criminal police organisation Interpol is not just the stuff of spy movies. The global policing body, which now operates with 190 member countries, has identified a threat to virtual currencies.

Russian banks combat Tyupkin ATM malware gang

Russian banks combat Tyupkin ATM malware gang

Russian banks see Tyupkin ATM malware use rise in Russia and take steps to locate culprits.

WordPress plug-ins open to attack

WordPress plug-ins open to attack

A new generation of vulnerabilities that threaten WordPress users revolve around various plugins for the blogging platform report researchers.

New hacking group DDoS attacks Amazon's Twitch, US state websites

New hacking group DDoS attacks Amazon's Twitch, US state websites

A hacking collective going by the name of 'Vikingdom2015' claims to have taken offline various US state websites, including Maine.gov and Nyc.gov, as well as Amazon's Twitch. The group told SC its motive, the type of attack and what's to come.

Tor-fuelled Trojan gets stealthy with steganography

Tor-fuelled Trojan gets stealthy with steganography

New research by security vendor AVG has revealed that a variant of the well-known Vawtrak banking Trojan is using some unusual methods to hide what it is doing in an attempt to evade detection.

Hot and bothered air-gapped PCs open to Bitwhisper attack

Hot and bothered air-gapped PCs open to Bitwhisper attack

Security researchers at Ben Gurion University in Israel have continued their examination of security on air-gapped PCs, finding that they can be compromised using specially-designed malware measuring tiny fluctuations in heat.

Over 700,000 home routers threaten enterprise security

Over 700,000 home routers threaten enterprise security

Cisco researcher warns of flaws in devices ISPs give to customers.

Zero-day opens Cisco phones to eavesdropping

Zero-day opens Cisco phones to eavesdropping

VOIP flaws offer a route into your data, with CISCO latest compromise recorded.

Airbus to build virtual reality cyber-centre for MoD

Airbus to build virtual reality cyber-centre for MoD

Airbus Innovations Group has been awarded a £1.4 million contract to build a Virtual Cyber Centre of Operations (VCCO) for the military, with the aim of helping the MoD detect and respond to cyber-attacks.

'PoSeidon' point-of-sale malware targets payment card information

'PoSeidon' point-of-sale malware targets payment card information

PoSeidon takes steps to achieve persistence so that the malware will survive after a system reboot.

Government bangs the drum for UK cyber-insurance

Government bangs the drum for UK cyber-insurance

The British government has teamed up with the Royal Bank of Scotland and insurance broker Marsh to help develop the local cyber-insurance market, after its own report indicated that few businesses are covered in the event of a data breach.

Ghosts reappear (deep) inside the machine: BIOS bootkits & UEFI exploits

Ghosts reappear (deep) inside the machine: BIOS bootkits & UEFI exploits

BIOS bookits are being used in APTs, with new research demonstrating abiity to exploit newly discovered vulnerabilities.

Rocket Kitten phishing with woollen goldfish & GHOLE

Rocket Kitten phishing with woollen goldfish & GHOLE

Rocket Kitten hackers are spear-phishing in Germany and Israel using GHOLE and woollen goldfish attacks hosted on Microsoft products.

Kaspersky Lab repudiates new Russian spy claims

Kaspersky Lab repudiates new Russian spy claims

Eugene Kaspersky, CEO of Kaspersky Lab, has dismissed new claims that his company employs people who have close ties to Russia's military or intelligence services.

OpenSSL patches 'high severity' bug - but it's no Heartbleed

OpenSSL patches 'high severity' bug - but it's no Heartbleed

The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.

Tor darknet closes, thieves make off with millions in Bitcoin

Tor darknet closes, thieves make off with millions in Bitcoin

Evolution, a drugs and criminal market hosted on the Tor anonymity network, has been closed, with its owners suspected of stealing up to £10 million worth of Bitcoins as part of an exit strategy.

New Google checks fail to protect apps from adware

New Google checks fail to protect apps from adware

Malicious adware is still getting onto company mobiles through the Google Play app store despite increased security.

Wi-Fi car updates pose security risk

Wi-Fi car updates pose security risk

Ford's announcement of software updates to its cars via WiFi highlights security concerns about Smart Car software.

Hackers route via Tor for stealthy 'slow-death' DoS attacks

Hackers route via Tor for stealthy 'slow-death' DoS attacks

Vigilante hactivists have been taking down pornography, Jihadi and other websites by using a new type of "slow-death" Denial-of-Service (DoS) attack that is virtually undetectable, bypassing some leading security solutions.

Apple and Google freak out as SSL flaw hits thousands of apps

Apple and Google freak out as SSL flaw hits thousands of apps

Android and iOS apps are still vulnerable to attacks exploiting the Freak SSL flaw, despite Apple and Google having issued patches.

UK firms horribly unprepared for data breach response

UK firms horribly unprepared for data breach response

Two new studies reveal that despite a third of UK businesses suffering a breach in the last year, most organisations severely overestimate their readiness to respond to an incident.

£200 black box cracks Apple iOS screenlock

Eurovision voting app hit by suspected cyber-attack

Eurovision voting app hit by suspected cyber-attack

Swedish television, SVT, is believed to have suffered a DDoS attack on its voting system during the final qualification round for Eurovision Song Contest 2015 in Vienna.

Dirty Facebook worm cuts itself in half to evade detection

Dirty Facebook worm cuts itself in half to evade detection

Facebook distributing malware is nothing new, nor are shortened URLs for obfuscation, in-the-cloud servers for anonymity or porn as a lure. However the latest Kilim-family variant which hit Facebook last week uses all of them and with a twist: this worm keeps cutting itself in half to evade detection.

Password-free logins adopted by Yahoo

Authy patches after 2FA bypassed in POC hack

Authy patches after 2FA bypassed in POC hack

Russian penetration tester Sakurity has found that attackers could temporarily bypass Authy's two-factor authentication (2FA), which enables users to log-in to Gmail, Dropbox, Facebook and Amazon's AWS.

BlackBerry turns sour over Freak vulnerability

BlackBerry turns sour over Freak vulnerability

Firm warns that operating systems, BlackBerry Messenger and Enterprise Server middleware are affected.

Google Apps flaw leaks personal details on domain holders

Google Apps flaw leaks personal details on domain holders

Thousands of domain name holders have had their personal details, including addresses and phone numbers, revealed on the internet, thanks to a software flaw that went unnoticed for two years.

GCHQ spying 'legal and essential', rules parliament body

GCHQ spying 'legal and essential', rules parliament body

The Intelligence and Security Committee of Parliament (ISC) committee has ruled that GCHQ's surveillance is legal and essential, but notes that legislation governing surveillance bodies needs to be changed.

Companies getting better at PCI DSS compliance, finds Verizon

Companies getting better at PCI DSS compliance, finds Verizon

Verizon's fourth annual report into PCI DSS compliance finds that not a single breached company over the last decade has been fully compliant with PCI standards at the time of breach. However, there is at least light at the end of the tunnel.

Dropbox flaw fixed

Stuxnet flaw remained unpatched for four years

Stuxnet flaw remained unpatched for four years

In its latest 'Patch Tuesday' notice, Microsoft issued 14 security bulletins including fixes for the Freak flaw and the Stuxnet worm - which was thought to have been patched five years ago.

Kaspersky discovers CAPTCHA-duping Podec malware

Kaspersky discovers CAPTCHA-duping Podec malware

Trojan targets Android devices and fools image verification system into thinking it's human.

Security agencies - increase powers, tech and oversight

Security agencies - increase powers, tech and oversight

Foreign Secretary Philip Hammond called for the security agencies to be given the powers and technology needed to match the foes they face - while subject to parliamentary oversight.

Updated: Facebook Login hijacking tool offered to black hat hackers

Updated: Facebook Login hijacking tool offered to black hat hackers

Penetration testing company Sakurity has openly named and blamed Facebook over a security vulnerability that it says exists on websites with a Facebook login option.

'Rowhammer' hijack via hardware flaw hits half of laptops tested

'Rowhammer' hijack via hardware flaw hits half of laptops tested

A DRAM hardware 'reliability issue' turns out to be a vulnerability issue for half of all laptops as Google researchers demonstrate Rowhammer hijack.

Russia adopts quantum computing to counter foreign spyware and sabotaged cyber-imports

Russia adopts quantum computing to counter foreign spyware and sabotaged cyber-imports

Russian government agencies have detected foreign-controlled spyware networks in the country, and a host of compromised devices, leading to moves to adopt quatum computing solutions.

CIA to reorganise, create digital directorate

CIA to reorganise, create digital directorate

Reorganisation at the CIA will see the creation of a specialist digital directorate to enhance overseas spying operations.

TorrentLocker copycat CryptoFortress leads new wave of ransomware

TorrentLocker copycat CryptoFortress leads new wave of ransomware

Ransomware continues to rise in several new and old guises, including a copycat TorrentLocker, BandarChor and a spam campaign encompassing the infamous CryptoWall.

Response to Freak flaw slammed

Response to Freak flaw slammed

The response of Microsoft and cloud companies to the Freak vulnerability has been far too slow say commentators.

UK NCA praised after arresting 57 suspected hackers

UK NCA praised after arresting 57 suspected hackers

The National Crime Agency (NCA) this week arrested 57 suspected hackers in a widespread UK operation involving the Met Police and regional crime squads.

ICYMI: Cyber skills gap, TalkTalk breach and hacking trading algorithms

ICYMI: Cyber skills gap, TalkTalk breach and hacking trading algorithms

The latest ICYMI columns looks at the top five stories on SC this week, from our exclusive on the cyber-security skills gap to the TalkTalk breach affecting four million customers.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US