ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud

ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud

Our roundup of top stories from this week, have a great weekend!

Data centres are on the move - where will they end up?

Data centres are on the move - where will they end up?

Tech companies are seeking to move their data centres out of the UK's jurisdiction to avoid any data privacy issues due to Brexit and the GDPR.

90% of ITDMs believe IAM is crucial to digital transformation success

90% of ITDMs believe IAM is crucial to digital transformation success

Most companies (90 percent) agree that identity and access management (IAM) is important to their company's digital transformation success.

Research: Hacked companies could see customer exodus if breached

Research: Hacked companies could see customer exodus if breached

Study reveals 48 percent of people will close accounts following a data breach.

Imperva: beware of automated registration bots, they're great at concealing fraud

Imperva: beware of automated registration bots, they're great at concealing fraud

One of Imperva's security researchers has warned of automated registration bots, says "they're great at concealing fraud."

'Avalanche' cyber-crime platform dismantled, EU security forces praised

'Avalanche' cyber-crime platform dismantled, EU security forces praised

A four-year long investigation by various multinational law enforcement agencies including Europol, the FBI and the US Justice Department, has brought down the international criminal infrastructure platform known as 'Avalanche'.

Banking malware allows bad guys to lock, reset phone passwords

Banking malware allows bad guys to lock, reset phone passwords

Cyber-criminals have updated a two-year old banking app scam that grabs control of a victim's smartphone, locks them out and then drains their bank account while the person struggles to regain control of their device.

iCloud calendar spammers seize the day, sending junk invites

iCloud calendar spammers seize the day, sending junk invites

Apple users over the last few weeks have reportedly been besieged with spam hitting their iCloud calendars in the form of unwanted invites, after cyber-criminals figured out that they could send their junk offers directly to recipients' iCloud accounts.

Same fate befalls Post Office broadband as hit DT?

Same fate befalls Post Office broadband as hit DT?

With reports of outages to customers of Post Office broadband and TalkTalk, the attack that that nearly a million Deutsche Telekom customers over the weekend appears to have made its way to the UK's shores.

42% of global IT admins say security is a top cost to access legacy data

42% of global IT admins say security is a top cost to access legacy data

A third of companies are not clear on what specific information is archived and stored in their tape storage, posing risk and high cost to their business.

Shamoon wiper malware returns after four year hiatus

Shamoon wiper malware returns after four year hiatus

Shamoon wiper malware has been spotted for the first time in four years, according to Palo Alto and Symantec

Firefox zero day impacts Tor

Firefox zero day impacts Tor

A Tor executive has confirmed that a zero-day vulnerability impacting Tor and Firefox has been spotted being used to execute malicious code, but it has been reported to Mozilla, according to ARS Technica.

Shodan finds confidential Europol terrorist dossiers

Shodan finds confidential Europol terrorist dossiers

Unprotected classified Europol files were linked to the internet and accessible via a hard drive found through Shodan

Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps

Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps

A newly discovered malware program that targets older versions of the Android OS has infected roughly 1.3 million Google accounts, currently breaching devices at a rate of 13,000 victims per day.

Most cyber-criminals earn $US1K to US$3K a month, report

Most cyber-criminals earn $US1K to US$3K a month, report

It's not that organised cybergangs are raking it in. It's more that a larger number of small operators are benefiting from automated services that can earn them an average of $2,000 (£1593) a month, according to a new report .

Flashpoint: "Mirai variant attacked Deutsche Telekom"

Flashpoint: "Mirai variant attacked Deutsche Telekom"

Researchers have confirmed that it was a variant form of Mirai that was used to try and turn nearly a million Deutsche Telekom customers routers into a botnet over the weekend.

Researcher hijacked PayPal OAuth tokens using this one simple trick

Researcher hijacked PayPal OAuth tokens using this one simple trick

Payment services firm put out patch to stop hackers stealing OAuth tokens but only after security researcher persisted in telling them the service was vulnerable.

German spy chief claims Russian hackers will disrupt election

German spy chief claims Russian hackers will disrupt election

The president of Germany's Federal Intelligence Service said he expects Russian cyberattacks to interfere with upcoming electoral processes across Europe, but particularly in Germany.

60% of enterprises were victims of social engineering attacks in 2016

60% of enterprises were victims of social engineering attacks in 2016

Sixty five percent of these social engineering attacks compromised employee credentials and 17 percent of these attacks breached financial accounts.

NetWire RAT acts as keylogger, steals payment card data

NetWire RAT acts as keylogger, steals payment card data

Criminals used a remote access trojan with keylogging capabilities rather than traditional point-of-sale malware.

Report: Internet trust at all time low, too much data still at risk

Report: Internet trust at all time low, too much data still at risk

Five-step approach identified by The Internet Society to address data breaches and increase online trust as it claims online trust is lower than ever before.

26,500 National Lottery accounts hacked, says operator Camelot

26,500 National Lottery accounts hacked, says operator Camelot

Camelot, operator of the UK's National Lottery, has cited possible password reuse as the reason for a breach of 26,500 of its user accounts.

Google to fund 10K Android developer scholarships

Google to fund 10K Android developer scholarships

The scholarships offered by Google and Bertelsmann are part of an initiative to boost digital skills.

Tesco Bank allegedly ignored warnings of hack from Visa

Tesco Bank allegedly ignored warnings of hack from Visa

Tesco Bank was allegedly warned of fraudsters using "Glitch 91" to steal money, and failed to protect its customers.

UK businesses suffering the skills gap must keep up with digital trends

UK businesses suffering the skills gap must keep up with digital trends

UK Government statistics claim 72 percent of large companies and 49 percent of SMEs in the UK are currently suffering the effects of the digital skills gap.

East African banks wary of Zero days

East African banks wary of Zero days

East African banks are on high alert as experts bring news of zero day attacks on the continent's banks.

Bears continue to maul anti-dopers

Bears continue to maul anti-dopers

Fancy Bear are continuing to target the western sports establishment, publishing a series of emails from inside the World Anti Doping Agency, illustrating a number of small allegedly scandalous details from inside the organisation.

Updated: A million German routers knocked offline by failed Mirai botnet attack

Updated: A million German routers knocked offline by failed Mirai botnet attack

Nearly a million customers of telecoms company Deutsche Telekom AG began experiencing network outages, possibly to due hacker sabotage.

380K xHamster porn accounts details leaked

380K xHamster porn accounts details leaked

Cyber-criminals are trading hundreds of thousands of xHamster porn account details on the digital underground.

ESET releases Crysis ransomware decryptor tool

ESET releases Crysis ransomware decryptor tool

ESET security researchers have created and released a free decryption tool to help combat Crysis ransomware.

Japanse SDF officials mum over reported cyber-attack

Japanse SDF officials mum over reported cyber-attack

Japanese Defence Ministry and Self-Defense Force (SDF) was targeted in September by a sophisticated cyber-attack, according to sources cited by The Japan Times.

Microsoft update left Azure Linux virtual machines open to hacking

Microsoft update left Azure Linux virtual machines open to hacking

Microsoft patches configuration hole that allowed hackers to upload software packages to its Azure update infrastructure.

Investigatory Powers and Digital Economy Bills could threaten economy

Investigatory Powers and Digital Economy Bills could threaten economy

Experts are claiming the Investigatory Powers (IP Bill) and Digital Economy (DEB) Bills could hurt the UK economy.

San Francisco public transport ticket system shut down by ransomware

San Francisco public transport ticket system shut down by ransomware

San Francisco's Municipal Transportation Agency was caught with a HDDCryptor Ransomware infection over the weekend, leaving the agency unable to sell tickets or charge customers for transport, unless they pay the hackers demands of 100 Bitcoin.

European Commission gets DDoSed

European Commission gets DDoSed

The European Commission was the victim of a DDoS attack this afternoon that blocked internet connectivity on-and-off for several hours.

YouTubers sell phishing kits in plain view

YouTubers sell phishing kits in plain view

YouTube appears to be the latest host of cybercrime advertising, as researchers unveil that they've found criminals advertising phishing kits on the video hosting site.

IP Bill: tech firms attempt to offer respite from surveillance

IP Bill: tech firms attempt to offer respite from surveillance

Now that the Investigatory Powers Bill has been passed, tech firms are looking for ways to offer customers ways to circumvent the spying associated with the law.

ICYMI: Blacknurse, Facebook Spam, ATM Machines, NSA and the Three breach

ICYMI: Blacknurse, Facebook Spam, ATM Machines, NSA and the Three breach

This week, A Blacknurse DDoS that can cripple with only one laptop, Facebook spam delivers Locky, ATM scammers, NSA's dark tower and two arrests after the three data breach.

Google speech recognition was vulnerable to use-after-free attack

A specially crafted webpage could hook a dangling pointer created by Google Chrome and Chromium's speech recognition API object and use it to access a block of memory on a user's machine.

Stampado ransomare: Cheap, but easily decrypted

Stampado ransomare: Cheap, but easily decrypted

Stampado ransomware was first spotted in the wild in July, but has spawned new variants capable of self propagating and re-encrypting files previously locked up by other ransomware, and all for a rock bottom price on the dark web.

Black Friday 2016: top three tips for managing the retail mayhem

Black Friday 2016: top three tips for managing the retail mayhem

Black Friday, the annual American-inherited discount day, has come around once again. Busting in with its cut-price retail goods and heightened tizzy of consumers looking for the best deals, so does the risk of fraud, cyber-attacks and cyber-crime shoot up like a 4th of July firework.

US Navy suffers data breach

US Navy suffers data breach

The US Navy announced today that the personal data of 130,000 of its enlisted men was accessed after a contractor's laptop was breached back in October.

Secure Data 2016: 'Its going to get louder'

Secure Data 2016: 'Its going to get louder'

While industry is starting to wake up to cyberthreats, is there too much noise to tell whats really threatening and whats benign?

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organisation's five major venues during the last year.

Secure Data 2016: 'Lessons to be learnt from Russian cyberwar'

Secure Data 2016: 'Lessons to be learnt from Russian cyberwar'

Sensepost's CSO Charl Van Der Walt, addressed a crowd at the science museum yesterday to explain exactly what Russian warfare doctrine can tell us about protecting the enterprise.

New research shows Tesla cars can be stolen by hacking the app

New research shows Tesla cars can be stolen by hacking the app

Research has demonstrated that cyber-criminals could take control of Tesla vehicles, to the point where they can locate, unlock and drive the car away unhindered.

Data scientists urge Clinton to ask for recount in three states as voting anomalies emerge

Data scientists urge Clinton to ask for recount in three states as voting anomalies emerge

Scientists and activist have urged Hilary Clinton to challenge the recent presidential election outcome, claiming to have new evidence that voting machines in key states were hacked into.

Cerber ransomware: Now with database encryption

Cerber ransomware: Now with database encryption

The widespread and ever-evolving Cerber ransomware has upped its game as it targets enterprises with a new capability to encrypt database files.

New cyber-academy to open at Bletchley Park

New cyber-academy to open at Bletchley Park

UK's first National College of Cyber-Security will open on the site of Bletchley Park by 2018 as part of wide-ranging plans to nurture the country's brightest cyber-security talent.

Can you hear me now? Malware turns headphones into mics for eavesdropping

Can you hear me now? Malware turns headphones into mics for eavesdropping

Headphones plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.

Analysis finds high-risk vulnerabilities in four popular WordPress e-commerce plug-ins

Analysis finds high-risk vulnerabilities in four popular WordPress e-commerce plug-ins

A static code analysis of 12 commonly used WordPress e-commerce plug-ins found that at least four of them contained one or more high-risk vulnerabilities.

Frequent job changes mean less chance for secure storage of employment records

Frequent job changes mean less chance for secure storage of employment records

Large volumes of employees moving from job to job increases the number of employment records that must be retained by HR departments, stored securely and ultimately destroyed within a legally determined timeframe.

Food-for-who? Deliveroo feeds fraudsters

Food-for-who? Deliveroo feeds fraudsters

The BBC's Watchdog programme has revealed its investigation into food delivery app Deliveroo which has been sending food to criminals who are using stolen login credentials to get into accounts.

ISSE 2016: The four models of digital identity

ISSE 2016: The four models of digital identity

Coralie Mesnard, digital identity innovation manager, identified four distinct models of digital identity, crucial to future governance, at last weeks ISSE 2016

TeleCrypt ransomware rapidly defanged thanks to weak encryption

TeleCrypt ransomware rapidly defanged thanks to weak encryption

Security researchers at Malwarebytes have worked out how to extract the encryption key from TeleCrypt ransomware and build a tool for recovering scrambled files.

74% of IT pros work unpaid overtime each week

74% of IT pros work unpaid overtime each week

Nearly three-quarters of IT pros work unpaid overtime each week, with 34 percent working more than 15 hours extra.

On the Gatak: Trojan gang lures victims with fake software keys

On the Gatak: Trojan gang lures victims with fake software keys

The old adage that crime does not pay is not only applicable those cyber-criminals who are caught, but also to many of the victims of the Gatak Trojan who download it while attempting to gain access to pirated software.

Heightened payment security could hamper usability, says Visa

Heightened payment security could hamper usability, says Visa

The European Commission's European Banking Authority has detailed plans to heighten payment security, however payment provider worry this could greatly hamper usability.

Russia aims to centralise cyber-protection of state defence enterprises

Russia aims to centralise cyber-protection of state defence enterprises

Russia's state holding company for high-tech industrial products for the civil and defence sectors aims to create a unified cyber-defence centre.

Italy gets mixed review on cyber-security from CRI 2.0

Italy gets mixed review on cyber-security from CRI 2.0

Italy is measured and found wanting in a country report produced by the author of the Cyber Readiness Index 2.0 which aims to benchmark the major economies of the world.

Facebook spam caught delivering Locky ransomware

Facebook spam caught delivering Locky ransomware

Over the weekend two security researchers spotted a Facebook spam campaign delivering Nemucod as well as Locky ransomware

52% of millennials are worried about stolen identity via mobile activity

52% of millennials are worried about stolen identity via mobile activity

More than half of UK millennials are concerned about having their identity stolen online, or through mobile/app-based activities, with women more concerned than men by a margin of 65 percent.

Eir we go again: Irish ISP router flaw allows total takeover

Eir we go again: Irish ISP router flaw allows total takeover

An open port linked to remote management software on Eir's D1000 modem router can allow an attacker to take over consumers' networks.

Banking Trojan seeks system privileges and can circumvent Android security

Banking Trojan seeks system privileges and can circumvent Android security

Comodo Threat Research Labs has recently detected the "Gugi/Fanta/Lime" family of financial malware within the Russian economic sector.

ATM machines under attack, spitting out cash on demand

ATM machines under attack, spitting out cash on demand

Cyber-security firm Group IB has released a report on a group currently ransacking ATMs throughout Europe using malware which causes ATMs to spit out cash.

Hacked in 98 seconds: Expert's camera rapidly infected by IoT malware

Hacked in 98 seconds: Expert's camera rapidly infected by IoT malware

A security expert who hooked up an internet-connected surveillance camera for research purposes reported via Twitter on Friday that the device was compromised by IoT malware after just 98 seconds of being online.

More than a third of Brits plan to give hackable gifts this Christmas

More than a third of Brits plan to give hackable gifts this Christmas

Over a third of Brits are planning to gift an internet-connected device this Christmas. The two most popular gifts - smartphone/tablets and laptops - this year are also the two most easily and frequently hacked.

Some Adult Friend Finder members get the hack alert, indirectly

Some Adult Friend Finder members get the hack alert, indirectly

Subscribers to the hookup site Adult Friend Finder received notification of a massive hack, but only if they logged in.

How BlackNurse DoS uses a single laptop to take your business down

How BlackNurse DoS uses a single laptop to take your business down

The BlackNurse Denial of Service attack uses carefully crafted ICMP messages to clog up firewalls with traffic they can't ignore.

Qualcomm launches bug bounty programme to find chip flaws

Qualcomm launches bug bounty programme to find chip flaws

White hat hackers invited to squash bugs in processors from chip vendor Qualcomm in a bid to fix the "Achilles Heel" of the IT industry.

Russian security services deny interest in buying Western software vulnerabilities

Russian security services deny interest in buying Western software vulnerabilities

Market for software vulnerabilities grows in Russia, security services deny involvement.

UPDATE: Trump taps Pompeo, Flynn and Sessions for key security posts; James Clapper to resign

UPDATE: Trump taps Pompeo, Flynn and Sessions for key security posts; James Clapper to resign

President-elect Trump has tapped Rep. Mike Pompeo (R-Kan.) as CIA director, and retired Army Lt. Gen. Michael Flynn as national security advisor, and Sen. Jeff Sessions (R-Ala.) as attorney general.

CyberSec skills shortage poses risk to African businesses

CyberSec skills shortage poses risk to African businesses

African businesses a particular cyber-security risk due to skills shortages, with expenditure expected to rise, especially in S Africa and Nigeria.

WhatsApp adds encrypted video calls as services race towards privacy offerings

WhatsApp adds encrypted video calls as services race towards privacy offerings

WhatsApp co-founder Jan Koum said the messaging service will add encrypted video calling on Monday, according to a report.

Dark tower in lower Manhattan outed as NSA nerve centre

Dark tower in lower Manhattan outed as NSA nerve centre

A telecommunications hub built in 1969 to withstand a nuclear attack, now "appears" to serve as a surveillance site for the National Security Agency (NSA).

ICYMI: Michael page CV leak; Barclays vulnerability; Tesco hack; Russia's Microsoft probe; Talk Talk conviction

ICYMI: Michael page CV leak; Barclays vulnerability; Tesco hack; Russia's Microsoft probe; Talk Talk conviction

In this week's In Case You Missed it we look at: Capgemini leaks 780,000 Michael Page job candidate CVs; Barclays LFI vulnerability; Tesco hack details?; Microsoft investigated in Russia; Talk Talk 17 yr old convicted

Three data breach leads to two arrests

Three data breach leads to two arrests

Mobile operator Three acknowledges that its internal systems were breached through stolen credentials, resulting in the theft of hundreds of high-value mobile phone handsets.

Top barrier to cyber-resilience: 'insufficient planning and preparedness'

Top barrier to cyber-resilience: 'insufficient planning and preparedness'

Only 32 percent of IT and security professionals say their organisation has a high level of cyber-resilience.

Popular games demand permissions for 'full network access'

Popular games demand permissions for 'full network access'

Millions of mobile app gamers are putting themselves at risk of social engineering by allowing apps to access and sometimes control their devices.

47% of UK hiring managers in IT expect more demand for tech pros in 2017

47% of UK hiring managers in IT expect more demand for tech pros in 2017

Nearly half of hiring managers in IT expect more demand in 2017 than they did in 2016.

Russia blocks LinkedIn after negotiations with Russian authorities fail

Russia blocks LinkedIn after negotiations with Russian authorities fail

LinkedIn initiated negotiations with Russian authorities due to recent blockage of its web-site in Russia but the blocking has now been enforced due to servers being located outside the country.

This is PoisonTap, Kamkar tool can hack locked PCs

This is PoisonTap, Kamkar tool can hack locked PCs

Security researcher Samy Kamkar rolled out a hacking tool dubbed PoisonTap that can crack into a locked computer fully exposing the device to a myriad of potential hacking problems.

The Investigatory Powers Bill is now set to become law

The Investigatory Powers Bill is now set to become law

The Investigatory Powers Bill has now completed its parliamentary process and is expected to become law within the next few weeks. No one seems that thrilled besides the government.

British teenagers caught up in international card fraud investigation

An international swoop on payment card fraudsters - or 'carders' - has resulted in the arrest of 15 suspects in Canada, Finland, Spain and the UK including an 18-year-old man in Birmingham.

Inadequate cyber-security budgets 'putting NHS patients at risk'

Inadequate cyber-security budgets 'putting NHS patients at risk'

Some NHS trusts were spending as much as £100,000 a year on cyber-security in 2015 while others were spending nothing, according to figures collated by Sky News.

Boasts preceeded hack of Tesco Bank, report

Boasts preceeded hack of Tesco Bank, report

After a Tesco Bank breach exposed data of 9,000 accounts and the theft of £2.5 million, a cyber-security firm uncovered boasts on underground forums from two months ago that the company was an easy target.

Android phones dialing home, to China

Android phones dialing home, to China

Firmware on some Android phones has been detected collecting user data and transmitting it to third-party servers in China, according to mobile security firm Kryptowire.

LFI vulnerability allegedly found in website of Barclays/RBS

LFI vulnerability allegedly found in website of Barclays/RBS

A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".

ISSE 2016 - 'Authentication is solved, verification is the hard part'

ISSE 2016 - 'Authentication is solved, verification is the hard part'

Dr Maarten Wegdam took the stage at ISSE 2016 to say that while online identity verification is nearly sorted, making sure that identity is a real one, is much harder

ISSE 2016: the boundaries of critical infrastructure

ISSE 2016: the boundaries of critical infrastructure

Jan Rochat, CTO of AET technologies, reminded an ISSE 2016 audience that the security boundaries of critical infrastructure are not quite as concrete at they seem

Kevin Mandia doesn't like 'cuddly bears'

Kevin Mandia doesn't like 'cuddly bears'

FireEye's Kevin Mandia shared insights into the world of cyber-intelligence this morning at a press briefing in London's Ritz Hotel.

Wi-Fi can imprint passwords and PINs onto radio signals

Wi-Fi can imprint passwords and PINs onto radio signals

Researchers from a collection of universities in China and the US have apparently created a method of discovering passwords by looking for the interference that body movement makes in WiFi signals.

Researcher hacks city's WiFi service using buffer-overflow exploit

As a growing number of cities provide free WiFi networks become, a security researcher demonstrated his successful hack of his city's WiFi network.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US