BitTorrent moves to patch reflective DDoS attack flaw

BitTorrent moves to patch reflective DDoS attack flaw

Vulnerable libuTP protocol could have been used to force torrent apps to send malicious traffic

Dark website Agora closes over Tor vulnerability suspicions

Agora, one of the largest online black market sites, halted operations after concerns arose of vulnerabilities in Tor's hidden services.

ISIS hacking leader killed by drone strike

ISIS hacking leader killed by drone strike

The alleged leader of ISIS' CyberCaliphate hacking group, Junaid Hussain, is believed to have been killed in a recent drone air strike

Zero-Day, Angler kit exploits help drive up malvertising by 325%

A Cyphort Labs study on malvertising indicates a massive uptick with this form of attack has taken place over the last few years driven by the proliferation of zero-day and Angler kit exploits.

Researchers uncover possible Iranian-backed phishing scam

Researchers uncover possible Iranian-backed phishing scam

Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilising a two-factor authentication (2FA) tool helped foil most of the attacks.

Global cyber-security skills shortage leaves Australia open to attack

The Commonwealth Bank warns that a global cyber-security skills shortage could pave the way for additional high-profile computer attacks in Australia.

DD4BC are DDoS attack driving force, new report claims

DD4BC are DDoS attack driving force, new report claims

A new report on DDoS trends points the finger at one group as the driving force behind many attacks. So, who is DD4BC?

Unique 8 week SANS Cyber Academy kicks off next week

Unique 8 week SANS Cyber Academy kicks off next week

In what is possibly a first for the industry, the SANS Institute is about to inaugurate a new bootcamp-style training programme for cyber-security professionals.

Google login credentials at risk from smart refrigerator hack

Hackers recently uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator.

Mumsnet hit again, this time by stronger series of attacks

Mumsnet has been targeted once again in a fresh sequence attacks.

Hackers revive Word macro malware in AutoIT RAT attack

Hackers revive Word macro malware in AutoIT RAT attack

Hackers have launched phishing attacks on organisations using legitimate automated management tools, according to Cisco.

Global think tank calls for global digital privacy

Global think tank calls for global digital privacy

The Diplomatic Council is calling for more transparency regarding government surveillance across the world.

Dropbox phishing scam uses compromised Wordpress site

Dropbox users may be the target of a new phishing scam that utilises a compromised Wordpress site, according to a post by Dr. Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums.

Symantec now protecting one billion IoT devices

Symantec now protecting one billion IoT devices

Symantec reported that its security software is now protecting more than 1 billion Internet of Things (IoT) devices and as this number expands so will security risks associated with these products.

IBM urges companies to block Tor—new banking trojan on black market

IBM advises businesses to block access to Tor and other anonymous networks.

GitHub seeks to contain DDoS attack

GitHub seeks to contain DDoS attack

Second DDoS attack this year against GitHub code repository - site offline for several hours.

SMEs under attack from surge in fake invoice fraud

Small businesses have been warned by Cifas and Action Fraud to be on high alert for fake invoices.

Apple fixes bad case of Ins0mnia in iOS 8.4.1

Apple fixes bad case of Ins0mnia in iOS 8.4.1

iOS 8.4 could have a hard time making apps go to sleep, according to security researchers at FireEye.

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

App on Google Play store exploited critical 'Certifi-gate' Android vulnerability

The Recordable Activator app was available in the Google Play store and was observed exploiting the Certifi-gate vulnerability.

Fraudsters selling pets online is increasing

Action Fraud warns residents of Lincolnshire to be attentive when purchasing pets online.

IBM: Corporations could be the next target for ransomware attacks

IBM: Corporations could be the next target for ransomware attacks

The growing threat posed by ransomware and the possibility that cyber-criminals will graduate from extorting end users to large corporations topped the worry list of IBM's X-Force threat team in its Q3 threat intelligence report.

US automakers respond to cyber-security failings with new ISAC

US automakers respond to cyber-security failings with new ISAC

Automobile manufacturers in the US have been stung into action by recent hack attacks and damning reports into vehicle cyber-security.

Sundown exploit kit first to use IE flaw in attack on Japan

Symantec has found that the Sundown exploit kit (EK) has begun to take advantage of a recent IE vulnerability, CVE-2015-2444

Mozilla changes security model to bolster extension protection

Mozilla changes security model to bolster extension protection

Mozilla add-ons to work across multiple browsers

Unmanaged Apple devices pose a liability to corporations

A lack of encryption and weak or shared passwords on Apple devices are exposing sensitive corporate and customer details in the workplace.

Ashley Madison - police call for 'white hat' help

Ashley Madison - police call for 'white hat' help

The security community is asked to help catch the hackers whose exposure of around 33 million adultery website subscribers is believed to have led to two suspected suicides and blackmail attempts.

Twitter blocks API access for Diplotwoops website

Twitter blocked API access for Diplotwoops, which collected deleted tweets from politicians, diplomats and embassies.

Facial recognition: a solution to the need for stronger security?

Lee Munson describes how facial recognition could be the future of stronger security via Windows 10.

Thomson data breach exposes hundreds of customer details

Thomson data breach exposes hundreds of customer details

Data breach by holiday company, Thomson, reveals the personal details of nearly 500 customers.

Strewth! Aussie telco Telstra pushes malvertising

Strewth! Aussie telco Telstra pushes malvertising

The 'media content' home page of Australia's largest telecommunications company Telstra has been infected with 'malvertising' which links a malicious exploit kit.

Spotify updates to privacy policy leave users furious

Spotify updates to privacy policy leave users furious

The latest privacy policy update from Spotify has left worldwide users outraged.

Popular Android browsers open to hackers

Popular Android browsers open to hackers

Dolphin and Mercury Android browsers can be hacked to execute code remotely.

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

WordPress sites redirect to Neutrino EK, CryptoWall pushed via Flash exploit

Neutrino Exploit Kit has been observed targeting CVE-2015-5119, an Adobe Flash Player zero-day vulnerability.

ICO demands Google take down links under 'right to be forgotten'

ICO demands Google take down links under 'right to be forgotten'

The Information Commissioner's Office ordered Google to remove links to webpages detailing a minor crime and the company's prior removal of links related to the offence.

Facebook ThreatExchange nears 100 participants

Facebook's ThreatExchange platform has closed in on nearly 100 participants since its inception six months ago.

US Embassy official in London charged with 'sextortion'

US Embassy official in the UK accused of hacking, phishing and cyber-stalking of women.

Does Adblock Plus weaken Mac OSX security?

Does Adblock Plus weaken Mac OSX security?

By downloading an exception text file that is inserted into the ad blocker configuration files, the Genieo adware variant approach could be used to perform other actions that you don't want, not just allowing adware.

Flaw in managed app configuration on iOS devices puts corporate data at risk

Flaw in managed app configuration on iOS devices puts corporate data at risk

"Quicksand" sandbox vulnerability could enable rogue apps

Another security flaw in Android, multitasking is affected

Another likely serious flaw has been discovered in Android, this time it affects the ability to multitask.

'Chinese' APT group hits hundreds of Japanese firms

'Chinese' APT group hits hundreds of Japanese firms

A suspected Chinese hacker group dubbed 'Blue Termite' has been targeting hundreds of Japanese businesses and government organisations in a cyber-espionage campaign stretching back to 2013.

Secondary Impact with another dump of Ashley Madison data

Secondary Impact with another dump of Ashley Madison data

Hackers calling themselves Impact Team have reportedly made a lot more Ashley Madison data available online and in the process apparently teased the adultery site's CEO over the breach's validity.

DARPA seeks to develop programme that drastically improves DDoS defence

DARPA seeks to develop programme that drastically improves DDoS defence

The Defense Advanced Research Projects Agency (DARPA) has started taking applications to develop a stronger defence against distributed denial-of-service (DDoS) attacks.

ICYMI: Big data leaking; Salesforce vulnerability; suppressed car hack; sound authentication and critical IE fix

ICYMI: Big data leaking; Salesforce vulnerability; suppressed car hack; sound authentication and critical IE fix

In this week's In Case You Missed It (ICYMI): Big data leaking; Salesforce vulnerability patched; suppressed car hack; ambient sound authentication and critical IE fix.

Cyber-attack alert in Malaysia

The Malaysian government is preparing itself against cyber-attacks threatened to occur two days before National Day on 29 August.

Google facility in Europe loses data due to lightning strikes

After lightning struck a local utility grid, one of Google's European data centres suffered a power outage that led to "some" permanent data loss.

Upon reflection, BitTorrent amplifies DDoS attacks

Upon reflection, BitTorrent amplifies DDoS attacks

New DRDos attack using BitTorrent investigated: able to amplify traffic up to a factor of 50 times on average, and 120 times in the case of BTSync.

Newly-patched IE bug used in cyber-attack on Hong Kong church

Researchers have discovered a patch for a critical bug in Internet Explorer (IE) being used in semi-targeted attacks on visitors to a Hong Kong church.

Bitcoin exchange founder faces re-arrest in Japan

Police in Japan will re-arrest the CEO of the collapsed Bitcoin exchange MtGox on theft allegations.

Bank of England encourages increase of cyber-attack protection

UK financial firms urged to boost defences against cyber-attacks.

Mumsnet hacked, co-founder falls victim to swatting attack

Mumsnet hacked, co-founder falls victim to swatting attack

Mumsnet experiences DDoS attack while its founder, Justine Roberts, suffers a swatting attack.

Teen nabbed after cyber-attacks on UK government sites

Charlton Floate, 19, crashed government websites in the UK and one used by the FBI.

Flaws found in Pocket

Flaws found in Pocket

Vulnerability could have allowed hackers to siphon off data from Firefox servers

Leaked Ashley Madison emails include MP and hundreds of UK public figures

Leaked Ashley Madison emails include MP and hundreds of UK public figures

Personal details of hundreds of UK public figures are among the estimated 33 million credentials leaked yesterday by hackers who breached the Ashley Madison adultery website.

Outsourcing IT security continues to grow, study finds

Outsourcing IT security continues to grow, study finds

Spending on the outsourcing of IT functions is rising, according to a new report from Computer Economics.

Adobe patches flaw in LiveCycle Data Services

Adobe released a hotfix for LiveCycle Data Services, patching a vulnerability that could result in information being disclosed.

Unpatched 0-day threatens Apple Mac users

Unpatched 0-day threatens Apple Mac users

OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.

Russian Pawn Storm APT group spied on punk band and others

Trend Micro says the Russian APT group, Pawn Storm, has been spying on domestic targets, including the punk rock band known as Pussy Riot.

Microsoft forced to release out-of-band patch to fix IE

Microsoft forced to release out-of-band patch to fix IE

Internet Explorer vulnerability could allow hackers to take control of victim's PC

Panda APT group using Hacking Team flaws

The Chinese APT group Emissary Panda has been taking advantage of Hacking Team's Flash Player exploits in its actions.

China arrests 15,000 during cyber-crime sweep

The Chinese Ministry of Public Security arrested 15,000 people for cyber-crimes as part of a long-term operation dubbed 'Cleaning the Internet.'

Cyber-security bootcamp to train future experts

Cyber-security bootcamp to train experts of the future at Cyber Development Camp at DMU.

Malaysian police works with Interpol and FBI to evade cyber-warfare threat

Police are working with the FBI and Interpol to track down people involved in threat by Anonymous Malaysia

Hack Amazon's dash buttons for more than just ordering stuff

Amazon's dash buttons can be hacked for anything

Another Android flaw affects almost all devices

Another critical flaw has been uncovered that affects almost all Android devices

Partnership between NSA and telecoms pose both security and privacy risk, experts say

Leaked Edward Snowden documents reveal that up until at least 2013, the U.S. government held intimate ties with AT&T and to a lesser extent Verizon.

Mozilla tests pre-beta Firefox 'deeper than local' privacy

Mozilla tests pre-beta Firefox 'deeper than local' privacy

Experimental Firefox functionality release to web developers intended to block Internet tracking elements

Ransomware goes open source

The first open source ransomware has been published by Utku Sen.

Security researchers reveal car hack after two-year injunction

Security researchers reveal car hack after two-year injunction

VW hacking report still has one line redacted

Adobe settles charges in data breach suit

Adobe ordered to pay $1.1 million (US) in legal fees as well as an "undisclosed settlement" to users following breach that affected 38 million.

Kaspersky Lab denies allegations it induced false positive AV detections

Kaspersky Lab denies allegations it induced false positive AV detections

A Reuters article claimed the Russian cyber-security firm intentionally poisoned good files to throw off competitors' antivirus detection.

Kaspersky Lab—spam and phishing in Q2

Kaspersky Lab—spam and phishing in Q2

Kaspersky's latest report shows that in the second quarter of 2015 spam was controlled by emails based on real events.

Two-thirds of organisations are potential targets for nation-state cyber-attacks

Survey reveals over four-in-five firms have seen an increase in attacks on infrastructure

FireEye and Europol join forces on cyber-crime detection

IT security firm and law enforcement sign memorandum of understanding

Sound Proof: new two-factor authentication through ambient noise

Sound Proof: new two-factor authentication through ambient noise

Second authentication tier is proximity of user's phone to login device

Vulnerability identified in Google Admin app, remains unpatched

Vulnerability identified in Google Admin app, remains unpatched

The vulnerability was identified by security researchers with MWR Labs, and it impacts Google Admin version 2014101605 and lower.

Smartwatches aren't so clever when it comes to security

Smartwatches aren't so clever when it comes to security

Major smartwatch brands fail to keep data secure

India and US to enhance global cyber-security

India and US team up to ensure global cyber-security

Yahoo malvertising actors turn attention to AdSpirit

Researchers at Malwarebytes uncovered a malvertising campaign against AdSpirit.de, similar to the one used recently on Yahoo.

Windows 10 shares user data with Microsoft, even after disabling settings

Windows 10 shares user data with Microsoft, even after disabling settings

Microsoft's Windows 10 allows for certain data-sharing settings to be disabled, but in some cases, turning them off does nothing to stop the sharing.

One petabyte of sensitive data exposed online in big data security gaff

One petabyte of sensitive data exposed online in big data security gaff

Organisations failing to protect information within Big Data projects

Cross-site scripting vulnerability uncovered in Salesforce cloud

Cross-site scripting vulnerability uncovered in Salesforce cloud

Cross-Site Scripting (XSS) vulnerability within a Salesforce subdomain now patched

Apple updates OS X and iOS to squash security bugs

Slew of updates to fix dozens of vulnerabilities in Apple products

Companies analysing loads of internal cyber-security data

Enterprise organisation employees asked what types of internal security data they collect, process and analyse daily.

Dropbox adds USB two-factor authentication to beef up security

Cloud storage gets dongle protection from phishers

Asprox botnet mostly disappeared in 2015

Asprox botnet mostly disappeared in 2015

Researchers say that campaigns leveraging the Asprox botnet have disappeared after reaching a peak last year.

Cisco warns IOS device customers on attack 'evolution'

Cisco warns IOS device customers on attack 'evolution'

Attackers have been observed substituting Cisco's IOS bootstrap with a malicious ROMMON image after first accessing the company's IOS devices.

ICYMI: Apple hack; Carphone Warehouse breach; Firefox patch; Russian self-sufficiency

ICYMI: Apple hack; Carphone Warehouse breach; Firefox patch; Russian self-sufficiency

The latest ICYMI column looks at the biggest stories on SC this week, including non-jailbroken Apple hack; carphone Warehouse breach; Firefox patch and more.

Irish security specialist leads ICTTF to combat cyber-crime

The ICTTF is led by Paul Dwyer to assist nations in the fight against cyber-crime.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US