This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

WhatsApp flaw leaves users open to spying

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

Data breach discovery takes 'weeks or months'

Data breach discovery takes 'weeks or months'

A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.

HMRC plan to share taxpayers' data attacked

HMRC plan to share taxpayers' data attacked

A proposal by HMRC to release millions of taxpayers' personal data to private firms has whipped up a storm on data privacy.

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).

Target effect: US retailers to share cyber intelligence

Target effect: US retailers to share cyber intelligence

The National Retail Federation in the United States has announced plans to establish the Information Sharing and Analysis Center (ISAC), so that retailers can work together on incoming cyber security threats.

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Single step authentication on Galaxy leaves PayPal accounts open to abuse say German researchers.

MSWin 8.1 users must update or lose security patches

MSWin 8.1 users must update or lose security patches

Organisations run the risk of being left defenceless against attackers unless they upgrade from MS Win 8.1

Communication gap indentified between IT and management

Communication gap indentified between IT and management

Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.

GCHQ selects new director general

GCHQ selects new director general

Robert Hannigan is to replace Sir Ian Lobban as the director general of the UK's GCHQ.

Police investigating after hacker steals 500,000 records from cosmetic surgery practice

Police investigating after hacker steals 500,000 records from cosmetic surgery practice

An unidentified hacker was able to access and exfiltrate almost half a million records on potential cosmetic surgery patients, it has been revealed.

Insider data thieves get away "scot free"

Insider data thieves get away "scot free"

Controls on access to data by both staff and ex-staff are lax, and even when caught, insiders stealing data get away 'scot-free' says new survey.

Update: Government slated as Mumsnet becomes first UK Heartbleed victim

Update: Government slated as Mumsnet becomes first UK Heartbleed victim

The Government's reaction to the 'Heartbleed' flaw has been criticised after the Mumsnet parenting site became the UK's first known victim of Heartbleed hackers.

French hardware maker LaCie admits year-long data breach

French hardware maker LaCie admits year-long data breach

French hard drive manufacturer LaCie has begun notifying customers that their personal information may have been compromised if they bought products between March 2013 and 2014.

Nuns robbed by Zeus cyber criminals

Nuns robbed by Zeus cyber criminals

An alleged cybercrime gang from Ukraine and Russia - two of whom were extradited from the UK - have been charged with using Zeus malware to steal millions of dollars from victims including the Franciscan Sisters of Chicago order of nuns.

Germany's Space Centre 'hacked by cyber spies'

Germany's Space Centre 'hacked by cyber spies'

Reports that Germany's national space centre has been infiltrated by cyber spies have emerged just two weeks after the UK's GCHQ was accused of attacking a string of German satellite and aerospace companies.

NSA denies exploiting Heartbleed bug for surveillance

NSA denies exploiting Heartbleed bug for surveillance

The National Security Agency (NSA) has dismissed reports that it has been exploiting the Heartbleed vulnerability to carry out internet surveillance.

Critical infrastructure put on 'Heartbleed Bug' alert

Critical infrastructure put on 'Heartbleed Bug' alert

Critical infrastructure operators are now being alerted to the far reaching impact of a critical OpenSSL flaw, dubbed the "Heartbleed Bug."

Mandiant: Companies are getting worse at detecting data breaches

Mandiant: Companies are getting worse at detecting data breaches

Organisations are getting worse at spotting security breaches and attackers still spend two-thirds of a year on corporate networks before being indentified, according to a new Mandiant report.

UK police ill-equipped to deal with cyber attacks

UK police ill-equipped to deal with cyber attacks

A startling report from Her Majesty's Inspectorate of Constabulary (HMIC) shows that only three in 43 police forces in England and Wales have a comprehensive plan for dealing with a large-scale cyber attack.

Cyber attacks are targeting Heartbleed flaw, says US CERT

Cyber attacks are targeting Heartbleed flaw, says US CERT

As the latest major security bug prompts cyber-crime and phishing attacks, experts advise on changing passwords and what CISOs can do.

EU telco/ISP/CSP data retention rules ruled invalid

EU telco/ISP/CSP data retention rules ruled invalid

"I do hope the Home Office has properly thought-out contingency plans" says Professor Peter Sommer, data forensics specialist.

DDoS attacks: Bigger, Badder and Nastier than last year

DDoS attacks: Bigger, Badder and Nastier than last year

DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way.

Dud Android app fools thousands

Dud Android app fools thousands

Chart-topping paid-for Android security app does absolutely nothing

Different approaches to security under development

Different approaches to security under development

IDS platform uses expert-led reinforcement of learned behaviour and decision-making

Heartbleed flaw threatens millions of websites

Heartbleed flaw threatens millions of websites

Systems admins are being warned of a "potentially disastrous" security flaw that allows hackers to steal data from millions of websites worldwide without leaving a trace.

XP users buy security protection

XP users buy security protection

Microsoft has officially ended security support for Windows XP but the government and many large organisations plan to pay to protect their XP users.

GCHQ to accredit cyber security degrees, appoint new director

GCHQ to accredit cyber security degrees, appoint new director

GCHQ is teaming up with UK universities to offer accredited cyber security masters degrees, and is also reportedly on the verge of appointing a new director.

Researchers demo iOS banking app hack

Researchers demo iOS banking app hack

Mobile banking transactions may be on the rise, but banks may face an uphill struggle to keep them secure from cyber-criminals.

Dangerous new Zeus Trojan fools anti-virus

Dangerous new Zeus Trojan fools anti-virus

A new and "extremely dangerous" version of the notorious Zeus malware has been discovered that can fool detection systems by hiding behind an apparently legitimate digital signature.

Millions of consumers at risk from mobile POS flaws

Millions of consumers at risk from mobile POS flaws

Mobile point-of-sale (MPOS) terminals being used at thousands of retail outlets in the UK and worldwide can be hacked using multiple cyber-attack techniques.

Smaller banks under fire from phishing attacks

Smaller banks under fire from phishing attacks

A US government financial agency has warned smaller banks and financial institutions in the US to be aware of the heightened risk of their systems being phished by cyber-criminals.

New malware component changes router's DNS settings remotely

New malware component changes router's DNS settings remotely

Routers from Cisco, D-Link, Huawei, TP-Link and ZTE have been identified as vulnerable.

Russian trojan spotted attacking Middle Eastern banks

Russian trojan spotted attacking Middle Eastern banks

Security researcher Brian Krebs has spotted a Russian-controlled botnet being used to target banks in the Middle East.

Snowden effect: Insider threat grips European companies

Snowden effect: Insider threat grips European companies

Just nine percent of European organisations feel safe from insider threat, according to a new study by Vormetric and Ovum, and that could get worse once the new EU data protection legislation comes into effect.

24 million reasons to lock down DNS amplification attacks

24 million reasons to lock down DNS amplification attacks

5.3 million home and office routers worldwide were being used for DNS amplification attacks in February, according to a new study.

LinkedIn plug-in mines for user email addresses

LinkedIn plug-in mines for user email addresses

"This highlights the fine line between acceptable and unacceptable usage of your information" says Nigel Stanley, CEO of Incoming Thought.

Only 6 in 10 firms say their software is always up-to-date

Only 6 in 10 firms say their software is always up-to-date

A new report from F-Secure reveals that most companies lack the resources to update legacy applications, with this potentially being a serious security risk.

CryptoDefense ransomware attacks 100 countries but has 'fatal flaw'

CryptoDefense ransomware attacks 100 countries but has 'fatal flaw'

The US and UK are the biggest targets of CryptoDefense, a major new ransomware campaign that has stolen over £20,000 in its first month - but which has one major design flaw.

GCHQ 'hacked German high-tech firms to spy on internet traffic'

GCHQ 'hacked German high-tech firms to spy on internet traffic'

Revelations that UK intelligence agency GCHQ hacked into German satellite and communications companies are likely to accelerate the drive among businesses to tighten their control over how they store their sensitive data.

CERT UK finally launches to counter cyber threats

CERT UK finally launches to counter cyber threats

The UK government finally launched its first national computer emergency response team, CERT-UK, in London today.

Anonymous Ukraine credit card leak is old data

Anonymous Ukraine credit card leak is old data

Last week's reports of Anonymous Ukraine obtaining and leaking seven million credit card details may be erroneous, with the data having apparently been disclosed in older data breaches.

Media industry targeted by state-sponsored cyber attacks

Media industry targeted by state-sponsored cyber attacks

New research from Google reveals that 21 of the world's top 25 news organisations have been targeted by state-sponsored hacking attacks.

Stealthy Crigent malware infects Word and Excel files

Stealthy Crigent malware infects Word and Excel files

A new malware family that could "creep under the radar" of many system administrators has been found infecting Microsoft Word and Excel files.

Businesses still don't value CISOs, survey finds

Businesses still don't value CISOs, survey finds

The continuing rift between IT security professionals and 'the business' has been highlighted by a new study that shows many organisations still attach little value to cyber security - even though they know the threat is growing.

1 in 3 businesses swerve cloud due to government snooping

1 in 3 businesses swerve cloud due to government snooping

A new report released today claims that the rising level of government surveillance is now driving a third of organisations away from using cloud computing.

Android 5.0 to support business features?

Android 5.0 to support business features?

Widely reported changes to the next version of Google's Android are starting to make the operation system "look like a professional platform", say analysts.

Hackers preparing 'wild west' zero-day assault on Windows XP

Hackers preparing 'wild west' zero-day assault on Windows XP

With Windows XP finally set to go end-of-life next week, Microsoft has made one final call for businesses and consumers to update to a newer version of the operating system.

Trustwave in the firing line in Target lawsuit

Trustwave in the firing line in Target lawsuit

Legal payout could be significant in a breach whose costs may reach £10.9 billion (US $18 billion).

President Obama proposes limiting NSA access to phone calls

President Obama proposes limiting NSA access to phone calls

US President Barack Obama has announced plans to limit the National Security Agency's `catch all' bulk recording of all phone calls within and traversing the US - with one important caveat.

DDoS attacks soar as cyber-criminals hit Basecamp

DDoS attacks soar as cyber-criminals hit Basecamp

Distributed-denial-of-service attacks are being bigger and more common, with Prolexic saying that these attacks are exceeding 100 Gbps on a regular basis.

APT attacks use 'news of doomed flight MH370'

APT attacks use 'news of doomed flight MH370'

A series of advanced cyber attacks have used the lure of news about the disappearance of Malaysia Airlines flight MH370 to infiltrate nation-state and other targets, according to FireEye.

Anonymous Ukraine leaks seven million credit card details

Anonymous Ukraine leaks seven million credit card details

Anonymous Ukraine says that it has information on "more than 800 million credit cards", and has leaked the first million of those with Visa, MasterCard, American Express and Discover accounts onto a public forum.

Huawei responds to allegations of NSA hacking

Huawei responds to allegations of NSA hacking

Further Snowden leaks allege that the NSA targeted Chinese telecom firm Huawei for corporate data.

Microsoft rushes out fix for zero-day Word flaw

Microsoft rushes out fix for zero-day Word flaw

Microsoft has rushed out a quick fix for a Microsoft Word zero-day flaw that is now being used in cyber-crime attacks.

Cyber black markets get upper hand

Cyber black markets get upper hand

Cyber attackers now outgun defenders according to a new report out today looking at the multi-billion-dollar cyber criminal black economy and its infrastructure.

CERT UK reportedly to launch next week

CERT UK reportedly to launch next week

The British government will finally launch the much-delayed Computer Emergency Response Team (CERT-UK) next week, according to report, in a bid to protect the country's critical infrastructure.

Reporting cyber attacks should be "a legal requirement"

Reporting cyber attacks should be "a legal requirement"

The opposition Labour party is calling for new laws to be introduced so that businesses are forced to report when they have been hit by a cyber attack.

OU Masters with digital forensics

OU Masters with digital forensics

Today the Open University launches a new Masters qualification in Computing which includes new modules on corporate digital forensics

All Android devices believed hit by security flaw

All Android devices believed hit by security flaw

A new class of security vulnerability that is "highly suspected" to affect all of the almost one billion Android devices in existence has been discovered by a research team from Indiana University and Microsoft.

SC Congress London: Met Police admits cybercrime mistakes

SC Congress London: Met Police admits cybercrime mistakes

Mark Jackson, detective superintendent of the recently-established Met Police Cyber Crime Unit, has admitted that London's police are only just finding out how to tackle cyber-crime.

Flying drone steals smartphone contents

Flying drone steals smartphone contents

British researchers have tested their invention, the Snoopy drone, over the skies of London.

SC Congress London: Bottom-up security awareness has C-level benefits

SC Congress London: Bottom-up security awareness has C-level benefits

A stellar panel of infosec experts told a packed audience at SC Congress London on Thursday that security awareness can play an integral role in educating C-suite on threats coming from inside and outside the company.

SC Congress London: BYOD issues remain in post-Blackberry era

SC Congress London: BYOD issues remain in post-Blackberry era

Bring Your Own Device is making waves in business, but concerns remain on how employees use personal smartphones and tablets, how they're managed and the laws to which companies must adhere.

Internet of Things security warning issued by two reports

Internet of Things security warning issued by two reports

"The Internet of Things makes it easier for someone to attack someone that you know," says Sarb Sembhi, analyst and director of consulting at Incoming Thought.

Mixed reaction from information security industry on 2014 Budget

Mixed reaction from information security industry on 2014 Budget

The UK's Chancellor of the Exchequer George Osbourne introduced the 2014 Budget yesterday, but those in the infosec industry believe that it didn't do enough to close the cyber security skills gap.

60 percent of FTSE companies mention cyber security risks in annual reports

60 percent of FTSE companies mention cyber security risks in annual reports

"Data breaches have become a fact of life for most companies," says John Yeo, Trustwave SpiderLabs EMEA director.

20 percent of all malware created was coded in 2013

20 percent of all malware created was coded in 2013

Malware may have reached its 25th anniversary last November, but research just published claims that 20 per cent of all malware ever created was coded last year.

PHP poses threat to website integrity

PHP poses threat to website integrity

"Patching no longer offers complete protection" says Professor John Walker, Nottingham Trent University

Trust users to improve security, say analysts

Trust users to improve security, say analysts

Despite the dangers of insider threats, Gartner analysts Tom Scholtz and Ant Allan believe that trusting people can go a long way to improving business security.

Snowden: NSA can record all telephone calls in foreign countries

Snowden: NSA can record all telephone calls in foreign countries

The NSA is spending a great deal of money to get large numbers of false positives, says digital forensics specialist professor Peter Sommer.

Windigo malware infects 25,000 Unix servers

Windigo malware infects 25,000 Unix servers

Systems administrators urged to take the 'tough medicine' and wipe all affected computers

BT customer data 'exposed'claims ICO

BT customer data 'exposed'claims ICO

BT is being investigated by the UK's privacy watchdog, the Information Commissioner's Office (ICO), over claims that the user names and passwords of millions of its email customers were exposed to hacking.

1 in 3 businesses have no incident response plan

1 in 3 businesses have no incident response plan

Despite numerous commentators stating that it's now a case of 'when' rather than 'if' businesses are hit by a cyber attack, a new study reveals a third of companies have no incident response plans.

Crimea battle continues: Ukrainian hackers DDoS NATO websites

Crimea battle continues: Ukrainian hackers DDoS NATO websites

A group of pro-Russian, Ukrainian activists have claimed responsibility for carrying out DDoS attacks on various NATO websites.

Morrisons supermarket succumbs to insider threat

Morrisons supermarket succumbs to insider threat

Staff pay and bank details posted by suspected insider at Morrisons.

Phishing email says you have cancer

Phishing email says you have cancer

Cyber criminals have reached a new low with a Trojan attack based on a hoax email that tells its UK-based victims that they have cancer.

Anonymous group in DDoS Kremlin attack

Anonymous group in DDoS Kremlin attack

A division of hactivism group Anonymous says that it was behind an attack on the websites of the Russian presidency, the Russian Central Bank and the Foreign Ministry on Friday.

Out of the bunker: A view from the C-suite

Out of the bunker: A view from the C-suite

Cyber security can't remain an IT issue. It needs to be addressed and filtered from the C-suite throughout the business, explains Rangu Salgame, CEO of growth ventures at Tata Communications.

The enemy within - beware the insider threat

The enemy within - beware the insider threat

Being alert to the danger of outside attacks is one thing, but like charity, security begins at home. Expect the unexpected, warns Geoff Sweeney, CTO of Tier-3.

Cyber gang behind £1.25m 'KVM' bank fraud convicted

Cyber gang behind £1.25m 'KVM' bank fraud convicted

Members of a cyber crime gang that stole more than £1.25 million from Barclays Bank using a 'KVM' device have been convicted at Southwark Crown Court.

Bitcoin: Protection in demand

Bitcoin: Protection in demand

Precautions must be taken to protect your Bitcoin horde, says LogRhythm's Mark Vankempen

A race for supremacy in information security

A race for supremacy in information security

Some may say that the lack of a recognised entry qualification for the information security industry is a good thing, for while professionalising ensures a baseline of competence, it can also be a barrier to talent from unexpected quarters.

NSA bots monitor millions of Internet users

NSA bots monitor millions of Internet users

Former CIA contractor Edward Snowden has alleged that NSA's surveillance is even more widespread than first thought.

Multiple layers now required for effective security: report

Multiple layers now required for effective security: report

"The AV industry has evolved beyond static signature technology" says NSS Labs.

UCAS makes £millions from student data

UCAS makes £millions from student data

The UK's university admissions service has been selling access to student and parent data to advertisers and mobile phone companies, in exchange for millions of pounds.

UK Government gets serious about cyber security education

UK Government gets serious about cyber security education

The UK Government is stepping up plans for developing the cyber-security sector, with support for students and teachers.

EU approves data protection law but critics remain

EU approves data protection law but critics remain

The European Parliament approved a draft law on data protection on Wednesday, but the mooted changes are still to win universal approval from all in the infosec community.

162,000 reasons to tighten up WordPress security

162,000 reasons to tighten up WordPress security

"Cyber-criminals continue to innovate and find vulnerabilities to exploit for their criminal activity" says Lancope CTO Tim Keanini.

Web inventor calls for Internet Bill of Rights

Web inventor calls for Internet Bill of Rights

"Are we going to continue on the road and just allow the governments to do more and more and more control - more and more surveillance?" - Sir Tim Berners-Lee

Apple's iOS 7.1 fixes 41 bugs, including Webkit flaws

Apple's iOS 7.1 fixes 41 bugs, including Webkit flaws

Apple's latest mobile operating system, iOS 7.1, was released on Monday, bringing updates for 41 bugs plaguing users.

US-CERT advises WinXP users to dump Internet Explorer

US-CERT advises WinXP users to dump Internet Explorer

Users who are unable to stop using embedded versions of Windows XP should at least stop using Internet explorer and even then may have invalidated any cyber insurance that requires patch updates.

Major privacy flaw found on WhatsApp

Major privacy flaw found on WhatsApp

Popular messaging service WhatsApp is facing up to another PR disaster after a security researcher found that others could access private chats through downloaded Android apps.

Security tech budgets rising, says new study

Security tech budgets rising, says new study

Information security budgets will increase in 2014, with 45 per cent of organisations planning to spend more this year and only 11 per cent cutting back, according to the latest Information Security Study from 451 Research.

Edward Snowden calls for encryption, surveillance reforms after NSA leaks

Edward Snowden calls for encryption, surveillance reforms after NSA leaks

Exiled former CIA contractor Edward Snowden talked NSA surveillance and the powers of encryption at the South by South West conference in Texas on Monday.

'Ministry of Justice' scam email attracts hundreds of calls

'Ministry of Justice' scam email attracts hundreds of calls

The Government's Action Fraud helpline has received hundreds of calls in just 24 hours from end users concerned about a new email phishing campaign that purports to come from the Ministry of Justice.

Russia suspected of Ukraine cyber attack

Russia suspected of Ukraine cyber attack

Government mobile phone hacks, viruses, leaks and website defacement are all reportedly underway in Ukraine following the takeover of Crimea.

Anonymous hackers claim MtGox still has 'stolen' Bitcoins

Anonymous hackers claim MtGox still has 'stolen' Bitcoins

The bad news keeps getting worse for MtGox. Two weeks on from being forced to close after hackers stole approximately 850,000 Bitcoins (BTC), the currency exchange now faces accusations that it is still holding onto some of the 'stolen' Bitcoins.

'Off-the-shelf' malware targets POS systems

'Off-the-shelf' malware targets POS systems

Hackers are using "relatively unsophisticated" malware bought on the black market to target vulnerable point-of-sale (POS) systems, according to a new report.

Newsletters