This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most companies

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two new reports.

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role in £6 million scheme

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) scheme.

Win32/Crowti ransomware is on the rise

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.

Hackers smuggle out stolen data disguised as videos

Hackers smuggle out stolen data disguised as videos

Around a dozen organisations, including at least one financial sector company, have been hit by a new form of hacking where attackers hide stolen corporate data inside video files that they upload to popular sharing sites like YouTube.

White House breached: Russian hackers suspected

White House breached: Russian hackers suspected

Russian hackers are allegedly behind a breach at the US President's office, while Russia's BlackEnergy malware has been used to attack US SCADA system suppliers.

Twitter offers telephone number as ID

94% of businesses suffered cyber-security incident

SC Exclusive: Human rights lawyers hit by Chinese cyber-attack

SC Exclusive: Human rights lawyers hit by Chinese cyber-attack

Not-for-profit legal group Lawyers Without Borders says that it has been hit by a cyber-attack emanating from China.

95% of companies challenged by BYOD security

80% of IT professionals expect to see an increase in mobile security incidents in their company in 2015.

FBI raids house of 'second Snowden'

FBI raids house of 'second Snowden'

The FBI is reported to have raided the house of a second whistle-blower who was leaking sensitive agency documents to the media.

NATO and UK defence groups hit by Russian cyber-attack

NATO and UK defence groups hit by Russian cyber-attack

NATO, UK defence attachés and even visitors to Counter Terror Expo and Farnborough Airshow were targeted by 'APT28' Russian state-backed spy group, says FireEye.

Cyber-security skills gap remains a 'societal challenge'

Cyber-security skills gap remains a 'societal challenge'

The cyber-security skills gap is a 'societal challenge' that must be tackled by everyone, from schools and universities to citizens and businesses, a panel of experts said in London today.

8 in 10 infosec pros think perimeter security can combat APTs

8 in 10 infosec pros think perimeter security can combat APTs

A new survey from Lieberman Software reveals that almost eight in ten IT security professionals believe that perimeter security technologies like firewalls and anti-malware solutions are sufficient in defending against advanced persistent threats (APTs).

Rogue Tor exit node injects malware into downloaded binaries

Rogue Tor exit node injects malware into downloaded binaries

A security researcher has discovered a 'bad' Russia-based Tor exit node which was being used to inject malware into downloaded binary files.

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber theft from cash machines

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.

Password recovery made too easy

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' PC.

Belgacom says alleged GCHQ APT attack cost firm £12 million

Belgacom says alleged GCHQ APT attack cost firm £12 million

One year on from a nation-state APT which 124 systems at telecom operator Belgacom and the firm has detailed the cost and manpower involved in the clean-up operation.

CryptoWall compromises 40,000 UK citizens

CryptoWall compromises 40,000 UK citizens

Research just published claims to show that ransomware - in the shape of CryptoWall - is still generating healthy volumes of income for the cyber-criminals behind the code.

Microsoft pulls Windows 7 and Windows Server 2008 elements of Patch Tuesday

Microsoft pulls Windows 7 and Windows Server 2008 elements of Patch Tuesday

Microsoft has unexpectedly withdrawn a key element of its Patch Tuesday operating system refresh after discovering a flaw in an update for Windows 7 and Windows Server 2008.

Black market data trading at an all-time high

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Alert Logic opens European HQ in Wales

Alert Logic opens European HQ in Wales

US-based security-as-a-service provider Alert Logic opened a Security Operations Centre (SOC) in Cardiff, Wales today in a move that has created almost 130 jobs for local employees.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a Google website.

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from £24,000 to £52,000.

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in mass surveillance'

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results to third parties

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and third parties.

China denies new FBI hacking claims

China denies new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new CISO in January

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set to replace him.

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name being used to target SCADA-based systems.

Russian-speaking criminals account for £420m of card fraud annually

Russian-speaking criminals account for £420m of card fraud annually

New research claims to quantify the scale of card fraud in Russian speaking circles. And according to Group-IB's analysis over the last year, that fraud clocks in at a hefty £420 million (US $680 million).

Light-based printer attack overcomes air-gapped computer security

Light-based printer attack overcomes air-gapped computer security

Multi-function printers - a route to bypass air-gapped computer security.

UK banks urged to share more intel on cyber-threats

UK banks urged to share more intel on cyber-threats

Cyber security and banking experts say that British banks and other financial institutions must share intelligence on threats if they are to beat cyber-criminals and protect critical assets.

Citizenfour - snowden film trailer

Drupal Association fixes critical SQL injection flaw

Drupal Association fixes critical SQL injection flaw

The Drupal Association - a non-profit tasked with fostering and supporting the Drupal open-source content management framework coded in PHP - has patched a critical SQL injection vulnerability in version 7.

Dramatic increase in data breach costs

17 percent of European APTs now targeting UK entities

17 percent of European APTs now targeting UK entities

Research just published claims to show that the UK and Germany are the most targeted areas of Europe when it comes to APTs (Advanced Persistent Attacks).

Android 5.0 Lollipop represents a leap forward in security terms

Android 5.0 Lollipop represents a leap forward in security terms

Android 5.0 - code name L for Lollipop - has been released to hardware vendors this week, with several handset vendors, notably Google and Motorola, planning to push out the updated operating system in the next few days.

Average Briton has 19 passwords

Average Briton has 19 passwords

A new study from Cyber Streetwise reveals that Britons are using more passwords than a year ago, but warns that most of these are not complex and thus easier to crack.

CISOs should hire behavioural psychologists to beat the insider threat

CISOs should hire behavioural psychologists to beat the insider threat

Two information security consultants believe that the much-publicised insider threat - where a company employee leaks data intentionally or unconsciously - could be countered by building employee loyalty and hiring behavioural psychologists.

Global security firms cooperate against Chinese hackers

Global security firms cooperate against Chinese hackers

Ten cyber-security companies have cooperated to pool intelligence and combat Chinese APT actors.

Poodle flaw opens encrypted web traffic to attack

Poodle flaw opens encrypted web traffic to attack

Systems admins are being warned of a newly discovered 'industry-wide' bug dubbed 'Poodle' that allows attackers to decode encrypted traffic running over the internet.

China takes cyber war to Australia

China takes cyber war to Australia

State hackers try to avoid detection by working Australian business hours - except Chinese public holidays.

Russian cyber-spies use Windows zero-day to hit NATO

Russian cyber-spies use Windows zero-day to hit NATO

A Russian cyber-espionage group has used a dangerous Microsoft Windows zero-day bug - being patched today - to attack targets including NATO, a western European government, a French telecoms firm, Polish energy companies and a US academic organisation.

Millions affected by Dropbox breach - but is it a scam?

Millions affected by Dropbox breach - but is it a scam?

An anonymous group of hackers claims to have compromised seven million Dropbox accounts, although there is early speculation that this could be a Bitcoin scam or duplicate data coming from an earlier breach.

JPMorgan to double cyber security spending to £310 million after hack

JPMorgan to double cyber security spending to £310 million after hack

The CEO of US investment bank JPMorgan says the company will double its spending in cyber-security following a data breach which affected approximately 84 million account holders.

Hundreds of thousands of naked Snapchat pictures leaked by hackers

Hundreds of thousands of naked Snapchat pictures leaked by hackers

Intimate images of up to 200,000 Snapchat users have been leaked onto the internet after hackers compromised a third-party.

Symantec to split in two for security and storage

Symantec to split in two for security and storage

US anti-virus manufacturer Symantec is to split its operations into two publicly traded firms that will focus on security and information management.

Microsoft says NSA spying hit trust in the cloud

Microsoft says NSA spying hit trust in the cloud

A senior Microsoft spokesman says that government surveillance has damaged trust in the cloud and in the company itself, pushing the latter to focus more on data privacy and security.

e-book reading habits logged and possibly leaked by Adobe

e-book reading habits logged and possibly leaked by Adobe

Adobe has been accused of 'spying' on its users through a new free app that collects their personal credentials and details of the e-books they read, then transmits the data in plain text.

Met Police and NCA: UK businesses are not helping fight cyber-crime

Met Police and NCA: UK businesses are not helping fight cyber-crime

Two of the UK's top cyber crime-fighters have accused financial institutions and other companies of failing to share information about cyber-attacks because of 'mutual suspicion' between police and the private sector.

DDoS attacks: slow and smart is the order of the day

DDoS attacks: slow and smart is the order of the day

DDoS attacks: evolution changes the attack vectors

Pan-European research shows 226m personal records breached over the last decade

Pan-European research shows 226m personal records breached over the last decade

Data breaches - a serious problem over the last decade...

Shellshock flaw hits Lycos and Winzip - but not Yahoo

Shellshock flaw hits Lycos and Winzip - but not Yahoo

Just when you thought the Shellshock vulnerability issue couldn't get any more complex, a "handful" of Yahoo's servers were apparently infected by malware at the start of the week.

Bruce Schneier: 'Incident response is failing'

Bruce Schneier: 'Incident response is failing'

Renowned cryptographer Bruce Schneier took aim at the security industry and poor incident response planning during a typically forthright talk in London yesterday.

GCHQ wants to become more transparent, claims web pioneer

GCHQ wants to become more transparent, claims web pioneer

Sir Tim Berners-Lee, widely-recognised as the inventor of the World Wide Web, has claimed that the UK's electronic surveillance and oversight body GCHQ is trying to become more transparent on spying.

Belkin software update downs modems - even if you didn't ask for an update

Belkin software update downs modems - even if you didn't ask for an update

Automated modem updates crash systems

500,000-strong botnet swarm harvests bank account credentials en-masse

500,000-strong botnet swarm harvests bank account credentials en-masse

Qbot: 500,000 reasons to patch/update your system

Hackers develop ATM-specific malware: cardless withdrawals, 40 notes at a time

Hackers develop ATM-specific malware: cardless withdrawals, 40 notes at a time

ATMs: easy cash from the bank, if you know how...

Web inventor Sir Tim Berners-Lee sees future of 'trackable' data

Web inventor Sir Tim Berners-Lee sees future of 'trackable' data

Sir Tim Berners-Lee talked up the importance of web neutrality and how 'rich and trackable' data will be essential in solving issues around online privacy.

NCA wants more powers to snoop on Brits

NCA wants more powers to snoop on Brits

The backlash against international cyber-crime strengthened this week with the head of the UK's National Crime Agency (NCA) calling for more powers to 'snoop' on British citizens.

Government trains lawyers and accountants in cyber threat

Government trains lawyers and accountants in cyber threat

Lawers and accountants are identified as weak liinks in the cyber security chain when it comes to holding high value confidential data without adequate safeguards.

Apple blacklists 'iWorm' malware which infected 17,000 Macs

Apple blacklists 'iWorm' malware which infected 17,000 Macs

Apple has moved to update its XProtect anti-virus solution for Mac OS X after a research firm discovered a new piece of malware infecting more than 17,000 computers.

JPMorgan hack sees financial services turn spotlight on cyber security

JPMorgan hack sees financial services turn spotlight on cyber security

The JPMorgan hack is already having a knock-on effect in the UK, with the government and private sector seeking to better protect financial institutions from cyber-criminals.

London police boosts cyber-crime fighting and CNI threat tackled

London police boosts cyber-crime fighting and CNI threat tackled

In a double boost for the UK's cyber security, London's Met Police has launched a new cyber-crime and fraud team called Falcon, while the Government has pumped £2.5 million into protecting the critical national infrastructure from cyber-attacks, with security firm Thales playing a role.

Asda insurer and 83m JPMorgan customers hacked

Asda insurer and 83m JPMorgan customers hacked

A UK-based insurer has joined banking group JPMorgan in admitting this week that it has been hacked, with 83 million customer accounts compromised on the latter.

State-sponsored attacks expected to get worse

State-sponsored attacks expected to get worse

A loss of confidence in perimeter defence has led many infosec professionals to question the ability of their organisation to withstand Advanced Persistent Threats (APTs).

Xen hypervisor found wanting on security

Xen hypervisor found wanting on security

The Xen hypervisor - an open source project that forms the basis of a wide range of virtualised servers - has been found to be vulnerable to a new attack vector.

Shellshock vulnerabilities exploited in the wild

Shellshock vulnerabilities exploited in the wild

Linux: open source software is highly pervasive making the Shellshock vulnerability potentially more serious than Heartbleed.

WordPress: a new security flaw revealed

WordPress: a new security flaw revealed

Updating of WordPress versions advised to avoid exposure to new vulnerability

57% of UK adults want a Digital Bill of Rights

57% of UK adults want a Digital Bill of Rights

While there is now dissatisfaction with web security and calls, led by Sir Tim Berners-Lee, for a Digital Bill of Rights in the UK, commentators do not believe it would be practical.

US DoJ arrests four men - charges them in connection with $100m worth of hacking IP losses

US DoJ arrests four men - charges them in connection with $100m worth of hacking IP losses

Third-party vendor route for hackers grants access to US government, Microsoft and games manufacturers.

Shellshock: Millions of servers under attack

Shellshock: Millions of servers under attack

In the wake of Shellshock, end-users and security managers race to patch web servers and desktops, but may be forgetting vulnerable embedded devices.

Londoners agree to give child away in return for free WiFi

Londoners agree to give child away in return for free WiFi

Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

The UK a top target for phishing attacks

Cybercrime-as-a-service the new criminal business model

Cybercrime-as-a-service the new criminal business model

A new report from Europol's European Cybercrime Centre (EC3) reveals that cybercrime is being increasingly commercialised, and by criminals who use legitimate services to hide their activities.

Facebook and WhatsApp rivals hit by DDoS attacks

Facebook and WhatsApp rivals hit by DDoS attacks

Two technology start-up companies which are seen as more secure alternatives to Facebook and WhatsApp were hit by distributed denial of service (DDoS) attacks over the weekend.

CERT-UK produces free report on cloud security

Apple now the most frequently phished brand in the world

Apple now the most frequently phished brand in the world

Phishing for Apples becomes a popular cyber-criminal sport

19 million Windows PCs still vulnerable to Stuxnet zero-day

19 million Windows PCs still vulnerable to Stuxnet zero-day

The Stuxnet worm is still threatening IT systems some three years after its role in damaging Iranian nuclear equipment.

EU regulators fire warning shots across Google's bow on data privacy

EU regulators fire warning shots across Google's bow on data privacy

EU vs Google: the data privacy battle continues...

UK government contractors must comply with Cyber Essentials

UK government contractors must comply with Cyber Essentials

The British government will demand that all its suppliers comply with the five cyber security requirements set out by the Cyber Essentials scheme from October 1.

Confidence plummets, both internally and externally, for breached companies

Confidence plummets, both internally and externally, for breached companies

In the wake of highly publicised major retailer data breaches, consumers and company executives alike demonstrate a substantial lack of confidence in data breach response planning, studies reveal.

Sign up to our newsletters