Top ten hacker tools identified - misuse of legitimate tools dominates inside the network.
Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week.
An extradition hearing in London today heard claims that Lauri Love would kill himself if extradited to the US to face trial for allegedly hacking several US federal agencies.
Russia's lower house of parliament approved sweeping anti-terrorism legislation that requires companies to decrypt any message sent by users.
Yet another bank has been hit via the SWIFT messaging system, this time in Ukraine. This may only be the fifth publically disclosed SWIFT heist, but commentators suggest that there plenty of silent victims
A disgruntled ex-employee of an insurance firm uploaded the personal details of 112,000 French police officers to a Google Drive account on June 2, possibly exposing the officer's personal information, including addresses.
Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.
Tens of thousands of security cameras are the newest recruits to an DDoS botnet, noted for its powerful and unrelenting attacks
A Google encryption vulnerability could allow bad actors to hijack video content from protected videos.
The BBC is reporting that after surveying 1000 of its members, the Institute of Directors (IoD) has found that a quarter planned to freeze recruitment and five percent would be planning to cut jobs.
Russian officials deny any state involvement in cyber-attacks on Geman parliament.
Doctors and nurses would rather save a patient's life than adhere to infosec best practices, according to new research into healthcare cyber-security.
The House of Commons Petitions Committee has revealed that over 77,000 fraudulent entries were entered into the petition asking for a second EU referendum.
Check Point Software Technologies is claiming that once it released the Check Point Investigative Report, the Nuclear Exploit Kit shut down its entire infrastructure and ceased operation.
Three weeks after hijacking Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts, the mischievous OurMine hacking group appears to have briefly seized control of Google CEO Sundar Pichai's Quora account.
Following the announcement on Friday that the country had voted in favour of leaving the EU, commentators have been assessing the impact on UK tech.
The British public has voted to leave the European Union by a margin of 52 to 48 percent. Are there any implications for people working in the cyber-security industry?
Rapid7 yesterday publicly disclosed a class of vulnerabilities in Swagger-codegen, a code generator for the OpenAPI specification, aka Swagger.
Godless, an emerging mobile malware threat capable of rooting Android phones, has started to adopt the traits of an exploit kit, in that it searches for multiple vulnerabilities through which it can automatically infect a victim.
The latest In Case You Missed It (ICYMI) recalls GDPR ignorance, ICO somnolence, GCHQ song and dance, Guccifer arrogance and the many cases of basic lack of vigilance.
In the ongoing saga of Chinese-American economic espionage, a Chinese ex-IBM employee has been arrested for trying to sell source code and trade secrets to the Chinese government.
Dridex and Locky delivered to victims via compromised computers as the Necurs botnet, dark since late May, starts up again.
Darktrace's CTO, Dave Palmer, says that while ransomware is on the rise and law enforcement can do very little to help, we are living in a "golden age of criminality".
Many IT professionals are still unaware of what the EU GDPR means to their organisation with 20 percent being oblivious to the possibility that a data breach could lead to fines of up to €30m (£23m) or four percent of annual turnover.
Conficker maintains its rank as the most common malware family, according to Check Point's May 2016 Threat Index.
A photograph of Facebook founder Mark Zuckerberg has been released showing tape being used to cover his MackBook Pro's webcam and microphone. The photo was uploaded to celebrate Instagram reaching 500 million users on Tuesday.
Raj Samani, CTO EMEA of Intel Security, has warned of the risks of employees networking online. As social networking sites contain a wealth of information on an organisation, they can be a treasure trove for criminals wanting to carry out email-based attacks.
Lizard Squad is best known for launching DDoS attacks against Microsoft Xbox Live and Sony PlayStation Network, and doing so 'for the lulz!' SC Magazine UK has been pondering whether the motivation actually matters?
The US Cyber-Command is hesitant to shut down the Islamic State's online capability, and with apparently good reason
A team of Check Point researchers has tracked two large waves of attacks using Cerber ransomware in the last few months, with more spikes in the number of incidents expected.
Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.
SCMagazineUK.com caught up with Pen Test Partners' Ken Munro at InfoSec 2016 to talk about how he recently hacked his own Mitusbishi Outlander Hybrid
Google has introduced a new process that simplifies two-factor authentication for users to secure access to accounts and web-based services.
Nick Ioannou, head of IT for the Ratcliffe Groves Partnership, draws on his 26 years of experience in IT to claim using a combination of 26 different cloud based services means the company has IT power which could "compete with the big boys" in his industry.
Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products.
For the fourth consecutive year, NSFOCUS has received the honour of the Microsoft Mitigation Bounty Award.
As if we didn't know it, ransomware is on the rise but Kaspersky Lab has produced statistics to benchmark just how bad the problem is getting.
GCHQ has released a new document advancing the 'operational case' for bulk collection, arguing that fighting terrorism is only part of the picture.
Phishing attacks lead to rogue "bulletproof" hosting firm which has a history of hosting malware and other illegal content, researchers claim.
Sky's CISO and head of content protection, Philip Davies, explains why Sky's data governance strategy is focused on clear lines of communication throughout the organisation.
Apple has released an unencrypted version of its latest operating system for iOS 10, giving security researchers an unprecedented opportunity to scour the kernel for security flaws.
In the UK, the rate of successful 'visual hacks' — many achieved by viewing people's computer screens — was 87 percent. The worldwide average is 91 percent.
Customers are at risk of marketers using the data to approach them with unsolicited offers.
Hackers used login information to launch a "sophisticated password attack" to login to Citrix's GoToMyPC user accounts, according to a company blog post.
FireEye's new report assesses the fluctuations in Chinese cyber-activity since Barack Obama and Xi Jinping's momentous talks on intellectual property theft last year.
Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC
British workers prefer putting their trust in a European Union (EU) state to store their data (40 percent) rather than their own country (38 percent) or those from outside the EU (22 percent).
The Culture, Media and Sport Committee report on cyber-security opened with criticism of the ICO and then moved on to recommendations for escalating the visibility of cyber-security within organisations.
A new report has called for greater accountability and oversight in the way the government reports the software vulnerabilities that it discovers.
The ScarCruft group have left victims all over the world by using a previously unknown zero-day vulnerability in the Adobe Flash Player, according to Kaspersky Lab which has dubbed the attack Operation Daybreak.
Almost half (46 percent) of UK consumers would sacrifice their membership to the gym instead of their internet connection.
GitHub reported on 14 June someone launched a campaign to access several GitHub.com accounts using stolen login credentials.
Acer has suffered a data breach in its online store. Users that accessed its e-commerce site between 28 April 2016 and 12 May 2016 may have had their information compromised due to unauthorised access of a third party.
Project Bletchley has been introduced by Microsoft and will use blockchain to secure financial transaction history and protect against fraud
A hacker named Guccifer 2.0 has come out to claim responsibility for the recent hack on the Democratic National Committee
Ground Labs have identified tonnes of data left lying around, and many UK organisations unaware of what that means for the incoming GDPR
In a first of its kind case, an ISIS-linked hacker pleaded guilty to providing material support to a designated foreign terrorist organisation.
That ransomware is a problem cannot be doubted. Whether the current level of media coverage, fuelled by vendor press releases, is doing more harm than good is more open to debate..
Councils in the UK are being held to ransom by cyber-criminals attempting to collect profitable financial rewards.
Updates are available following US Computer Emergency Response Team (CERT) issuing advisory warning of "weakly protected" credentials in Siemens SIMATIC WinCC flexible industrial control system.
Russia is planning to find ways to fight cyber-criminals specialising in the theft of bank-card personal data.
An employee in the IT department of Mossack Fonseca, recently the subject of a massive leak, has been arrested in Geneva sparking suspicion that this may have been 'the inside man'
While cyber-criminals work together, businesses and law enforcement have a harder time doing so.
Following the Orlando tragedy, an Anonymous hacker hijacked the Twitter accounts of ISIS supporters and flooded their profiles with gay porn.
IBM Security today announced the results of a global study which found that the average cost of a data breach for companies surveyed has grown to £2.8 million, representing a 29 percent increase since 2013.
Mikko Hypponen undressed the recent SWIFT affiliate heists at Infosec 2016
TalkTalk confirms that firm does not use TeamViewer, while TeamViewer confirms position of innocence -- problem still exists, move your mouse if you're in a panic.
Online gaming can become a gateway into cyber-criminality for vulnerable young people, according to a report from CREST and the NCA which recommends strategies for diverting gamers into more socially useful activities.
Russian government hackers apparently broke into the Democratic National Committee (DNC) computer system and accessed the party's entire database on Republican candidate Donald Trump.
While most IT professionals acknowledge the growing amount of IoT devices on their networks, they are unaware of how to properly secure them.
Along with the significant worldwide increase of mobile transactions for the booking of flights, hotels and rental cars during the summer months, fraudulent activity against online travel companies go up as well.
Kaspersky Lab researchers spotted a unique Russian banker trojan, dubbed "Lurk" targeting various industries.
While Microsoft's £18.6 bil ($26.2 billion) acquisition of data-rich LinkedIn will enhance business, the company has not yet said how it plans to protect the privacy of personal data of LinkedIn members.
Two researchers have found a rather annoying exploit in the Telegram encrypted communications app
Most (82 percent) of the UK's small and medium sized businesses (SMEs) have not heard of or are unsure about the impact of the GDPR taking effect in under two years.
DNS attacks are costing businesses more than $1 million (£702K), however 25 percent of organisations still are not implementing any kind of basic security software
The recent tragedy at the Orlando nightclub has perhaps given new meaning to a report by ICIT on how radical groups like IS use social media to radicalise potential recruits
South Korean law enforcement officials said North Korea spent two years hacking into more than 100,000 computers as a prelude to a nationwide cyber-attack.
ISC(2) CEO David Shearer says APAC suffers from same cyber-skills gap despite putting out more qualified STEM majors.
The Daily Star newspaper is reporting that a new device has surfaced online which has the ability to clone 15 contactless bank cards a second.
A new version of banking malware includes updates that break tools typically used by security researchers to analyse the Vawtrak trojan.
Plans are being hatched to prevent return-oriented programming attacks on memory flaws
Market forces are beginning to have an effect on zero days, evidenced by a new drop in the price of a significant zero-day.
Security company Ipswitch has released new research which has shown that intelligent systems are coming fast but businesses are ill equipped to protect themselves from them.
An alarming 36 percent of businesses have yet to develop a cyber-attack response plan.
Researchers discovered an exploit against Background Intelligent Transfer Service, a component of Microsoft's Windows 2000 that is used to transfer files asynchronously between a client and a server.
Cisco Talos stated today that it has a Teslacrypt decryptor tool up and running and ready for download that will work against any variant of this ransomware.
Three quarters (75 percent) of cloud apps are not GDPR-ready as they lack key capabilities to ensure compliance. 11 percent of enterprises have sanctioned apps laced with malware, indicating that cloud apps are a growing and vulnerable threat vector.
Change of tactics from cyber-criminals may be an attempt to bypass signature detection and improve infection performance.
In the drive to increase efficiency, organisations have outsourced many 'non-core' functions so how can they mitigate the information risks of using third-party IT suppliers?
Skype is being used to distribute QRAT malware to unsuspecting travellers looking for help on filling out US, travel documents.
Most organisations do not possess confidence in their ability to protect data after experiencing a data breach. One third have experienced a data breach in the past year.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- UK Cyber-security after Brexit: May not be as bad as it first appears
- Malware spawns botnet in 25,000 connected CCTV cameras
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Brexit will 'prove challenging' to UK universities and tech sector
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?