OVH suffers 1.1Tbps DDoS attack

OVH suffers 1.1Tbps DDoS attack

An internet hosting company has been the subject of a distributed denial of service attacks the likes of which the world has never seen

Yahoo to be sued over mega breach

Yahoo to be sued over mega breach

Yahoo is being sued by a customer who is angry that the web giant did not do enough to protect his personal data

Uber prevents fraud and protects driver accounts with selfies

Uber will now require drivers to take selfies to prevent fraud and protect their accounts from compromise.

Yahoo mega-breach raises key questions, criticisms

Yahoo mega-breach raises key questions, criticisms

One day after Yahoo disclosed one of the largest data breaches in history, Internet and data security experts continue to weigh in on the historic incident that compromised over 500 million user accounts. To that end, SC presents three key questions...

Lithuania launches National Cyber-Security Centre as Eastern Europe ramps up cyber-defences

Lithuania launches National Cyber-Security Centre as Eastern Europe ramps up cyber-defences

The Lithuanian government has officially launched the country's National Cyber-Security Centre (NKSC) amid increased efforts by Eastern European countries to protect themselves against potential cyber-attacks.

CYBERSEC Poland: State sector challenged over cooperation

CYBERSEC Poland: State sector challenged over cooperation

No countries are cyber ready. That was the message from Melissa Hathaway, author of the Cyber Readiness Index and former presidential advisor at the first opening plenary speech at CYBERSEC 2016.

Pippa Middleton's iCloud account hacked

Pippa Middleton's iCloud account hacked

A man who allegedly hacked into the iCloud account of Pippa Middleton, sister of the Duchess of Cambridge, has been arrested.

Cities planning transparency laws for police surveillance tech

Cities planning transparency laws for police surveillance tech

In cities around the US, campaigns are being mobilised to allow greater accountability when it comes to surveillance policy.

Cyber-space wars may require new international regimes

While it might not include the Death Star cyber-warfare among the stars is almost inevitable.

Google reverses Allo policy, raising ire of privacy groups

The version of Allo that Google released on Wednesday will indefinitely store messages until they are manually deleted by the user.

ICYMI: Equation group, Hutzero, Cyber-security unemployment, CEO responsibility and Lord Blunkett

ICYMI: Equation group, Hutzero, Cyber-security unemployment, CEO responsibility and Lord Blunkett

This week: Leaked NSA hacking tools go to work on Cisco customers, The first class of a new cyber-security school graduates, European CEOs no longer pass the buck on security, and Lord Blunkett opens a Cyber-Highway

SC Roundtable: The Threat Landscape

SC Roundtable: The Threat Landscape

A host of security professionals joined SC yesterday for a frank discussion on the looming threat landscape

Swift details measures to increase security of global banking payments network

Swift details measures to increase security of global banking payments network

Swift is rolling out a series of new security measures to prevent another Bangladesh bank heist

Krebs dropped by Akamai for record DDoS attack, OVH suffers 1100 Gbps DDoS

Krebs dropped by Akamai for record DDoS attack, OVH suffers 1100 Gbps DDoS

DDoS mitigation giant Akamai have made the strategic decision to remove Brian Kreb's website from their servers from a huge record-breaking DDoS attack of 626Gbps, now OVH is reporting of a 1100Gbps DDoS.

50% of European SMEs say data security is a major barrier

Security raises concerns with half of SMEs saying data security is the major barrier between their organisation and the digital workplace. Another 30 percent believe cost is the key issue.

Email of White House staffer hacked, purported scan of First Lady's passport leaked

Email of White House staffer hacked, purported scan of First Lady's passport leaked

The White House has announced a cyber-security breach, as a purported photocopy of Michelle Obama's passport appears online.

Malicious apps leveraging top UK brands has increased by 130%

The number of malicious apps leveraging top UK brands has grown by 130 percent year on year.

Yahoo! confirms 500 million users affected in data breach

Yahoo! confirms 500 million users affected in data breach

Yahoo! has confirmed a major data breach of its systems, with the number of users affected standing at 500 million. It is currently suspected to be a state-sponsored attack, as it has similarities to other Russian attacks.

Malicious websites visited every five seconds by enterprise workers, report

Malicious websites visited every five seconds by enterprise workers, report

A user at an enterprise organisation accesses a malicious website every five seconds, according to research published by CheckPoint.

FT Cyber Summit: CoL police commander: 'remember the human victims of cyber-crime'

FT Cyber Summit: CoL police commander: 'remember the human victims of cyber-crime'

A senior commander for the City of London Police encouraged IT professionals at the FT Cyber Summit to remember the human cost of cyber-crime.

White hats save greybeards from black hat attack

White hats save greybeards from black hat attack

As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?

Global study: Is IT security making progress against cyber-attacks?

Global study: Is IT security making progress against cyber-attacks?

CyberArk's 10th annual Global Advanced Threat Landscape Survey conducts research on global enterprises and whether they are learning from cyber-attacks and what priorities are being influenced.

Clapper: Russia has a long history of trying to interfere with elections

Director of national intelligence James Clapper said there have been previous instances of Russian attempts to influence US elections going back to the 1960s.

North Korea has only 28 registered domains, leak shows

Security engineer Matt Bryant posted details of North Korea's registered domains after a misconfigured nameserver revealed details.

Ursnif banking Trojan targets Australia with new evasive macros

On 19 September, the TA530 group sent personalised emails utilising company names, personal names, titles and more to deliver malicious Word documents.

76% of security pros believe threat intelligence should be shared

76% of security pros believe threat intelligence should be shared

Many security professionals believe that they have a moral responsibility to share threat intelligence

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

FT Cyber-Summit: Ilia Kolochenko - throwing cash on the fire doesn't work

High-Tech Bridge CEO Ilia Kolochenko advised a crowd at today's FT Cyber-Summit that we should all "keep is simple", as most breaches happen due to "obvious" mistakes.

Cloudflare looks to TLS 1.3 to secure internet

Cloudflare looks to TLS 1.3 to secure internet

Amongst various security features, cloud-provider Cloudflare looks to TLS 1.3 to secure internet.

Ponemon study: business innovation and IT security often do not go hand in hand

Ponemon study: business innovation and IT security often do not go hand in hand

New research from the Ponemon Institute in partnership with Micro Focus claims business innovation and IT security often do not go hand in hand.

Former insurance employees appear in court over data leak

Former insurance employees appear in court over data leak

Two people have been charged with bribery offences, following an investigation into the suspected leak of confidential data by a former employee of insurance firm LV=.

FT Cyber-Summit: SWIFT's CISO shares new security strategy

FT Cyber-Summit: SWIFT's CISO shares new security strategy

SWIFT's CISO, Alain Desausoi, took the stage today at the FT Cyber-Summit to announce the changes the company has planned to prevent further breaches of its systems.

Google Play again used to host malware-laden apps; this time, Overseer

Google Play continues to be a playground for cybercriminals with Google recently having to remove four apps from the store because they were distributing a new form of malware dubbed Overseer.

SWIFT introduces daily reporting system for member customers

SWIFT introduces daily reporting system for member customers

SWIFT has introduced a daily reporting system intended to help members of the financial messaging system identify fraudulent payments made over the network.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

Video: ISF's Durbin advises orgs to protect mission critical info assets

Information Security Forum managing director Steve Durbin sat down with SCMagazine.com executive editor Teri Robinson to discuss how organisations can better protect their mission critical information assets.

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Researchers claim they were able to crack into Tesla's CAN Bus to achieve remote control of the electric car and the DoT just issued a new policy concerning automated vehicles.

WordPress plugin update leads to thousands of sites exposing users to adware

Paul Bischoff, security and privacy advocate for Comparitech.com is warning website owners who use the Simple Share Buttons plugin for WordPress that clicking to "accept" the terms and conditions of the latest update could allow their websites to subject users to threats.

NSA hacking tools used against Cisco customers

NSA hacking tools used against Cisco customers

The Shadow Brokers' dump of NSA-linked hacking tools are now being used against Cisco customers

Lord Blunkett launches online cyber-essentials portal

Lord Blunkett launches online cyber-essentials portal

Ex-home secretary Lord Blunkett has today launched the Cyber Highway, an online portal to manage Cyber-Essentials certification.

Cybersecurity unemployment rate at zero

Cybersecurity unemployment rate at zero

Given the widely publicised skill shortages, it should come as no surprise to find no unemployment in cyber security.

Payment fraud growth accelerates

Payment fraud growth accelerates

Including fraud in the UK crime figures resulted in online crime overtaking physical crime, now Financial Fraud Action UK (FFA UK) reports that fraud in the payments sector has jumped 53 percent over last year.

Locky developers upgrade ransomware's ability to perform offline encryption

A new analysis of Locky ransomware configurations by IT security firm Avira has revealed improved offline capabilities that enhance its ability to automatically encrypt victims' files, without interaction with a command-and-control server.

Crysis ransomware now attacking businesses in Australia and New Zealand

Crysis ransomware now attacking businesses in Australia and New Zealand

Australian and New Zealand businesses are being hit with a ransomware campaign.

No one above the law: the message from the Lauri Love extradition

No one above the law: the message from the Lauri Love extradition

Analysis of Judge Tempia's decision to grant the request of the United States government to extradite computer activist Lauri Love to face multiple charges related to computer hacking.

Energy sector over-confident about IT security capacity

Energy sector over-confident about IT security capacity

A survey by Tripwire has found that utilities think they can detect hackers despite not having the right tools.

85% of Brits trust banks the most to offer biometric authentication

When it comes to the protection of their biometric data, British people are nearly twice as likely to trust banks (60 percent) than government agencies (33 percent) in doing so.

54% of European CEOs are taking responsibility for cyber-security

More than half (54 percent) of CEOs in European companies are taking responsibility for cyber-security as it is now considered to be an executive responsibility.

Researcher posts paper detailing US$100 iPhone 5C NAND mirroring device

Researcher posts paper detailing US$100 iPhone 5C NAND mirroring device

Cambridge researcher Sergei Skorobogatov has released a paper detailing a proof-of-concept, which is accompanied by a YouTube video explaining how he is able to crack the iPhone 5c passcode screen.

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

Gov-funded boot camp for cyber-security entrepreneurs graduates first intake

HutZero, a first of its kind boot camp designed to help budding cyber-security entrepreneurs turn their ideas into viable business opportunities, opened last Friday. The entrepreneurs will now begin the three-month long mentorship programme to help realise their ideas.

Uber, Airbnb, Dropbox, and others form coalition to evaluate vendor cyber-risks

VSA coalition forms with the goal of streamlining the vetting process that businesses use for evaluating vendors' cyber-security risks.

ICYMI:Seagate, DGSE, CREST and the NSA, Google encryption shaming and the NAO wags its finger at the cabinet

ICYMI:Seagate, DGSE, CREST and the NSA, Google encryption shaming and the NAO wags its finger at the cabinet

This week: Hackers hit Seagate, French confirmation of foreign hacking, CREST takes the reins from the NSA, Google starts encryption shaming and NAO criticises cabinet office Infosec

Video: Lauri Love to be extradited to the US for alleged hacking charges

Video: Lauri Love to be extradited to the US for alleged hacking charges

A judge at London's Westminster Crown Court has ruled that alleged hacker Lauri Love is to be extradited to the US where he is accused of hacking into various government departments.

Trump campaign leaks details from interns' resumes

Trump campaign leaks details from interns' resumes

Donald Trump's contentious campaign for the presidency has taken another controversial turn as his website was found leaking the CVs of his interns

Project Zero hacking contest targets remote code execution flaws

Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.

Eurekalert news service attacked

Eurekalert news service attacked

Scientific news service EurekAlert suffered a breach which saw the login details of thousands of journalists stolen. The company has now reformed the technology behind its website and is promising a brand new login system.

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research reveals the opportunities EU employees are presenting to cyber-attackers on social media

Research from Blue Coat Systems shows how despite the increased use of social media, workers are still failing to fully protect themselves from complex social engineering techniques

Researcher believes major DDoS attacks part of military recon to shut down internet

Researcher believes major DDoS attacks part of military recon to shut down internet

The attacks targeted major companies that provide internet infrastructure and appear to have probed the companies' defenses to determine capabilities.

Quant Loader Trojan downloader spotted in the wild

Forcepoint has come across a new Trojan downloader called Quant Loader that has been spotted distributing Locky Zepto crypto-ransomware and Pony malware.

50% of UK consumers won't work with a company that has been hacked

50% of UK consumers won't work with a company that has been hacked

New research from F5 Networks reveals that Brits have a conflicting view on cyber-crime.

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Hinkley Point C nuclear power station to go ahead with Chinese involvement despite previous concerns

Despite concerns over security from both the Prime Minister and one of her chiefs of staff, Hinkley Point C nuclear power station has been given a green light today for construction with backing from China.

GCHQ planning use of DNS filters to curb cyber-attacks

GCHQ planning use of DNS filters to curb cyber-attacks

Boss of GCHQ and the new NCSC has revealed plans that the spy agencies are planning to partner with UK ISPs to use DNS filtering to curb cyber-attacks.

89% of mobile users wouldn't know if their device was cyber-attacked

A majority of mobile users (89 percent) wouldn't know if their device has been infected through a cyber-attack, revealing a massive lack of awareness of cyber-threats.

1 in 50 employees a malicious insider?

A survey recently conducted by Imperva showed that 36 percent of surveyed companies have experienced security incidents involving malicious employees in the past 12 months.

Half of UK students want data security training

Half of all students in the UK have no security software installed on any of their devices, even though a quarter of teenagers are 'almost constantly' connected.

Trojan distribution methods highlight need for info sharing in financial services industry

Trojan distribution methods highlight need for info sharing in financial services industry

As financial institutions scramble to prevent more attacks like the cyber heists that targeted SWIFT members, a recent report offers additional cause for the sector to improve information sharing practices.

Report uncovers the underground healthcare data market

Report uncovers the underground healthcare data market

A new report from the Institute of Critical Infrastructure Technology undresses what happens to private medical data after its stolen from the hospital and the heaving marketplaces it ends up in

Cold case: Finnish police advise owners to store smart keys in fridge

Finnish police are advising owners of cars with "smart" locking systems to put the keys in the fridge when they are at home.

500+ vulns reported to the National Vulnerability Database in 1H 2016

Vulnerabilities are on the rise, with 516 reported to the National Vulnerability Database in the first half of 2016 compared to only 403 total vulnerabilities were reported in 2015.

Fancy Bear hacks World Anti-Doping Agency

Fancy Bear hacks World Anti-Doping Agency

Infamous APT group, Fancy Bear, has hacked into the World Anti-Doping Agency and published the medical records of top US athletes.

Cost of Delta's IT outage amounted to roughly US $150 million

The total cost of US airline Delta's recent five-hour IT outage was estimated at $150 million (£114 million). The outage saw over 2,000 flights either cancelled or massively delayed for three days in August.

Ransomware up 3000% since first recorded, now targeting hospitals

Ransomware up 3000% since first recorded, now targeting hospitals

In its September 2016 Threat Report, Intel Security describes how ransomware attacks are up 3000 percent since records began in 2012, and why attackers are now turning to the healthcare industry.

Cross-site scripting vulnerability found on Google's French website

Cross-site scripting vulnerability found on Google's French website

Sacre Bleu!: A type of XSS vulnerability has been discovered in the French version of Google

[Updated] NAO slams Cabinet Office for lack of leadership in information security

[Updated] NAO slams Cabinet Office for lack of leadership in information security

A fresh report from the National Audit Office says the Cabinet Office has failed to get to grips with information security across government departments.

Leaked Stingray documents reveal features and ease of use

Using mass surveillance software without a warrant is almost as easy as installing Skype.

VoIPtalk informs customers of possible data breach

The UK voice over IP provider VoIPtalk has emailed a notification to customers warning of the potential compromise of user login credentials.

Millions of Russians still losing personal data online

Millions of Russians still losing personal data online

Millions of Russians are still losing personal data online thanks to using vulnerable websites and being hacked.

UK orgs must adopt higher security requirements to pay staff

If UK businesses don't accommodate higher security requirements by 19 September, they could miss salary payments.

Cyber-attacks now cost enterprises US $861K per security incident

On average, a single cyber-security incident now costs large businesses US $861,000 (£652,000). Meanwhile, small and medium businesses (SMBs) pay $86,500 (£65,500).

CREST takes over cyber-assurance programme from NSA in America

CREST takes over cyber-assurance programme from NSA in America

The National Security Agency has handed over responsibility for operating and promoting its CIRA accreditation programme to CREST, best known in the UK for its accreditation schemes with GCHQ, CESG and the Bank of England.

Are our data centres insecure?

Are our data centres insecure?

Vectra Networks is claiming that attackers are turning their attention to data centres. Are our data centres as secure as we think they are?

GM recalls millions of vehicles over software fault

GM recalls millions of vehicles over software fault

General Motors has issued a recall for millions of Buicks, Cadillacs and Chevrolets because of a software fault that could cause serious injury to passengers

Amidst lawsuit, McAfee aims to innovate as a separate entity

As Intel proceeds with plans to divest its majority stake in Intel Security, the chipmaker's security business unit, a lawsuit filed against Intel threatens to create challenges for the entity.

New RAA ransomware variant performs own encryption, attacks businesses

New RAA ransomware variant performs own encryption, attacks businesses

The ransomware RAA, which incorporates the information-stealing trojan Pony, has evolved to more effectively target companies, encrypting victims' files and stealing their data, most likely to infect their business contacts via spear-phishing.

GartnerSEC: people-centric IT practices encouraged

GartnerSEC: people-centric IT practices encouraged

Gartner is now encouraging people-centric IT practices so IT is no longer seen as a hindrance and rather an enabler.

Former DGSE head confirmed French targeted foreign countries

France's former head of external intelligence service discussed a French cyber campaign that targeted Iran, Canada, Spain, Greece, Norway and other nations.

Top 10 Cyber-Security Challenge UK talents chosen for European finals

The final 10 candidates who will represent the Cyber-Security Challenge UK in the European Cyber-Security Challenge (ECSC) 2016 have been chosen.

Seagate staff to sue company over data protection failure

Seagate staff to sue company over data protection failure

A hardware manufacturer may soon be sued by employees who claim the employer did not do nearly enough to protect their data.

Hackers hit Seagate NAS devices with cryptomining malware

Hackers hit Seagate NAS devices with cryptomining malware

Crypto-currency mining malware is back, driven in part by the growing popularity of alternatives to Bitcoin that are easier to mine and the increasing power of GPUs.

Pornhub, RedTube ditch Flash to hook up with HTML5

Adult content site Pornhub announced Tuesday that it will switch from using Flash-based content and instead opt for HTML5.

Guccifer 2.0 again denies Russian connection, mocks reports linking hacker to APT groups

Guccifer 2.0 again denies Russian connection, mocks reports linking hacker to APT groups

An individual who self-identified as Guccifer 2.0 continues to deny reports by security firms that link the purported hacker or hacking group to Russian advanced persistent threat (APT) groups.

Help wanted: Copy editors to clean up French phishing emails

A help wanted ad spotted on the French dark web may be an indicator that cyber-criminals are tired of having their phishing scams spoiled due to poor spelling and grammar.

IOCCO report reveals numerous errors made in use of phone and web data

IOCCO report reveals numerous errors made in use of phone and web data

The IOCCO's annual report has revealed how throughout 2015, the security services made 1,119 mistakes in the interception of communications data which led to 17 wrongful arrests.

Leaked catalogue reveals disinformation campaign for sale

Leaked catalogue reveals disinformation campaign for sale

A leaked catalogue has exposed one India-based tech company's attempts to sell cyber-warfare services and disinformation campaigns

Google to start encryption shaming

Google to start encryption shaming

Google will start shaming websites for not encrypting connections between the user and the site itself by telling users exactly when they are visiting HTTP sites

Canadian data sharing deal with EU could be illegal under European Law

Canadian data sharing deal with EU could be illegal under European Law

A top EU lawyer has concluded that the EU-Canada PNR agreement which oversees the transfer of information on flight records between the two countries goes against the EU Charter Fundamental Human Rights.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US