This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Queen's website hosts controversial tracking technique

Queen's website hosts controversial tracking technique

Advertising tracking called 'canvas fingerprinting' is used on many websites and identifies unique individuals and their browsing habits and works surreptitiously.

Could MH17 sanctions push Russia to cyber warfare?

Could MH17 sanctions push Russia to cyber warfare?

A leading cyber security academic has warned the US and European governments that tougher sanctions on Russia relating to the MH17 airplane crash could result in the start of cyber warfare.

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Crowds of people came out to see Daniel Ellsberg chat with Edward Snowden at HOPE X conference.

Apple accused of hiding backdoors in all 600 million iOS devices

Apple accused of hiding backdoors in all 600 million iOS devices

Apple has built backdoors in its iOS operating system that can leak the personal data of all 600 million iPhone and iPad users and may have been exploited by the US secret service, according to a new US research paper.

MH17 spammers direct Twitter users to Zeus-ridden websites

MH17 spammers direct Twitter users to Zeus-ridden websites

In the aftermath of the MH17 tragedy which saw almost 300 people lose their lives in an airplane crash over Ukraine, cyber-criminals are taking advantage by leading social media users to malicious websites.

EU's new cybercrime taskforce set to launch

EU's new cybercrime taskforce set to launch

Andy Archibald, deputy head of the UK's National Cyber Crime Unit (NCCU), is to chair a new cyber-crime taskforce based out of the European Cybercrime Centre (EC3) in The Hague in Netherlands.

The 5 most read articles this week: July 11-17

The 5 most read articles this week: July 11-17

Here are the five most popular SC articles, as seen by you the reader, in the week for July 11 to 17.

Criminals get hold of 'Russian state malware'

Criminals get hold of 'Russian state malware'

One of the first cases of government-grade malware falling into the hands of common cyber criminals has been uncovered by US security firm Sentinel Labs.

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

This week's In Case You Missed It (ICYMI) column takes a look at Google's Project Zero, accusations of double-standards at the ICO and the need to share intelligence on critical infrastructure.

Snowden calls on businesses to encrypt data, shun Dropbox

Snowden calls on businesses to encrypt data, shun Dropbox

UK cyber experts side with NSA whistle-blower who urges companies to adopt encryption and to shun Dropbox because the cloud storage company is 'hostile to privacy'.

Android apps too free and easy with access permissions

Android apps too free and easy with access permissions

Android apps ask for far too many device and data permissions, with 68 percent of 75,000 apps scanned requiring the ability to generate text messages, according to new research.

Embedded Windows XP systems targeted by new Chinese malware

Embedded Windows XP systems targeted by new Chinese malware

Chinese firm uses unusual techniques to infected legacy computer systems.

Controversial DRIP bill set to become UK law

Controversial DRIP bill set to become UK law

The controversial DRIP (Data Retention and Investigatory Powers) bill completed its Lords committee stage without amendment yesterday, after effectively being rubber-stamped into the legislative books overnight.

eBay counts the cost after 'challenging' data breach

eBay counts the cost after 'challenging' data breach

John Donahoe, the chief executive officer of eBay, has confirmed that May's data breach has had a negative impact on revenues and user activity.

IT security pros prioritise new tech over training

IT security pros prioritise new tech over training

New research from IT security vendor Websense and Ponemon Institute indicates that security professionals want their companies to invest in new technology, but are doing little to 'upskill' existing staff.

NIST to NSA: get your hands off our encryption (please)

NIST to NSA: get your hands off our encryption (please)

NIST cryptographers want to be able to reject NSA guidance.

German loss of trust heralds return of typewriters

German loss of trust heralds return of typewriters

Many Germans have personally experienced mass state surveillance by the Stasi, hence the move to use typewriters to prevent NSA survellance.

Security vulnerabilities found on password managers

Security vulnerabilities found on password managers

The wide spectrum of discovered vulnerabilities makes a single solution unlikely - UC Berkley report

CISOs breaking free from IT control, missing board support

CISOs breaking free from IT control, missing board support

Some of the UK's chief information security officers (CISOs) are breaking away from IT budgets and reporting lines but are still missing C-level support, a new study reveals.

CNET loses data on 1 million users

CNET loses data on 1 million users

IT technology website lost data on one million users to Russian hackers.

Pitty Tiger APT exploits older version Office flaws

Pitty Tiger APT exploits older version Office flaws

The Pitty Tiger APT has been targeting telcos, defence companies and at least one government in a cyber-espionage campaign that relies on spear phishing and malware prying on vulnerabilities in Microsoft Office.

ICO wants more power as privacy complaints hit record levels

ICO wants more power as privacy complaints hit record levels

The UK's data privacy watchdog, the Information Commissioner's Office (ICO), has called on the government to give it more power, better funding and the ability to imprison people as it battles against a record number of data protection complaints.

96% suffer significant IT security incident

96% suffer significant IT security incident

More than 96 percent of organisations experienced a significant IT security incident in the past year.

CISOs still grappling with security awareness training

CISOs still grappling with security awareness training

A study of some of the UK's top chief information security officers (CISOs) has revealed that just 21 percent are conducting security awareness training on a regular basis.

British PM promises £800 million cyber defence fund

British PM promises £800 million cyber defence fund

British Prime Minister David Cameron today announced a £800 million investment in improving the country's cyber intelligence, reconnaissance and defence capabilities.

Game on for Gameover?

Game on for Gameover?

NatWest customers targeted by Gameover Zeus Trojan variant.

China accused of global zero-day attack on shipping firms

China accused of global zero-day attack on shipping firms

A suspected Chinese government cyber-attack called 'Zombie Zero' has been targeting shipping, logistics and manufacturing companies worldwide, according to US security research firm TrapX.

ICYMI: British spies, security researchers & finding value from BYOD

ICYMI: British spies, security researchers & finding value from BYOD

This week's In Case You Missed column looks at Britain's new surveillance laws, the sacking of a security researcher and questions on BYOD management.

Poor admin passwords allow global botnet attack

Poor admin passwords allow global botnet attack

BrutPos or @-Brt attacks have infiltrated POS systems with botnets largely thanks to weak admin passwords.

UK government criticised for opposing 'right to be forgotten'

UK government criticised for opposing 'right to be forgotten'

The British government has been criticised by the president of a leading UK data protection professional body for trying to water down the 'right to be forgotten' privacy protection now being instigated by Google.

NCA partners with FBI, Europol to disrupt Shylock Trojan

NCA partners with FBI, Europol to disrupt Shylock Trojan

The UK's National Crime Agency has been working with the FBI and Europol to disrupt the infrastructure behind Shylock Trojan, malware which siphons money from European bank accounts.

Malwarebytes raises more than £17 million in VC funding

San Francisco-based endpoint security company Malwarebytes announced today that it has received $30 million (approximately £17.53 million) in Series A funding from Highland Capital Partners.

UK government to increase surveillance

UK government to increase surveillance

The British government looks set to pass the Data Retention and Investigations Powers Bill - a law which will allow police and security services to access people's phone and internet records from telcos and ISPs.

Can Twitter spammers steal email addresses?

Can Twitter spammers steal email addresses?

Some Twitter users have claimed that cyber-criminals may have been able to spam the email addresses registered with the social networking giant.

Light bulb illuminates WiFi weakness: IOT security needs to improve

Light bulb illuminates WiFi weakness: IOT security needs to improve

Smart light bulb hacked to reveal WiFi password, research project highlights need for development of Internet of Things security.

Most UK firms expect to be targeted by cyber-attacks next year

Most UK firms expect to be targeted by cyber-attacks next year

Two-thirds of UK companies believe that they will be targeted by a cyber-attack within the next year, leading some industry observers to question whether business defences are up to scratch.

Deep Panda - three years of attacks to defend China's oil interests

Deep Panda - three years of attacks to defend China's oil interests

Attack vectors demonstrate the sophistication of malware available to cyber-criminals globally, says CheckPoint MD Keith Bird.

Critics slam ISACA's APT report

Critics slam ISACA's APT report

"Fighting off an APT attack using firewalls and anti-virus is akin to shooting at a nuclear warhead with a bow and arrow."

Mobile flaw hits most Android devices

Mobile flaw hits most Android devices

Researchers at Curesec have found a vulnerability that is potentially affecting 60 percent of Android devices connected to Google Play.

1990s Macro viruses back with a vengeance

1990s Macro viruses back with a vengeance

Reports are coming in that cyber-criminals are deploying an attack methodology that was last successful in the late 1990s.

Spamhaus seeks arrests of non-EU DDoS attackers

Spamhaus seeks arrests of non-EU DDoS attackers

Anti-spam organisation Spamhaus welcomes two arrests in the UK and Spain, and now seeks others outside the EU, which commentators believe is unlikely to happen.

All Microsoft-seized domains back with No-IP

All Microsoft-seized domains back with No-IP

Just over a week after Microsoft seized more than 20 domains from No-IP, the ISP now says that all of the domain names are back in its possession.

Hotel Hippo closes for good after data breach

Hotel Hippo closes for good after data breach

UK-based travel booking website Hotel Hippo appears to have closed just one week after an independent security consultant found that the firm had weak security and privacy controls.

Scottish companies warned on cyber security

Scottish companies warned on cyber security

The Scottish Business Resilience Centre (SRBC) has warned Scottish firms to step up their cyber security measures - especially if the internet is a fundamental part of their supply chain.

'Complacency' to blame for undetected data breaches

'Complacency' to blame for undetected data breaches

A new study from IT governance reveals that a half of IT staff believe that their company may have suffered a data breach without it being detected.

New surveillance law proposed to track mobiles

New surveillance law proposed to track mobiles

The three main political parties in the UK are in talks about introducing a new emergency law that would require phone companies to log records of phone calls, texts and internet usage.

Barclays receives Cyber Essentials certification for digital banking

Barclays receives Cyber Essentials certification for digital banking

Barclays bank has announced that it has received the UK government's Cyber Essentials certification for its digital banking services, including MyBarclays, BMB and Pingit.

InfoSec Skills launches cyber security skills programme

InfoSec Skills Ltd have embarked on a new scheme to help close the national 'skills gap' in information security.

Cyber security not a UK boardroom priority

Cyber security not a UK boardroom priority

New research from consulting firm KPMG claims that cyber security and data protection are only ranked third as priorities in UK boardrooms, following people skills and plant/machinery spending.

Germans reveal new NSA XKeyScore internet monitoring

Germans reveal new NSA XKeyScore internet monitoring

The German software revelation may have come from a second NSA leak/source other than Edward Snowden, says cryptography expert Bruce Schneier.

Bletchley Park cyber security centre opens

Bletchley Park cyber security centre opens

Bletchley Park, the forerunner to GCHQ and synonymous with the Enigma code breakers of WWII, opened its international cyber-security exhibition earlier this week.

CosmicDuke malware may hit European governments

CosmicDuke malware may hit European governments

A complex variant of the MiniDuke malware - first seen almost 18 months ago and which targets NATO and other European government IT systems - has been spotted.

Is your smartphone really switched off?

Is your smartphone really switched off?

"Anyone with an understanding of embedded systems could develop the technology to hibernate, rather than switch off, the handset" - Rob Bamforth, Quocirca

GCHQ sued by ISPs over state-sponsored hacking

GCHQ sued by ISPs over state-sponsored hacking

ISPs and Privacy International seek legal clarification on how far GCHQ can go with its state-sponsored surveillance activities.

MP says National Security Strategy must take cyber threat seriously

MP says National Security Strategy must take cyber threat seriously

Dame Margaret Beckett has criticised the government's National Security Strategy and says that the next version must do more to protect businesses from cyber threats.

Spam down in May says Kaspersky

The proportion of spam in email traffic fell 1.3 percent from April to May says Kaspersky.

90% of authentication is 'unnecessary'

90% of authentication is 'unnecessary'

A leading cyber security professor and researcher has urged companies to not make users the enemy, and says that a start would be removing layers of 'unnecessary' authentication.

ICO probes Facebook/HotelHippo data privacy

ICO probes Facebook/HotelHippo data privacy

The Information Commissioner's Office (ICO), is looking into possible privacy breaches by Facebook and UK-based booking site HotelHippo.com.

Cyberwarfare on the increase in Iraq

Cyberwarfare on the increase in Iraq

IntelCrawler reports a significant increase in malicious cyber-attacks taking place during the civil war in Iraq.

University of Surrey opens cyber security research centre

University of Surrey opens cyber security research centre

The Surrey Centre for Cyber Security (SCCS) has launched, and will be home to academia research on everything from privacy and data protection, to secure mobile communication and human-centric technology.

New Android RAT threatens mobile banking users

New Android RAT threatens mobile banking users

What is claimed to be the first mobile malware to combine the unholy trinity of private data theft, banking credential theft/spoofing and remote access, has been discovered by researchers at FireEye.

Cyber security skills gap a 'legacy problem'

Cyber security skills gap a 'legacy problem'

The much-debated cyber security skills gap was the topic of debate at two separate conferences in the UK on Tuesday.

Denmark gives in to NSA's demands

MS No-IP takedown hits 25% of APT attackers

MS No-IP takedown hits 25% of APT attackers

After facing a barrage of criticism for taking down the No-IP DNS server, Microsoft is now getting praise from some quarters for its impact on malware distribution - though critics remain.

Sink or swim - Titanic lessons for cyber security

Sink or swim - Titanic lessons for cyber security

CHAPS' Mark Hale drew an interesting parallel between cyber defence and the sinking of RMS Titanic in London yesterday.

SC Congress London mulls data breach responsibility

SC Congress London mulls data breach responsibility

Delegates and panelists debate breach liability, response, and the need for a plan of action.

Europol 15 today

Hidden cyber crime gang spotted

Hidden cyber crime gang spotted

Cisco researchers uncover a cyber criminal group that have been hiding since at least 2007, distributing malware almost entirely undetectable by anti-virus systems.

NCCU wants private sector support to beat cybercrime

NCCU wants private sector support to beat cybercrime

National Cyber Crime Unit deputy director Andy Archibald says that law enforcement must regain the trust of industry partners to beat cyber-criminals.

Millions are hit by MS' No-IP takedown

Millions are hit by MS' No-IP takedown

Microsoft accused of acting "excessively" - US court order used to take down servers exploited by threat actors also hits servers being used by millions of innocent internet users.

THREAT OF THE MONTH: Deperimeterisation

THREAT OF THE MONTH: Deperimeterisation

Mark D. Parker dissects deperimeterisation - what it is and how to prevent it.

Movers and makers: July - August

Movers and makers: July - August

The latest news on the people and companies at the forefront of information security.

News briefs: July - August

News briefs: July - August

The first update to the Computer Misuse Act since 1990, Operation Tovar combats infamous malware and more security news.

Working with third-parties: Make security a priority

Working with third-parties: Make security a priority

2 minutes on keeping security at the forefront by working with third-parties

Debate: Anti-virus is dead

Debate: Anti-virus is dead

Amichai Shulman and Sarb Sembhi whether or not anti-virus is dead

Talent has no gender

Talent has no gender

In the current print issue, SC Magazine UK talks to women in the industry about their experience, asks if data is secure when held by a cloud provider and assesses how ready we are for the new EU Data Protection Regulation.

Insurers want to protect critical infrastructure from cyber attack

Insurers want to protect critical infrastructure from cyber attack

A leading insurance underwriter told British politicians and security experts in London today that insurers must be involved in the fight against cyber warfare.

CryptoLocker returns after Operation Tovar

CryptoLocker returns after Operation Tovar

CryptoLocker is back and more popular than ever, less than one month on from the Operation Tovar campaign.

Portcullis shuts down Sophos antivirus bug

Portcullis shuts down Sophos antivirus bug

UK-based security services firm Portcullis has discovered a flaw in Sophos Antivirus that could allow attackers to inject malicious code and disable the software.

Verizon loses German contract over spying fears

Verizon loses German contract over spying fears

The German Government has cancelled a contract with US telecoms provider Verizon over fears it is obliged to hand over customer data to the US Government.

Luuuk crime gang likely hit by Gameover takedown

Luuuk crime gang likely hit by Gameover takedown

Online bank thieves who stole £400,000 earlier this year are believed to have been hit by police action against the Gameover Trojan gang.

Employees on holiday a security risk

Employees on holiday a security risk

ENISA and Europol jointly fight cybercrime

ENISA and Europol jointly fight cybercrime

ENISA and Europol have signed a strategic cooperation agreement to fight cyber-crime together, marking the latest example that international cyber-crime policing cooperation is improving.

Gameover Trojan rises from the dead

Gameover Trojan rises from the dead

Despite the takedown of Gameover Zeus last month, security researchers say that a small group of cyber-criminals are using the Trojan, with a tweaked version of the Citadel botnet, to steal banking credentials.

Microsoft still hasn't fixed US$100,000 bounty bug

Microsoft still hasn't fixed US$100,000 bounty bug

Some eight months after discovery and paying a bug bounty of US100,000, Microsoft Windows remains vulnerable to the weakness found by James Forshaw.

PayPal addresses two-factor authentication bypass

PayPal addresses two-factor authentication bypass

Two-factor authentication can be bypassed on some of PayPal's mobile applications.

Get Safe Online publishes online safety hints, tips and videos

Get Safe Online publishes online safety hints, tips and videos

Experts say the government should get involved with tackling the challenge of social engineering scams

iPhone, Android open to remote control malware

iPhone, Android open to remote control malware

Italian hacking team seem to have forgotten about a Blackberry version of the spyware.

Get ready for the 'Snooper's Charter II'

Get ready for the 'Snooper's Charter II'

UK Home Secretary and NCA director general explain the need for state digital surveillance.

ICO scolds British police for poor data handling

ICO scolds British police for poor data handling

A new report from the UK's Information Commissioner's Office (ICO) reveals how few police forces are adhering to the full requirements of the 1998 Data Protection Act.

Nation state behind malware attacks on European ICS systems?

Nation state behind malware attacks on European ICS systems?

Researchers at F-Secure have found that cyber-criminals are using the Havex malware family to compromise equipment made by industrial control system manufacturers in Germany, Belgium and Switzerland.

Sign up to our newsletters