Vulnerabilities & Flaws
Market for software vulnerabilities grows in Russia, security services deny involvement.
Joomla flaws - unpatched websites may already be infected
Which vulnerability do you fix first, the one that's quickest to fix or the one that can cause the most damage? Targetting the most prevelant vulnerabilities may not always be the best option.
Critical bug in patch means OPenSSL security fix needs fixing.
The Neutrino exploit kit (EK) added a former Internet Explorer zero-day vulnerability to its arsenal.
The latest In Case You Missed It (ICYMI) looks at EU cyber-directive; Sports targeted; Health most breached; Orgs lack expertise; Travellers at risk
The latest In Case You Missed It (ICYMI) looks at TeamViewer hijack; Intel's processor defence; 15 per sec cards cloned; Malware via Skype; Cloud apps not GDPR ready
Updates are available following US Computer Emergency Response Team (CERT) issuing advisory warning of "weakly protected" credentials in Siemens SIMATIC WinCC flexible industrial control system.
The latest In Case You Missed It (ICYMI) looks at Symantec vulnerability; AI crime-fighter; Banking under threat; Flaws in SS7; PayPal phishing scam
ICYMI: Morrisons breach; Worldpay card data; power attack losses; Russian EU targets; criminal capabilityApril 15, 2016
The latest In Case You Missed It (ICYMI) looks at Morrisons lawsuit; Wordpay vulnerabilities; Critical scenario costs; EU Banks targeted; Cyber-crime capabilities.
Another critical zero day hits Adobe Flash and helps install ransomware - patch released.
Russian Interior Ministry cyber-crimes department thwarts Russian banking cyber-crime group.
Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.
Facebook has ditched insecure Flash in favour of HTML5 for all its videos but will still use Flash in games, and is working with Adobe to secure technology.
Xbox Live keys "inadvertently disclosed"
Node.js admits to two critical security flaws but delays patching
Security researcher claims United Airlines sat on serious bug for five months which would have allowed an attacker to access customers' flight details and even cancel flights.
This week's In Case You Missed It (ICYMI): Aviation risk warning; netgear patch delay; vulnerability disclosure -legal threats; android SMS malware variants; SSL weakness exploited for phishing.
Intelligent and analytical identification of anomalies in DNS activity is key to stopping threats before they become a real problem says Dr Malcolm Murphy, systems engineering manager, Infoblox
We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?
A new vulnerability has been discovered in the iOS and OS X supported AirDrop function, allowing attackers to wirelessly infect devices.
"Quicksand" sandbox vulnerability could enable rogue apps
Cross-Site Scripting (XSS) vulnerability within a Salesforce subdomain now patched
Hackers could subvert Windows Update to install malware in organisations
APT actors are using a China-based VPN provider to hide their digital tracks and mask their identities.
UK charity CALM says that its website was hacked and defaced on July 24th, in an attack that has been described as 'motiveless' and 'senseless'.
A single packet could leave the internet in a bind, warn experts.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry