Vulnerabilities & Flaws
ICYMI: Morrisons breach; Worldpay card data; power attack losses; Russian EU targets; criminal capabilityApril 15, 2016
The latest In Case You Missed It (ICYMI) looks at Morrisons lawsuit; Wordpay vulnerabilities; Critical scenario costs; EU Banks targeted; Cyber-crime capabilities.
Another critical zero day hits Adobe Flash and helps install ransomware - patch released.
Russian Interior Ministry cyber-crimes department thwarts Russian banking cyber-crime group.
Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.
Facebook has ditched insecure Flash in favour of HTML5 for all its videos but will still use Flash in games, and is working with Adobe to secure technology.
Xbox Live keys "inadvertently disclosed"
Node.js admits to two critical security flaws but delays patching
Security researcher claims United Airlines sat on serious bug for five months which would have allowed an attacker to access customers' flight details and even cancel flights.
This week's In Case You Missed It (ICYMI): Aviation risk warning; netgear patch delay; vulnerability disclosure -legal threats; android SMS malware variants; SSL weakness exploited for phishing.
Intelligent and analytical identification of anomalies in DNS activity is key to stopping threats before they become a real problem says Dr Malcolm Murphy, systems engineering manager, Infoblox
We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?
A new vulnerability has been discovered in the iOS and OS X supported AirDrop function, allowing attackers to wirelessly infect devices.
"Quicksand" sandbox vulnerability could enable rogue apps
Cross-Site Scripting (XSS) vulnerability within a Salesforce subdomain now patched
Hackers could subvert Windows Update to install malware in organisations
APT actors are using a China-based VPN provider to hide their digital tracks and mask their identities.
UK charity CALM says that its website was hacked and defaced on July 24th, in an attack that has been described as 'motiveless' and 'senseless'.
A single packet could leave the internet in a bind, warn experts.
Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.
A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.
Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.
After a demo of a Jeep hack in the US 1.4 million of the vehicles have been recalled - and DAB presents another attack vector according to NCC researchers
This week's ICYMI column looks at the most-read stories on SC this week, including our investigation on VFS Global, the UK government's attitude towards encryption and the continuing fall-out from the Ashley Madison hack.
A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- European Parliament approves GDPR
- Have retailers secured themselves against the Insider threat before you head to the checkout?
- Ensure that your employment contracts are fit for purpose for cyber-security
- Cyber-crime as a business rampant, new study
- How will the new EU-US privacy shield fit with the upcoming General Data Protection Regulation?
- BT Tower mock cyber-investigation unveils hidden IT talents
- Botnets getting bigger and stronger, says Kaspersky
- Video: New EPQ offers students equivalent of cyber-security AS level
- Qatar National Bank breached, files published, Turkish fascists claim responsibility
- ICYMI: Facebook flaw; Verizon report; 5 Cisco alerts; TalkTalk arrest; Crime up