A recently discovered exploit kit called Stegano is infecting select machines via malicious banner ads that, by conservative estimates, have been delivered to over a million users in just the last two months.
Hackers, flying beneath the radar, have been using script that's part of a WordPress theme to send spam.
A Tor executive has confirmed that a zero-day vulnerability impacting Tor and Firefox has been spotted being used to execute malicious code, but it has been reported to Mozilla, according to ARS Technica.
Nearly a million customers of telecoms company Deutsche Telekom AG began experiencing network outages, possibly to due hacker sabotage.
A static code analysis of 12 commonly used WordPress e-commerce plug-ins found that at least four of them contained one or more high-risk vulnerabilities.
A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".
Experts at Kaspersky Lab now understand how the mobile banking trojan Svpeng has been able to automatically download itself via malvertising ads while bypassing Google Chrome browser permissions.
This seven-year-old version of the software is leaving enterprises open to 600 security vulnerabilities.
Further vulnerabilities have been discovered in Schneider Electric industrial control systems kit by researchers from CheckPoint Software and Critifence who have dubbed them "PanelShock".
IoT botnet blamed for Dyn attack - Mirai - has several code vulnerabilities but questions are raised over legality of its use in defence.
According to John Matherly - internet cartographer, security gadfly and founder of IoT-search engine Shodan - the internet of connected things is very much here to stay.
Enterprises today are under more pressure than ever to minimise their "attack surface." That is, they need to detect Indicators of Exposures (IOEs), identify vulnerabilities and capture and correct misconfigurations in security and network devices in both physical and virtual environments. This is an extremely challenging assignment. The IT organisation must locate tens-of-thousands of vulnerabilities and misconfigurations concealed on its network, analyse and prioritise those vulnerabilities and misconfigurations and remediate the most critical.
An international team of researchers have developed an exploit to "root" access Android phones made by LG, Samsung and Motorola using Rowhammer hardware attacks.
Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.
YOUR business website has at least one severe vulnerability - giving hackers open access - what can you do?October 19, 2016
Statistically your company website already has at least one severe flaw - and there could be many more, says Ian Muscat. Why are website vulnerabilities so frequent and on the rise? What should organisations be focusing on and how can they protect themselves in the future?
Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.
Linux users should beware of a recently discovered systemd vulnerability that could shut down a system using a command short enough to send in a tweet.
A bug in Linux has been discovered that could allow a hacker to crash a system with just 48 characters of code.
Security researchers have warned that a number of vulnerabilities in an insulin pump could enable a hacker to put a diabetic patient's life at risk.
A number of vulnerabilities found in an industrial automation device could allow hackers to take control of machinery.
Slew of bugs and backdoors means device is unsafe to use
As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?
Stephen Morrow discusses that automotive manufacturers have been focusing so much on adding functionality and usability to connected cars that they haven't properly considered the threats
Vulnerabilities are on the rise, with 516 reported to the National Vulnerability Database in the first half of 2016 compared to only 403 total vulnerabilities were reported in 2015.
Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.
The massive breach at the US Office of Personnel Management (OPM) might have been prevented had the agency followed basic cyber-security guidelines, a congressional investigation claimed.
Biometrics can actually weaken authentication security if not implemented correctly says Hitoshi Kokumai, who asks, what exactly does the NIST Authentication Guideline have to say on this issue?
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears