Four university researchers teamed up with a security and privacy specialist at Google and contacted 27 hacker-for-hire services to hack Gmail accounts. Only five of them actually hacked the bogus accounts.
Catch up on the most viewed stories in the cyber-security sector reported by SC Media UK over the past week, from the 15 to the 23 May.
An online POS skimmer used by one of the Magecart groups has been injecting an iframe that tracks the card details
The photo sharing site says it is enquiring about how the contact details of close to 50 million users were stored online in an unsecured database
News reports say Chinese hackers were able to infiltrate its networks in 2014, while the company claims that the attack took place two years later
A forum dedicated to hijacking and SIM cloning attacks has been hacked, exposing the details of nearly 113,000 forum users who now report being phished and fearful of lawenforcement follow up.
A new Trickbot variant has appeared on Trend Micro's radar that uses a URL redirect in a spam email as a tactic to sidestep spam filters set to block the malware.
Cyber-attacks leveraging the Windows Server Message Block exploit EternalBlue at historically high levels over the last few months, even though the vulnerability patched by Microsoft more than two years ago.
Google's Chronicle Security team discovered a Linux version of the Winnti malware was used in the 2015 hack of a Vietnamese gamingcompany.
Device fitted to cars could bring vehicles to a halt through fuzzing CAN messages
European Union members including the UK have launched a new regime that imposes EU sanctions on organised crime and state-sponsored cyber-attackers.
A coordinated international law enforcement operation in Europe and the US an has dismantled the GozNym cybercriminal network responsible for some €100 million of theft from its victims.
Pro Publica was able to trace four payments sent in 2018 and 2017 from an online wallet belonging to Proven Data Recovery to a wallet maintained by Iranians believed to spread SamSam ransomware.
Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between 23 April and 10 May.
Vast leap in attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomise SSL/TLS signatures in an attempt to evade detection attempts.
The Bluetooth device data harvester uses Windows Bluetooth APIs to find information on Bluetooth devices connected to the infected host; a binary infection scheme downloader uses steganography.
This week sees the first of SC's weekly news podcasts providing a catch up on the main stories in the cyber security sector over the past week. Presented by Tony Morbin, Editor in chief at SC Media UK, with thanks to our sponsor this week, Akamai.
Flaw in router software due to five-year-old incomplete patch.
McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen.
Facebook-owned messaging app urges approx 1.5bn users to update their apps after Israeli spyware exploits vulnerability. The exploit is particularly sophisticated as no user interaction is required.
Nigerian actors continue to launch their attacks against the breadth of all industry segments - the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year.
The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group are explained in a new US government Malware Analysis Report (MAR).
Russian and English-speaking Fxmsp group hackers are trying to sell source code of anti-virus products obtained from a data breach of three US-based antivirus software vendors
A rise in nation-state breaches, surpassing criminals, more social engineering attacks against C-level execs, hacks of cloud-based email servers, & compromises of payment card web apps notably up on last year.
NSA tools were in use by the Buckeye group well before Shadow Brokers leaked them, research claims
A spike in activity surrounding the relatively new ransomware MegaCortex was detected on 1 May hitting Europe and North America.
LightNeuron malware first to achieve persistence in Microsoft Exchange email servers allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code.
Malicious hackers have deleted code from Github, Bitbucket, and GitLab repos and demanded a bitcoin ransom for safe return - although no ransom payments appear to have been made by victims...
Fans promised either a download or a full viewing of the film. Streaming begins without incident but then users are prompted to create an account to continue watching.
Researchers find encrypted code spread over multiple archives
Users urged to update to new software as soon as possible
ATO attacks saw accounts used in spear-phishing and BEC campaigns
Ransomware used Windows feature to delete shadow copies and prevent data recovery
Gift card fraud appears to be motivation for attack on consultancy
Proof of concept show how easy it is for criminals to fool victims
Malvertising campaigns delivering ransomware
Cryptominer uses new malware loader to evade detection
Vulnerability could enable snooping
Flaw could endanger drivers' lives
Attack bore hallmarks of Chinese state-sponsored hackers
Signed emails used to deliver banking trojans
The flaw can be used to achieve server-side template injection,
Exploit could have caused denial of service
Hackers are fully automated when it comes to the buying and selling of your details
"Exercise in a box" could help organisations to check readiness for cyberattacks
Changed tactics signalled by use of Karkoff RAT
Cryptominer hits targets in China, Japan, and elsewhere.
Popular video game unleashes malware on unsuspecting players
Swiss firm gets hit with ransomware demand
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout