There is a lack of formal education in cyber-security, says Tom Van de Wiele, principal security consultant, F-Secure
Security researchers have said that the FIN7 cyber-criminal gang is back with two new tools that are said to have been altered to evade detection.
Apple patches vulnerability in iCloud for Windows and iTunes for Windows used by malicious actors to evade antivirus and endpoint detection
A newly published survey reveals that some 68 percent of IT security stakeholders don't know if they've experienced a Pass the Hash (PtH) attack. That isn't necessarily a cause for too much concern.
People need to know the company takes data theft seriously, and if colleagues are to report on suspicious behaviour, they need assurances of confidentiality - usually better achieved via HR than security teams.
Medical and personal information of about one million people was exposed after a breach at a primary health organisation located in New Zealand
Magecart hackers infiltrated Sesame Street's online store by compromising e-commerce and shopping cart service provider Volusion
Samy 'mypace' Kamkar credits environment as the most common factor that leads impressionable and talented teenagers to cyber-crime
Decryptors are now publicly available for a Muhstik and HildaCrypt ransomware programs that recently emerged onto the scene
FBI issues an alert, warning about possible high-impact ransomware attacks targeting US businesses and organisations.
US healthcare operator DCH Health System purchases decryption key from ransomware attackers in order to expedite recovery
Threat group Phosphorus, believed to be linked to Iran's government, targets email accounts associated with a US presidential campaign as well as American government officials
Malware marks victims' TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later
Researchers assemble playbook on PKPLUG, a suspected Chinese threat actor targeting Asians with an assortment of malware used for cyber-espionage purposes
Security firms Malwarebytes and HYAS string together several pieces of evidence that they believe tie Magecart Group 4 to the Cobalt Group
Researchers uncover large Android banking trojan scheme that may have impacted hundreds of millions of Russians
DCH Health Systems, USA, is turning away all but the most critical patients from its three hospitals in response to its computer network being rendered unusable by a ransomware attack
Ghostcat-3PC, a malvertising operation designed to infect online publishers with browser-hijacking malware, launches at least 18 separate infection campaigns in three months
How to go from central planning research under communism to defending global corporations as head of your own successful cyber-security business - plus, what's next?
Hackers have restarted a campaign to spread ransomware in a bid to extort millions of pounds from victims with Dridex and NetSupport used to drop BitPaymer or DoppelPaymer ransomware
The one big thing to impact the industry is the use of the MITRE ATT&CK framework. Proactivity will continue to achieve better security which should make cyber-security pros become more confident overall.
Researchers found that it would take malicious actors about 30 days and just a few thousand dollars to either boost a company's online stature or tear it down
Well-known hacker Gnosticplayers is taking credit for a data breach at the mobile game maker Zynga, claiming he gained access to 218 million user records
An open-source backdoor is being used to help establish a foothold in infected machines, and a weaponised text-to-speech application lets attackers gain SYSTEM-level access.
Cyber-criminals have found a way to use Google Alerts to hook victims into scams or push malware.
Fileless attacks use legitimate code to infect systems. The malware also uses computer's own LOLBins to infect machines
Whether its down to cost or understanding, neither SMEs nor enterprises have any room for complacency about their cyber-defence capabilities according to a recent UK survey.
The vBulletin Internet forum software package reportedly contains a critical zero-day remote code execution vulnerability, exploited by attackers for years
Vulnerability scores from 2007 don't adequately measure risk in 2019; 31.5% of vulnerabilities exploited by ransomware could have been patched from 2015 or earlier but they're used as they're still successful;
A Magecart cyber-criminal group seems to be testing card-skimming code capable of compromising commercial-grade layer 7 (L7) routers used by airports, casinos, hotels and resorts
Dating app Heyyo left an Elasticsearch server online without password protection, putting more than 70,000 users at risk
Spoofed email trick customers of Dubai-based company into transferring £42,000 overseas
Cyber-criminals continue to target US utilities with LookBack malware
Threat group Poison Carp uses Android exploits to plant spyware on devices operated by various Tibetan leaders
A new and highly sophisticated campaign targeting transportation and shipping organisations based in Kuwait has been exposed.
Data breaches in healthcare sector costs £5.2 million on average, almost double that of the global average of £3.2 million. Cyber-security experts say the figure is set to rise
Researchers uncover two variants of information-stealing Mac malware that impersonates a legitimate stocks and cryptocurrency trading application
'Tortoiseshell', a previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers; BlackHat survey quantifies third-party threat
The UK's NCSC has published a report warning UK universities that "state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself".
The average cost for cyber insurance rose about five percent in 2019 despite the large increase in the number of attacks and claims files
A recently discovered DDoS technique that abuses the Web Services Dynamic Discovery specification is being executed in the wild by multiple threat actors
On the heels of its acquisition by Chegg, developer education site Thinkful said an authorised third-party had breached its systems
A new malware campaign is abusing a security feature - sandboxed iFrames - so that instead of protecting links in video advertising it can be used to deliver malicious content.
A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner
Report shows e-commerce sites are bearing the brunt of bad bots
The US Air Force plans to hire F-15 hackers to hack orbiting satellite
The Emotet botnet is back from a four-month vacation with a new spam campaign that began early on 16 September
Researchers discover a sophisticated cryptomining program that uses loadable kernel modules to help infiltrate Linux machines
FEMA, USA, acknowledges that it unnecessarily exposed the personally identifiable information of roughly 2.5 million disaster survivors for roughly 10 years
A fake résumé phishing campaign that began on 11 September specifically target German-speaking employers
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout