Buffer overflow vulnerability in the Squid web proxy could put organisations at risk with attackers potentially gaining ability to execute arbitrary code.
A lack of investment in cyber-security protections could imperil the future of smart cities and the IoT devices on which they run
A new type of Android-centric spyware has been found that is capable of avoiding Google's app-vetting process
About 200,000 domains are newly registered every day, of which 70 percent are used for a wide range of nefarious activities
Azure Blob Storage and Web Sites misused by scammers to create a semi-targeted and rather convincing credential harvesting page tailored to the user's organisation to fool users
A MoviePass subdomain database housing 161 million records was left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service's customers
The Google Nest Cam IQ Indoor camera harbours a series of security loopholes, which could be used to disrupt or hijack the device
Ransomware threats continue to evolve at an accelerated rate, according to security researchers
Security researchers have warned of a new malware campaign that spreads a banking trojan by using fake websites of popular software. Hackers fool users with valid SSL certificate
Delta Airlines has sued its chatbot vendor 7.ai, alleging that the company took nearly six months to disclose a breach
Using external data storage and third-party digital technology clearly puts banks on the hackers' radar, warned European Central Bank's supervisory arm director general Korbinian Ibel following a hack of ECB's website
A youth has been imprisoned for 16 months for DDoS-ing UK police websites, while another got 20 months after being caught advertising compromised data and illegal hacking services
A new Remcos remote access trojan campaign uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques
A breach at online hacking forum Cracked.to resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well as corresponding IP addresses
Almost half of the cyber-security incidents reported in the UK over the past 12 months were caused by internal errors, where employees failed to follow security protocol or data protection policies
Supply-chain security risk: Who is liable when the vulnerability is in equipment from a third party supplier?Under NIS - unless your contract specifically says otherwise - its more likely to be you than your supplier.
A cybercriminal operation that's been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites
Cyber-criminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a ransom payment worth £3,200 for their return
Malicious clicker trojans Android.Click.312.origin and Android.Click.313.origin have been found in a wide variety of normal-looking and operable apps, including maps, QR code readers, dictionaries, fitness trackers, route finders and text editors
Veteran threat actor group Cloud Atlas boosts favoured tactics, tools and procedures by introducing polymorphic components that hinder detection
A new remote access trojan scans a device's Chrome browser history and collect application data, including the number of times the user has visited specific websites
Apple is opening up its phones to selected researchers to find flaw, and has increased its bug bounty to US$1 million: rogue iPhone cables latest threat
OpenDreamBox WebAdmin plug-in could enable hackers to execute commands on remote machines
A new password-stealer malware, which targets cryptocurrencies, brute-forces and steals administrator credentials from unsecured WordPress websites
Attackers are exploiting registration, subscription, and feedback forms on legitimate websites of respected and trustworthy companies for spam and phishing campaigns.
A new variant of MegaCortex ransomware is targeting enterprises across the US and Europe
Researchers have revealed a dedicated "sextortion" scam botnet targeting more than 200 million compromised accounts
Spear-phishing emails containing a malicious Microsoft Word attachment that installs RAT are specifically targetting utilities in a new campaign.
Amavaldo was found specifically targeting Brazilian banks and their users earlier, but they have shifted their activities to Mexico
US is preparing a new bill on cyber-security, which would require intelligence officials to create a plan of action to defend the supply chain
Entrepreneurial cyber-criminals are now renting out access to databases that combine log-in, passwords and other details, having first curated and packaged stolen credentials before selling them.
Field Army rebalancing is part of the Army's response to emerging threats; 6th Division to focus on cyber, electronic warfare, intelligence, information operations and unconventional warfare.
A working BlueKeep exploit module is available now, at an "expensive" monthly rate
Researchers found ransomware family nicknamed Android/Filecoder.C, whioch uses victims' contact lists in an attempt to spread through SMS texts containing malicious links
Decade-old malware MyDoom continues to be a presence in the cyber-threat landscape, spawning tens of thousands of samples every month
Criminals could spend more than £30 limit on Visa contactless cards using MitM attack that worked on five UK banks.
Russian interference in the US elections may have been to gather as much information as possible for espionage purposes, explore potential vulnerabilities for possible future exploitation, said a US senate committee report
Brazilian police terms hacking the president's phone a matter of national security; justice ministry accuses a group of people already suspected in hacking other government authorities
Marcus Hutchins, aka Malwaretech, the young former hacker who stopped the WannaCry cyber-attack in 2017, and subsequently arrested for previous hacking, was sentenced today and will not be going to jail.
On the third anniversary of the No More Ransom initiative Europol issued statistics on its successes including that the site has helped more than 200,000 people recover files after a ransomware attack.
City Power limping back to normalcy after ransomware attack on customer payday
Organisations are urged to update systems to avoid attacks following concerns that exploits using the BlueKeep vulnerability may be soon available to hackers.
EMEA IT teams receive more suspicious emails than the global average, are most likely to fall victim to a spear-phishing attack and suffer greater reputational impact, but over half thought they were more secure.
Monokle spyware snares Android users when they download trojanised versions of what appear to be legitimate applications
UK ransomware volume jumps 195 percent in the first half of 2019; average cost of a data breach reaches £3.14 million
Android phones exposed to "Spearphone" eavesdropping as attackers use always-on accelerometer to listen in on any audio played through its speakerphone
Kwamaine Jerell hacked into more than 100 Apple accounts belonging to high-profile individuals and spent nearly £260,000 using stolen financial information from several of the victims
Cyber-espionage group members are using fake LinkedIn profiles to gain their victim's trust to open malicious documents
Researchers discovered a new reverse shell malware program used by cyber-criminal FIN8 group to establish command-and-control communications with infected machines
A data breach at Lancaster University exposed data including undergraduate applicant information and student records
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout