Security experts have pointed out that British Airways' failure to monitor the output from its servers allowed hackers to maintain malicious code on its payment pages for two weeks.
Chinese hackers are reportedly stealing tech from other hackers to steal tech from victims - it's complicated, isn't it?
Trend Micro researchers are proposing machine learning as a new way to combat threat actors using techniques including polymorphism, encryption, and obfuscation and other tactics to disguise their attacks.
Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users.
A WordPress plug-in that's supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites.
Unpatched ColdFusion servers at risk from critical file upload vulnerability which is being exploited by a Chinese APT, according to security researchers.
Cryptor families of ransomware are still a major risk for computer users in Asia where attacks continue to proliferate, according to Kaspersky Lab.
Kaspersky Lab describes 8 most interesting issues from its recent event, covering criminals' data use; APT attribution; skills gap; ICS water attack; brain implant hack; false memories; lethal AI & data privacy.
Some 40 UK financial industry firms, including banks, are taking part in a 'desk-based' stress test organised by the Bank of England to see how they respond to a cyber-attack
Cisco Systems yesterday issued 17 security advisories, disclosing vulnerabilities in multiple products, including at least three critical flaws.
Symantec researchers have uncovered several crucial details behind how the cybergang Lazarus, (AKA Hidden Cobra) has successfully conducted dozens of ATM hacks resulting in the machines literally spewing money out on the group's command.
The government is about to define who counts as 'operators of essential services', required to ensure their technology, data and networks are secured and cyber-resilient in line with the NIS Directive requirements.
Cyber Security Connect UK: Police reorganisation needed to keep up with cross-border cyber-crime says chief constable
UK policing is reaching a 'tipping point' where it will have to reform to keep up with the changing face of crime which is increasingly online, and especially if there is a no-deal Brexit say police chiefs.
Kaspersky Labs researchers have noticed a recent switch in tactics by malicious actor's intent on conducting blackmail operations.
A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users' device data and messages, which were later leveraged in smishing schemes.
Security researchers have discovered a flaw in virtual machine software VirtualBox which enables threat actors to leave the virtual environment of the guest machine.
Nearly 30 banking trojans were removed from the Google Play Store but not before being downloaded by nearly 30,000 users.
Steps must be taken to protect the global internet routing system, built on the back of the border gateway protocol (BGP), from rogue operators such as China Telecom, according to a white paper from the Internet Society.
Researchers issue warning that hardware encryption on a range of SSDs from Crucial and Samsung is not secure
UK electronics retailer Kitronik has told customers the Magecart gang managed to infiltrate the company's payment system gaining access to some of their information.
A new ransomware was discovered installing DiskCryptor on the infected computer and rebooting the infected device to reveal a customised ransom letter.
Ranking countries whose data is availabe on the dark web, the UK came out third - ie third worst - for having its data exposed - after the US and Canada - albeit using TDLs as a proxy for source.
Iran officials are reportedly claiming that a variant of the Stuxnet worm that disrupted their country's nuclear program in the late 2000s was used in an attack on their telecommunications infrastructure last week.
Security researchers were able to steal an elliptic curve private key from an Intel processor by exploiting a contention flaw in the chip giant's hyperthreading technology.
Attackers more likely to steal credentials to spy on energy and utility firms, according to a new report from Vectra.
A couple of vulnerabilities in Sophos HitmanPro.Alert could enable an attacker to build a stable exploit to gain SYSTEM rights on the local machine.
A pair of new research reports are providing details on an ongoing "sextortion" scam in which malicious actors use publicly available lists of breached email addresses and passwords to contact victims and then blackmail them.
A team of Chinese intelligence agents and their cyber-criminal minions were indicted by the Department of Justice for hacking into a US and French company that were jointly developing a new turbofan engine for use on commercial airliners.
Fifa officials have declined to say what information was stolen in a recent data breach, but a consortium of media outlets say they will publish stories based on leaked documents later this week.
A mobile malvertising campaign recently found targeting three digital advertising platforms has been using malware that checks a phone's battery level as part of an unusual new technique for avoiding detection.
The GPlayed trojan that was only revealed earlier this month has already spawned a successor that is capable of targeting the customers of a specific Russian bank.
An employee at the US Geological Survey (USGS) infected his agency's network with Russian malware delivered via adult websites.
An unsophisticated Linux-based botnet dubbed DemonBot is targeting exposed cloud servers using a vulnerability in Hadoop's resource management tool to infect cloud servers with the botnet malware.
The hacktivist group Anonymous reportedly took down dozens of Gabon government websites over the weekend as part of its "anti-dictatorships" campaign.
The Internet celebrates its 50th birthday - an awesome system that's insecure with new insecure access devices being added exponentially. If we do want change, we have to do it now says Berners Lee.
A newly discovered spam campaign powered by version two of the well-known Cutwail botnet has been found targeting Japanese users in an attempt to infect them with the URLZone (aka Bebloh) banking trojan.
A pair of new malware-as-a-service schemes have been uncovered with one designed as an easy to use point of entry for beginner DDoS attackers, while the second offers a sliding commission pay scale that rises if more ransomware victims are infected.
Cisco Talos researchers identified a memory disclosure flaw and a code execution vulnerability in the malware detection and protection tool Sophos HitmanPro.Alert.
British Airways has revealed it was the victim of a second data breach by Magecart in recent months, raising questions about how deeply the threat group managed to infiltrate the airline.
Malware and crypto mining used to prop up North Korean regime through revenue generation and fraud, according to report.
Bitdefender and ESET have each published a Gandcrab ransomware decryptor with particular attention paid to Syrians victims.
Ramnit's new PowerShell loader sLoad performs multiple geofence checks throughout the infection chain making it 'unusual', according to security researchers.
Cathay Pacific airline reported a data breach today that affected 9.4 million customers exposing a large range of personally identifiable information and a limited amount of credit card data.
The cybersecurity firm FireEye has attributed the source of the TRITON critical infrastructure intrusion to a Russian government-owned research institute.
News in Brief: Yahoo agrees to $50 million breach settlement, victims eligible for compensation; Four zero-days found, patched in Arcserve UDP platform; Mozilla updates fix several critical and high-rated vulnerabilities
In the US, in the lead up to the country's mid-term elections the US Cyber Command has launched its first ever acknowledged offensive operation against individual Russians attempting to interfere.
Digital Defense VRT has revealed for zero-day vulnerabilities in Arcserve Unified Data Protection platform.
In brief: PM emphasises UK-EU cyber-security cooperation post-Brexit, Apple's Cook calls for Bloomberg retraction
News in brief: PM says cyber-security linchpin of UK-EU cooperation, Cook calls on Bloomberg to retract China hacking story, ICO publishes NIS directive guide and more...
A new and improved version of the info stealer and malware downloader Azorult was spotted being distributed by the RIG exploit kit.
US/UK Cyber Accord signed at Atlantic Future Forum forms a public/private partnership for government & industry to explore emerging trends and technologies & consolidate the leading role of the UK and US.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense