Ethical hackers on the HackerOne platform are reported to have earned a cumulative US£100 million finding and reporting vulnerabilities through bug bounty programmes.
A memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack according to Cisco's Customer Experience Assessment & Penetration Team (CX APT).
Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver.
Software company warns of threat that installs the NetSupport Manager remote administration tool to take over a system and execute commands remotely.
With a surge in people going back to work a chief constable warns of cybersecurity breaches and vulnerabilities in offices that were "abandoned" in the coronavirus lockdown.
Hack uses OAuth2 framework and OpenID Connect protocol to access user data, bypassing 2FA.
Top10 most exploited vulnerabilities - no excuses - 'absolutely critical to patch as soon as possible'
Attackers targeting vulnerabilities & misconfigurations caused by hasty deployment of cloud services during the dramatic shift to remote working: "its absolutely critical to patch as soon as possible."
The average darkweb cost of illegal privileged access to a single local network has shot up, with average costs of privileged access to a single local network now around £4,100.
The Information Commissioner's Office has not done enough when it comes to GDPR, some industry experts have claimed.
Reflective dynamic-link library (DLL) injection found being used to infect victims with Netwalker ransomware in hopes of making the attacks untraceable while frustrating security analysts.
ProLock ransomware also exploits unprotected Remote Desktop Protocol (RDP)-servers with weak credentials.
Leading educational facilities among those whose supercomputers were infected - in the UK, Switzerland Germany and one suspected in Spain - according to reports.
Copperhedge, Taintedscribe and Pebbledash malware are the subject of recent analysis with all three believed to be operated by the North Korean operated Hidden Cobra APT group.
Cheltenham set to be transformed into the UK’s 'Silicon Valley to build cybersecurity capacity and bridge the skills gap in the UK.
Organised criminal networks have been forced online to find new sources of cash because transporting drugs and committing robberies have become almost impossible, a chief constable says.
New report finds average cost of recovery is US$ 1.4 million (£1.1 million) if organisations pay the ransom, but US$ 730,000 (£593,000) if they do not. A quarter of victims admit paying up.
Sophisticated “PerSwaysion” phishing attack sent from a legitimate but compromised vendor account allows emails to bypass any mass blocklists and filters.
Group-IB uncovers ‘tremendous increase’ of phishing resource blockages in the second half of 2019 as the duration of attacks grows.
A Nigerian cybercrime group SilverTerrier targets healthcare organisations critical to COVID-19 response. Organisations advised "apply extra scrutiny to COVID-19-related email attachments."
New details emerge after security researchers discovered another strain of malware specifically built to infect smart IoT devices and Linux-based servers.
Severe spike in cyber scams amid coronavirus pandemic, volume of all categories of cyber-attacks has increased by 33 percent, 118.7 million in March alone.
Massive growth in XSS flaw attacks on WordPress websites over past week - up 30 times - mostly from a single threat actor.
Malicious actors pounce on a pair of critical vulnerabilities found in SaltStack’s open-source, event-based IT automation & configuration management tool Salt. “Salt master” servers compromised.
White hat hacker reveals potential for ‘crying wolf’ exploit of weakness in 1980s tech that could potentially cause collisions when planes are in autopilot by social engineering of IOT.
Credential stealing attack uses Microsoft Teams notificaiton, numerous URL redirects, to conceal from email protection services.
The virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalise on global fears, as well as dramatic shifts in supply and demand.
Microsoft Sway used to trick victims into giving up 365 log-in credentials in spear-phishing campaign.
Security researchers have warned that newly created mobile banking malware can not only grab passwords for more than 200 financial apps, but intercept two-factor authentication codes as well.
The SAS@home event ranged over a Vietnamese APT, Czech disinformation, using open source intel to identify your vulnerabilities, to why tools cluster 'pre-boom' rather than in remediation
The global pandemic has seen cyber attacks grow and overall security stances slip, according to a survey from (ISC)² which says 47% of cybersec staff have been taken off security duties
Sophos and its customers were victimised when a previously unknown SQL injection vulnerability in the company’s physical and virtual XG Firewall units was exploited
Several Israeli Water Authority facilities suffer cyber-attack over the weekend - advised to change all passwords for internet accessing services.
Malicious Gif sent to victims could let malware scrape data in Microsoft Teams and spread to other groups.
The Defence and Security Accelerator (DASA) is awarding a further £1m in phase two funding to three teams to develop technology that predicts and counters cyber-attacks.
58% of organisations say their ability to monitor, detect and respond to insider threat is only somewhat effective, not so effective or not at all effective. Only 12% thinking they are extremely effective.
Scam reporting service launched to flag suspicious emails for the NCSC to assess and take down malicious content, Cyber Awareness campaign starts, includes advice on securing video-conferencing.
Nation-state-sponsored hackers are reportedly targeting companies tasked with researching COVID-19, in some cases intruding into systems and performing reconnaissance.
New report shows that Coronavirus lockdown has led to hackers targeting remote workers as a way into corporate networks.
The NCSC has announced the alpha release of its Secure Communications Principles.
Software vulnerability brokers are reportedly looking to sell two zero-day Zoom video conferencing app exploits – one affecting Windows clients and the other impacting OS X clients.
New Agent Tesla malware module used to steal passwords from infected Wi-FI systems.
Last year 773,943 Kaspersky customers were attacked by banking trojans, down from 889,452 in 2018, but the percentage in the coporate sector that were attacked rose to a third (35.1 percent).
As cyber-criminals & nation-state attackers target the healthcare sector, Microsoft is making its AccountGuard threat notification service free of charge to "healthcare providers on the front lines."
New campaign by TA505 hacking gang harvests Active Directory credentials to aid movement
More and more home IoT devices are being connected to organisational networks as people across the globe work from home, increasing the potency of new botnet dark_nexus
Europol details Covid-rated cyber-crime operations; Interpol warns of ransomware attacks on hospitals
The INPS website was attacked while about 339,000 applications for the €600 benefits for VAT-registered and self-employed Italians were being processed
Around 3,000 systems infected daily by a newly discovered campaign to infect Microsoft SQL servers with data-stealing malware and Monero cryptomining code.
Microsoft prompted to issue targeted notifications to healthcare organisations as Covid-stresses sector faces severe threats from cyber-criminals
Nigeria continues to be a hotspot for this particular threat (BEC scams), with SilverTerrier growing into a sophisticated threat group
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout