London's top attractions have been attacked millions of times, including museums such as Imperial War Museum. Kew Gardens suffered 86 million recorded security incidents in the last financial year
The National Audit Office has criticised the Cabinet Office for failing to produce a business case for its £1.9 billion National Cyber Security Programme ahead of its implementation.
Phishing campaign attacker targets multiple customers and successfully executes payload without having to write the executable dropper or the payload to the disk by using process hollowing.
Trickbot modular banking trojan targets users' financial information & acts as a dropper for other malware to conduct system & network reconnaissance, harvest credentials & achieve network propagation
Zero-day vulnerability in versions 8 to 10 of the Microsoft Windows operating system allowed attackers to exploit a flaw in Windows' graphic subsystem to gain full control over a victim's computer.
Most controllers linked to the Emotet RAT resolve to IP addresses in South America, according to a report by Recorded Future.
Cyber-criminals are exploiting zero-day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan.
Newly discovered point-of-sale (POS) malware programs skims or scrape payment card information from e-commerce websites or in-store checkout terminals; GMO JS Sniffer, DMSniff and GlitchPOS
US Federal prosecutors are reportedly probing Facebook's data sharing partnerships with electronics companies, including smartphone makers, & a grand jury has subpoenaed information from at least two firms.
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use 2FA for security.
China has been successfully attacking both the US Navy itself along with its suppliers and third-party vendors and stealing secrets to gain a military advantage says new Navy report.
More than two hundred malicious mobile apps with 250 million plus downloads globally used by their creators to spread adware and to steal sensitive data from devices in which they were installed.
The European Parliament adopted a new Cybersecurity Act on Tuesday in response to China's National Intelligence Law which compels domestic firms to "support, assist, and cooperate with state intelligence work".
Hacked software enables drones to bypass no-fly zone restrictions; Israeli MOD and the Israel Innovation Authority grant US$1.2 million to develop AI to mitigate cyber-attacks in drones and robotics.
New ransomware has been discovered, promoted by hackers on Twitter, that uses NSA vulnerabilities EternalBlue and DoublePulsar to infect other systems.
Adversis researchers have discovered that dozens of companies have leaked sensitive data as a result of misconfigured Box accounts.
Research based on ICO reporting data shows widespread failure to meet GDPR standards, particularly in relation to the time it takes to identify and report a breach.
Software firm Citrix has admitted that its networks have been accessed by hackers and data exfiltrated after the company recieved a tip off from FBI.
UK Foreign Secretary Jeremy Hunt calls for a strategy that deters hostile states from intervening in free elections, announced: "Britain now has a National Offensive Cyber Programme."
Google is recommending all Chrome users immediately update their browser to fix a zero-day issue that is being exploited in the wild in combination with another vulnerability found in Windows. Together, the two bugs could enable a security sandbox escape.
A flaw within the BigBobRoss ransomware's code has been identified that can be used to decrypt the AES-128 ECB encrypted files without paying the ransom and a decrypter is now available.
A data leak at data validation company Verifications.io is three times larger than originally reported, comprising two billion leaked records not 809 million, according to cyber-security company Dynarisk.
An updated version of the brute-force malware StealthWorker has been discovered by security researchers. The new version amasses an army of bots to brute force its way into infecting e-commerce sites and content management systems.
In among the most significant steps taken so far to bring to an end the widespread use of passwords, the World Wide Web Consortium (W3C) & the FIDO Alliance have made the new Web Authentication specification the official standard.
Pinchy Spider and its affiliated cyber-gangs are reacting to attempts to decrypt and defend against their flagship malware GandCrab by altering how the ransomware is deployed and recruiting new members to broaden the gang's cyber-skills.
Facebook will pivot toward privacy over the next few years, "building a privacy-focused messaging and social networking platform" that includes end-to-end encryption, CEO Mark Zuckerberg said Wednesday.
What do the 3ve ad fraud campaign, the Magecart credit card skimming attacks and the Facebook-Cambridge Analytica scandal have in common? They were all made possible through the use of unmanaged third-party code
The latest Mobile Security Index from Verizon paints a contrary picture of the mobile security landscape, at least when viewed from the enterprise perspective.
Many corporate IT security organisations are starting to realign their strategies by taking less of a technology-focused approach and instead prioritising what's most important from a global business perspective according to Emily Heath, VP and CISO at United Airlines in the US.
SC Media's Senior Reporter Bradley Barth once again commutes to Fisherman's Wharf with several top cyber-security execs and for the first time a pair of undercover wireless research "workmen" come along for the ride.
The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for US$ 5 million (£3.8 million) in an attempt to recoup money the credit union lost due to Sonic's data breach in 2017.
Nation-state actors may not have brought the same chaos and disruption to bear during the 2018 midterms as Russian operatives did in the 2016 presidential election, but the US is still under a relentless onslaught of cyber-attacks.
SC Media US Executive Editor Teri Robinson interviews Venafi Vice President of Security Strategy and Threat Intelligence Kevin Bocek on SSL/TLS certificate marketplaces on the dark web.
The explosion of IoT devices across the world, both consumer-oriented ones and the ones used by enterprises, has resulted in attackers shifting their tactics and targeting these devices regularly to breach industrial control systems.
Security researchers have discovered a re-emerging international phishing campaign that delivers Ramnit Worm/Botnet malware targeting financial organisations in Asia which it believes is heading for the UK as well.
WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyber-attacks in 2018, according to a new Sucuri report.
A newly discovered and heavily exploited Docker host vulnerability has allowed hundreds of websites to be illegally accessed and injected with a cryptocurrency miner.
Cyber-criminals used five different banking trojans so far in 2019 to target financial institutions: Egguard used to set proxies accompanied with false SSL certificates for MITM attacks, Adload creates backdoors...
A new UK government report, the 2018 FTSE 350 Cyber Governance Health Check, uncovered a lack of cyber-security nous at boardroom level, although progress has been made over 2017 in some areas
30 years ago, in 1989, the Berlin Wall came down, SC made its debut in the UK, and Sir Tim Berners-Lee was inventing the World Wide Web while at CERN, the European Particle Physics Laboratory.
A quarter of firms confirmed or suspected a web application breach in the past 12 months.
North Korean hacking Lazarus Group's Operation Sharpshooter campaign, used "extremely convincing" job recruitment emails to target defence, government, finance, energy and critical infrastructure organisations across the world, according to McAfee researchers.
Five kiosk-based visitor management systems designed to securely check guests into business facilities or industrial buildings were found to contain vulnerabilities that could potentially allow attackers to physically intrude into spaces, break into private networks or steal information.
People who need people aren't the luckiest people in the world, at least not in the cyber-security world where a skills shortage yawns wider each year.
Although attackers are more persistent than ever, organisations are getting better at detecting breaches - on average discovering the intrusions about a week earlier.
New research on Chafer threat actor group - which is known for targeting Middle Eastern targets - found using a Python-based payload, shows an overlap with Oilrig.
A number of factors including the lack of open source governance programmes has resulted in a 71 percent rise in open source breaches over the past five years.
Hacker group Anonymous successfully took over a million web pages associated with Israeli domains of Fiverr, Coca-Cola, McDonald's, and ToysRUs and attempted to inject ransomware for a short period.
"Microsegmentation is the means to a zero-trust security network because it is identity-driven and able to isolate threat actors on a network at a granular level. It protects an organisation's critical assets and minimises the impact of cyber-attacks."
RSA has disclosed a number of vulnerabilities affecting its RSA Archer and RSA Authentication Manager products. The flaws could enable an attacker to obtain passwords to use in further attacks.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout
Why do cyber security breaches continue to dominate the news headlines?
Brought to you in partnership with CrowdStrike