The four main breaches of 2017 had various things in common. No matter how sophisticated the attack, they could all have been avoided. Whether due to a lack of interest, focus, urgency or all three, bad decisions were the key culprit.
Cyber-crime joins environmental disasters, large-scale involuntary migration and illicit trade as one of the most notable risks in the world this year, according to the latest Global Risks Report just brought out by WEF.
The UK creator of malware resources Cryptex and reFUD.me, used by thousands in the cyber-crime world, has this week pleaded guilty to charges under the Computer Misuse Act and Proceeds of Crime Act.
The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.
A survey by the shipping association of the CEO panel comprising of 26 senior executives revealed that the majority of Danish shipping companies - 69 percent - had been hit by cyber-crime according to a report in SMN.
Certificate authority Let's Encrypt has disabled TLS-SNI-01 validation on its service. Through the vulnerability, a hacker could have requested certificates for domains that were not theirs.
With more devices able to connect directly to the web, the IOT s continuously expanding. However, cans of worms are waiting to be opened, including data loss, data manipulation and unauthorised access to devices.
Phishing, smishing and other types of malware are not going anywhere and the risks are only going to rise as mobile becomes a primary device for employees. Companies need to get ahead of the issue rather than responding.
Security researchers have found a new strain of malware targeting banking apps on Android devices.
Leaking of the Paradise Papers raises several questions, as it should for all organisations, including Appleby itself, about how you manage, control and report on access to your sensitive data.
Cyber-crime players are not stupid, which is probably why they are dumping Bitcoin and going with the smart(er) money...
After a bevy of cyber-heists in 2017 - one at Bangladesh Bank that raked in US$ 80 million (£59 million) for the modern day bankrobber, the SWIFT Customer Security Controls Framework went into effect 1 January, 2018.
In the fight against cyber-crime, automation and centralisation enable vulnerability management and incident response teams to dedicate even more resources to acting on intelligence rather than gathering and analysing it.
To prevent fraud, online retailers need to widen their cyber-security perimeters to encompass virtual geographies such as the deep web and social networking sites to identify and block fraud threats before they are executed.
Unlike Mirai, the IoTroop bot exploits nine core vulnerabilities as it spreads, and already, experts say those responsible for the bot - who remain unknown - have added more than 100 features to it.
Dr Jamie Graves at ZoneFox explains why Chief Data Officers are crucial for future-proofing businesses and winning back the public's trust.
For every business opportunity that our hyper-connected world is creating, that same hyper-connectivity creates criminal opportunity for cyber-attackers.
Happy New Year! SC Media UK resumes news reporting on 2 Jan 2018. During the break, catch up on our experts' predictions for a range of positive and negative futures, from the impacts of AI to likely new Zero days.
Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, using the bug to deliver a modified version of Loki information-stealing malware.
Adversaries are using the lure of free online software downloads to infect unknowing victims with a customised version of cryptocurrency mining software from the NiceHash marketplace.
Romanian law enforcement arrested a gang of five men who operated a ransomware distribution organisation that spread Cerber and CTB-Locker.
A series of cyber-campaigns, jointly known as the Hex-Men Trio, that specifically target SQL Servers in order to use them to conduct additional attacks has been identified by Guardicore Labs.
Cyber-criminals infect devices, block access and then demand money. Unfortunately, there is no silver bullet to combat ransomware. However, there are steps that can be taken to minimise risk and stop the spread of infection.
Ransomware is a growing threat & continues to offer criminals a high return on investment. But many ransomware attacks are still under-resourced and designed by low-skilled operators - what happens when this changes?
Emotet offensive sees malware continually repackaging itself to avoid signature-based detection
One of the best ways for organisations to lock down data and ensure their "crown jewels" can only be accessed by those necessary is by implementing a privileged account strategy says Lavi Lazarovitz.
Overcoming the top five challenges businesses experience when securing their payments: Protecting data in-transit; Failing to test and audit systems; Managing chargebacks; Authenticating transactions; Physical security of data.
Application Whitelisting ends the weak spot for Zero-Day malware in AV, but false positives may make passive process/service monitoring with alerting a better compromise between prioritising business operations over protection.
Vulnerability could enable hackers to carry out MitM attacks on bank apps - 10 million users at risk
Action Fraud, the UK's national fraud and cyber-crime reporting centre, has launched a 24/7 live cyber-attack helpline. During its pilot since October 2016, Action Fraud's 24/7 cyber-helpline received 377 reports.