Survey: close to 66% of organisations now hardware encrypt their data compared with half last year, but 27 % equated a lack of encryption as being a main cause of a data breach at their organisation
Glitch existed since 2005, though Google claims improper access to anybody's password not proven
The US Commerce Department has temporarily relieved China's Huawei of its inclusion on the US federal Entity List, allowing the company to continue to operate with its business partners for 90 days.
A vulnerability in the Slimstat WordPress plugin could allow a malicious user to inject arbitrary JavasScript code on the plugin access log functionality.
The Mozilla Foundation has issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical.
Four university researchers teamed up with a security and privacy specialist at Google and contacted 27 hacker-for-hire services to hack Gmail accounts. Only five of them actually hacked the bogus accounts.
Catch up on the most viewed stories in the cyber-security sector reported by SC Media UK over the past week, from the 15 to the 23 May.
Blunder leaves confidential information left in the open at Indian outsourcer. As well as data on its own employees, HCL also accidently exposed records of customers.
An online POS skimmer used by one of the Magecart groups has been injecting an iframe that tracks the card details
The photo sharing site says it is enquiring about how the contact details of close to 50 million users were stored online in an unsecured database
News reports say Chinese hackers were able to infiltrate its networks in 2014, while the company claims that the attack took place two years later
Scams that offer the promise of getting rich quick though crypto-currency investments have tripled in the UK, swindling close to £28 million in the past twelve months, say the FCA and Action Fraud
A forum dedicated to hijacking and SIM cloning attacks has been hacked, exposing the details of nearly 113,000 forum users who now report being phished and fearful of lawenforcement follow up.
A new Trickbot variant has appeared on Trend Micro's radar that uses a URL redirect in a spam email as a tactic to sidestep spam filters set to block the malware.
Cyber-attacks leveraging the Windows Server Message Block exploit EternalBlue at historically high levels over the last few months, even though the vulnerability patched by Microsoft more than two years ago.
Google's Chronicle Security team discovered a Linux version of the Winnti malware was used in the 2015 hack of a Vietnamese gamingcompany.
Google has stopped supporting Android updates on Huawei smartphones, after the Trump administration blacklisted the company and affiliates, according to a newswire report.
Device fitted to cars could bring vehicles to a halt through fuzzing CAN messages
The recent mistaken exposure of the information of eight million people due to an open Elasticsearch database exposed the dangers of cloud storage security, & the importance of valuing PII data.
The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability.
European Union members including the UK have launched a new regime that imposes EU sanctions on organised crime and state-sponsored cyber-attackers.
A coordinated international law enforcement operation in Europe and the US an has dismantled the GozNym cybercriminal network responsible for some €100 million of theft from its victims.
A slew of government websites in Russia are reported to provide easy access to the personal and passport details of nearly 2.3 million citizens, including government employees and high-ranking politicians.
Brussels report finds that €56 million of fines have been handed out since GDPR enacted while UK survey reports that people in the country say businesses aren't doing enough to protect their personal data.
Microsoft's new decentralised identity (DID) network called ION (Identity Overlay Network) runs over the top of the Bitcoin blockchain and achieves throughput of tens-of-thousands of operations per second
Google is replacing its Titan Security Bluetooth keys due to a vulnerability which could allow attackers within range unauthorised access to use someone else's key.
WordPress has issued a patch fixing an unauthenticated persistent cross-site scripting vulnerability in its Live Chat Support, which has a reported 60,000 users.
Pro Publica was able to trace four payments sent in 2018 and 2017 from an online wallet belonging to Proven Data Recovery to a wallet maintained by Iranians believed to spread SamSam ransomware.
China responds to Huawei restrictions - tightens data privacy regulations & scrutiny of foreign firms
The Chinese government has tightened data privacy regulations, bringing cloud computing and the internet of things under the ambit of its existing "multilevel protection scheme" (MLPS), according to news reports.
Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between 23 April and 10 May.
Vast leap in attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomise SSL/TLS signatures in an attempt to evade detection attempts.
The Bluetooth device data harvester uses Windows Bluetooth APIs to find information on Bluetooth devices connected to the infected host; a binary infection scheme downloader uses steganography.
Thrangrycat can be "exploited remotely without any need for physical access" and as they reside in hardware design it's "unlikely that any software security patch will fully resolve the security vulnerability.
This week sees the first of SC's weekly news podcasts providing a catch up on the main stories in the cyber security sector over the past week. Presented by Tony Morbin, Editor in chief at SC Media UK, with thanks to our sponsor this week, Akamai.
Flaw in router software due to five-year-old incomplete patch.
Adobe had a jumbo-sized May Patch Tuesday that addressed 85 vulnerabilities in just two products, including 49 rated as critical, including a critical patch for Flash Player.
Four new CVEs create a vulnerability called ZombieLoad affecting Intel processors; if left unpatched they can leave a computer open to a side-channel attack allowing bypass of protections to read memory.
McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen.
Facebook-owned messaging app urges approx 1.5bn users to update their apps after Israeli spyware exploits vulnerability. The exploit is particularly sophisticated as no user interaction is required.
Equifax estimates it has spent about US$1.4 billion (£1.1 billion) recovering from its 2017 data breach that exposed the personally identifiable information of 148 million customers.
Drupal core released a patch for a moderately critical vulnerability in third-party libraries that could allow the by-passing of protection of Phar Steam Wrapper Interceptor.
Nigerian actors continue to launch their attacks against the breadth of all industry segments - the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year.
The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group are explained in a new US government Malware Analysis Report (MAR).
Russian and English-speaking Fxmsp group hackers are trying to sell source code of anti-virus products obtained from a data breach of three US-based antivirus software vendors
A researcher has uncovered a massive SMS Bombing Operation in a passwordless database that exposed the sensitive information of millions of users.
A vulnerability in Microsoft's SharePoint that is being exploited in the wild, spotted by Canadiain and Saudi Arabian cyber security centres and, "It's likely multiple attackers are now using the exploit."
A rise in nation-state breaches, surpassing criminals, more social engineering attacks against C-level execs, hacks of cloud-based email servers, & compromises of payment card web apps notably up on last year.
A development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects -- including its SmartThings platform.
Cisco has released a security advisory for a bypass a critical vulnerability in its REST API of Cisco Elastic Services Controller.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout