German car parts maker Gedia Automotive Group has had to shut down its IT operations following a massive cyber-attack. Poland, Hungary, Spain, China, India, USA and Mexico operations also affected
New IOT law to require internet-connected device passwords to be unique, IoT device manufacturers must provide a public point of contact, minimum period of security updates to be specified when sold.
Rights groups raise concerns about the legality of London Met Police’s surveillance software and its impact on privacy
The Emotet malware has dominated the malware threat landscape despite an overall fall in malware over the last quarter of 2019.
To share best practice among ISPs the World Economic Forum and its global partners have published Cybercrime Prevention Principles for Internet Service Providers.
GE Healthcare’s Carescape patient monitoring devices have six high-severity security vulnerabilities, warned the US Cybersecurity and Infrastructure Agency
BitPyLock threat actors are now exfiltrating data before the ransomware encryption begins
Early this month several parties published exploits taking advantage of the vulnerability, putting unmitigated user systems at risk. Citrix users are recommended to run this tool as soon as possible
The Muhstik botnet harvests vulnerable Tomato routers and researchers report that Muhstik mainly launches cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
NSO denies involvement in case of Jeff Bezos, alleged to have had his phone hacked via a video file from the WhatsApp account of Saudi Arabia's crown prince, Mohammed bin Salman.
CyberRisk Alliance ("CRA"), a US-based cyber-security & information risk management business intelligence company & owner of SC Media, has appointed David Longobardi as Chief Content Officer.
Employee data of co-working provider Regus breached after third party accidentally publishes sales staff performance data
Entries close soon for SC Awards Europe 2020 which early indications suggest will be the most successful yet; we are honoured to have the endorsement of BT Security as headline sponsor for this year's Awards.
Betting companies have accessed a large, detailed database of the personal details of 28 million UK children, held by the Learning Records Service
Stats and expert comments on developments in data regulation; AI and machine learning; cloudsecurity; IOT & IIOT; Next gen authentication.
Mitsubishi Electric conceded that a breach happened on 28 June 2019 and an official internal probe was initiated in September
Two-factor authentication is easily thwarted by social engineering hence Sim swap attacks risk making 2FA via smartphones obsolete, according to security researchers.
UK's Civil Aviation Authority and accreditation body CREST announced the first list of companies to be accredited under its cyber-security oversight scheme ASSURE
The UK is the European country most attacked by cyber-criminals and within the UK London is disproportionately the target, suffering as many breaches as several European countries combined.
Massive campaign by APT group targets pharma companies in the US, Mexico, Germany, Japan and Australia amongst other regions and sectors
The US FBI took down a website that sold access to billions more records that were leaked from breaches or exposed online
SC Media UK is delighted to announce its illustrious panel of judges for the SC Awards Europe 2020. Winners announced at a gala dinner at the London Marriott Grosvenor Square hotel London on 2nd June.
New online fraud scheme uses the pretext of offering compensation for personal data leaks
Unlike your typical business email compromise (BEC) attack, hackers get an insider view into organisation and business deals, with the potential to lead to similar impacts to BEC, but via a different route
Thousands of files stored on an Amazon Web Services (AWS) S3 bucket -- HR documents belonging to a host of UK consultancy firms -- were found open to anyone with a browser
67% of healthcare organisations suffered a cyber-security incident in the last 12 months, 39% down to staff, investment too low, too few training programmes to ensure staff use systems correctly.
A children's book that explains the concepts of cyber-security with kings, castles and gold rather than enterpriseses, networks and data.
How to priorise patching following Microsoft's Patch Tuesday announcement of Windows critical spoofing vulnerability in the CryptoAPI DLL (Crypt32.dll) - CVE-2020-0601.
Millions of personal computers worldwide running on Windows 7 operating system - including 76% of NHS PCs - will stop receiving security updates, as Microsoft is ending the support for the OS on 14 January
Bug alert: Organisations told to deploy mitigations against Citrix Netscaler remote code execution flaw
Organisations have been warned that they need to deploy workarounds for the Citrix ADC (NetScaler) CVE-2019-19781 vulnerability as working exploits have become available.
Bapco, the national oil company of the Arabian Gulf island nation of Bahrain, was reportedly hit 29 December by a disk wiper attack that officials believe originated from Iranian-backed hackers.
The Military Aviation Authority (MAA) and MOD have announced enhanced requirements for cyber-security, to evaluate and counter the threat to air safety & EASA publishes two cyber-security NPAs.
A Russian cyber-crime gang has developed a new hacking tool called PowerTrick in a bid to move around target networks undetected
Threat actor Lazarus Group launched sequel of its AppleJeus operation, creating fake cryptocurrency-related websites to sow malware in the systems of those who fell for the ruse
Amazon Web Service urges businesses to download and install new SSL/TLS certificates; five-year cycle too long, says security expert
ICO imposed a £500,000 fine on Dixons Carphone over a data breach between July 2017 and April 2018 that affected millions of customers
Each UK company with an internet connection was attacked online more than once a minute in 2019
Project Zero goes public 90 days after disclosing the vulnerability to the affected organisation. Now, they have added a 14-day grace period on request
Facebook's announcement to add deepfakes to the categories of banned content is hardly a patch on the growing misinformation campaigns on the platform say privacy and security experts
The 31 December malware attack on UK-based currency exchange company Travelex turns out to be ransomware; foreign exchange services affected
Critical security vulnerability in enterprise VPN software is being used to deliver ransomware, hundreds of UK businesses still remain unpatched
F-Secure's report listed Austria as the second top destination for cyber-attacks in H1 2019, leaping up from the fifth position in H2 2018
A Clop ransomware variant can now take down a total of 663 Windows processes including new Windows 10 apps, programming languages, debuggers, terminal programs, and programming IDE software
Cisco released updates to its networking equipment operating system NX-OS after security researchers found three critical authentication bypass vulnerabilities
Malware attack on UK-based currency exchange company Travelex's systems spilled over to foreign exchange services of major financial brands
European Commission launched two public consultations to form regulations on crypto assets and fighting cyber-attacks on financial sector
Based on the Scottish model, 10 new centres in England will promote cyber-security measures for business
The California Consumer Privacy Act came into effect on 1 Jan, UK companies under ambit as countries around the world consider privacy rules in the wake of GDPR.
Ransomware attack takes an unidentified US maritine base offline for more than 30 hours says US Coast Guard; Security cameras, door-access control systems & critical monitoring systems affected.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout