Phishing gangs are increasingly targeting Apple users, with a significant spike in attacks in 2019 over last year
A new malware similar to Ryuk ransomware acts as an information stealer targeting military, law and financial institutions
Two Coalfire employees were arrested at a court house in Iowa, USA, as they conducted what they called an assessment on the building's security
Researchers discovered a previously unknown remote access trojan called InnfiRAT, capable of data exfiltration and digital spying
The US Office of Foreign Assets Control (OFAC) has sanctioned North Korea for ransomware attacks on the Swift interbank messaging system and other critical infrastructure targets
Lawyers accuse British Airways of trying to limit the £3 billion payout over data breach that affected more than 500,000 customers by narrowing the claim window to 17 weeks
A private company has been drilling on a vulnerability in mobile SIM cards for the past two years by to help governments snoop on targeted individuals
New malware dropper WiryJMPer uses novel obfuscation techniques to conceal Netwire RAT
Israel reportedly planted StingRays near the White House and other key locations in Washington to spy on President Trump and his advisers
A phishing campaign utilises Facebook and YouTube, along with insider help from a top tier security company service, to convince its victims to open and download a malicious attachment
Facebook patches a security vulnerability in Instagram, which helped attackers access the details linked to individual accounts
Dubbed 'NetCAT', a flaw in Intel chips allows attackers track keystrokes and other kinds of information that goes through vulnerable servers
An Elastica database belonging to automobile marketer Dealer Leads has left over 198 million records of consumer information exposed
Nation-state threat group Cobalt Dickens launched campaign that spoofs library services login pages in order to steal intellectual property
US-based health care practice Premier Family Medical was struck by ransomware in July, affecting the records of roughly 320,000 patients.
Intel posts two security advisories for its Easy Streaming Wizard, Data Direct I/O Technology and Remote Direct Memory Access
Several vulnerabilities in the Bitcoin Lightning Network that were revealed in late August are now active in the wild and could result in funds being lost from accounts
Consolidating state-run institutions responsible for cyber-security can concentrate expertise and avoid inefficient inter-institutional interaction issues, thus enabling faster decision-making and response time.
Phishing campaign delivers malware when victims click on Captcha link
D-Link DSL-2875AL modem contains password disclosure vulnerability: it is stored in clear text there
US law enforcement and regulatory bodies join multiple global counterparts to arrest 281 scammers, in the biggest offence by scale against business email compromise (BEC) networks
Flashlight apps demand unreasonable permissions, such as the right to record audio, read contact lists or to kill background processes
Adobe's September Patch Tuesday releases included two "critical" Flash Player updates along with a single "important "one for Adobe Application Manager
Microsoft's September Patch Tuesday offering contained 80 updates with 17 being rated critical including taking care of two zero days actively exploited in the wild
Credentials and email messages pilfered in a breach of a US government contractor were auctioned off in a Russian cyber-crime site in August. The US Secret Service is on the trail
Two security holes in popular IoT products, relating to telnet, open ports and weak hardcoded passwords reminiscent of the methods used by the Mirai botnet, reveal just how vulnerable IoT devices remain
Cyber-espionage group Stealth Falcon is using a previously unreported binary backdoor along with Windows BITS to communicate with its command and controls server
Coders release a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft's Remote Desktop Protocol implementation
WordPress developers have issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements
Wikipedia was hit with a sustained DDoS attack knocking it offline in many parts of the world
Cyber-criminals have swindled a major Toyota supplier for £30.3 million through its European subsidiary - investigation underway.
Data protection rules apply to mobile applications regardless of whether an app is free or paid for, and consent need to use the data needs to be specific and freely given through some form of affirmative act.
Two dozen apps that collectively generated over 472,000 downloads from the Google Play store were found to be infected with a new Android malware called Joker
Personal details from resumes and CVs from job seekers were exposed after a server belonging to a recruitment company that was a customer of Monster.com and others was left unprotected
CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts
A recently discovered variant of the Glupteba dropper and backdoor trojan is capable of deriving command-and-control domains via tracked Bitcoin transactions
VPN servers in the firing line from state-sponsored hackers
VxWorks operating system vulnerable to Urgent/11, claims that these could lead to a WannaCry-like situation if exploited by malicious actors, suggested extent and impact of problem denied by Wind River.
Researchers found a series of vulnerabilities in Supermicro's baseboard management controller software, which remote attackers could exploit to mount USB devices to affected servers over any network connection
The Mozilla Foundation, Cisco Systems and the Samba development team have all issued security updates for their respective products
Most taxpayers are not happy when their elected officials give in to an attacker's demand
Facebook has hosted executives from leading technology and social media firms and US intelligence representatives to discuss ongoing efforts to shield their platforms and users from election interference campaigns
Unprotected server online held data on Facebook users across the globe, from 133 million records of US users to 50 million from Vietnam
More like Brexit than Marmite. The answer to the question of whether data is safer on site or in the cloud is....complicated.
Webcomic XKCD has reported that user data from its online forum section was found in an exposed database
More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cyber-criminal make a £8 investment
Google is expanding its bug bounty series, launching the new Developer Data Protection Reward Programme and expanding the scope of the Google Play Security Reward Programme
Plugins are again causing a problem for WordPress sites, with the latest set of firewall rules for protection issued today.
The internet is changing how criminals operate and break the law, hence 20,000 additional police being recruited; spending also increasing at MOB, Health, Education and criminal justice among others.
Stuxnet, the infamous malware worm that sabotaged Iran's Natanz nuclear power station in 2010, was introduced into the network via a USB flash drive inserted by a mole recruited by Dutch intelligence agents
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout