Attacks by hostile nation-states and organised crime against the UK are running at an average of 10 incidents per week, according to the National Cyber Security Centre in its annual report.
Tinder users were at risk of having their profiles breached by hackers due to multiple XSS vulnerabilities, according to a team of researchers.
Congressional members are digging into the Bloomberg Businessweek report that the Chinese People's LA actually committed a supply chain attack by placing malicious processors in computers used by top US companies and the federal government.
A Russian-language cyber-espionage threat actor dubbed DustSquad targeting Central Asian users and diplomatic entities using a malware, dubbed Octopus, designed to exploit the hype surrounding the Telegram app ban in Central Asia.
A Facebook exec Friday said the company has "not ruled out the possibility of smaller, lower level access attempts during the time of the exposure," but downgraded the number of users whose access tokens were stolen during the breach.
Researchers at Phishlabs have discovered phishing sites hosted on emoji domains, posing a danger to unwary users and the networks they are using.
The prospect of regulation looms over manufacturers of internet connected devices as government recognises scale of threat from mushrooming industry.
A trio of unprotected Elasticsearch servers hosted by Amazon Web Service (AWS) left 113.5 million records of fitness tracking company FitMetrix customers exposed, according to the security researcher who discovered the databases.
A new threat group dubbed Gallmaker has been targeting overseas embassies of an Eastern European country, and military and defence targets in the Middle East eschewing malware and instead, opting to use living off the land (LotL) tactics to infiltrate systems.
Iceland fell victim to the largest phishing campaign to target the nation, a complex scheme which involved impersonating law enforcement officers.
An unusually deceptive "Flash update" scam that installs unwanted programs on infected machines has been attempting to feign legitimacy by displaying pop-up notifications borrowed from the official Adobe installer.
Proposals to help UK defence and security to develop capability in 'behavioural analytics' are sought in a new Defence and Security Accelerator (DASA) competition.
Five Eyes report details how freely available tools are increasingly being used by hackers and nation-states alike.
Estimates by the Department of Health and Social Care put the figure for direct and indirect damages to the NHS from the May 2017 WannaCry attack at £92m.
Juniper Networks released a long list of security updates including seven critical flaws, six of which affect all platforms running Junos OS.
A new trojan dubbed GPlayed shows that threat actors are increasing their abilities to create hybrid threats that can move code from desktops to mobile platforms with no effort.
Eighty-one percent of campus IT professionals have said that securing networks used by students and faculty has become more difficult in the past two years due in part to the proliferation of connected devices.
Improved version of Industroyer malware emerges and leads ESET Research to attribute malware to the TeleBots threat group.
Last year ransomware was still riding high as the top threat to enterprise security. This year there's a new bad boy boss in town: cryptojacking.
Sony TV's can be remotely exploited without any authentication by attackers due to three vulnerabilities spotted by Fortinet researchers, with one of the vulnerabilities being rated "Critical Severity" while the other two were rated "High Severity".
VMware issued a security advisory for an "important-rated" denial of service (DoS) vulnerability.
Imperva has entered into a definitive agreement to be acquired by the technology-focused private equity firm Thoma Bravo for US$ 2.1 billion (£1.6 billion).
Nato's recognition that future wars will be fought at least partly in cyberspace has led the alliance to consider the operational, legal and political challenges for its members.
Graphics accelerator compiler bugs could enable hackers to execute code from a guest virtual machine.
Concerned that it would draw the ire of regulators and that its reputation would take a hit, Google hid a glitch that exposed the personal data of hundreds of thousands of users on Google+, which the company has now shuttered.
October's Patch Tuesday proved to be another big month for Microsoft which addressed 49 vulnerabilities, 12 critical, including a zero-day in the Microsoft JET database engine.
Adobe's Patch Tuesday security update included patches for vulnerabilities in four products, including four critical issues patched in Adobe Digital Editions, but none for the often fixed Flash Player.
A set of DDoS attacks plagued a series of gaming publishers including Final Fantasy XIV's creator Square Enix and Ubisoft, respectively.
Apple yesterday issued its first software update for the iOS 12 operating system, fixing two bugs that both impact lock screen security. It also separately remedied 19 vulnerabilities in iCloud for Windows 7.7.
Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors.
Updated corrected figures: Healthcare cyber-security stuck in the waiting room as NHS rejects own recommendations
The NHS risks £billions GDPR fines after it decided it could not afford to implement key recommendations from its own review of the WannaCry ransomware attack.
The vast majority of intrusions tracked in a new report were conducted by nation-state level actors, with China leading the pack...
Some 2,000 cadets a year are to be trained to become the next generation of cyber-security leaders with more than £1 million being invested in the Cadets CyberFirst programme each year.
The US state of California has passed a law effectively banning weak passwords and enforcing other security measures to more effectively secure connected devices.
Visionary author Andrew Keen first explained why our future needs fixing before addressing how we might constrain the winner-takes-all accumulation of power happening under the current digital revolution.
The Kosciuszko Institute, organisers of CYBERSEC EU, presented an award to cyber-security specialist Melissa Hathaway (left) at the start of today's session in Krakow, Poland.
CSEU 18: Digital infrastructure project could see Eastern Europe 'leapfrog' Western Europe in cyber-security
Proposals to piggyback cyber-security on the back of a regional infrastructure programme could see central & eastern Europe get a more powerful, more secure digital infrastructure than the rest of Europe.
Security researchers have discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
After reports that China's People Liberation Army (PLA) slipped microchips into Supermicro motherboards, creating a backdoor that could be used by hackers to obtain information, both Apple and Amazon deny that their servers were affected.
Researchers have identified several shared commonalities between reputed Russian APT outlets Turla and Zebrocy, both known for their global, malware-based cyber-espionage operations.
A series of patches and updates were issued by VMware, Mozilla and Apache to patch critical and moderately rated vulnerabilities.
A microchip planted by China on Supermicro motherboards used by organisations, including the CIA, the US military, Amazon and Apple, left sensitive information vulnerable to hacking.
A recent report revealed the extent to which organisations respond to breaches by getting rid of the CISO. Who is getting fired and is this a good way to manage a problem?
Cisco has released patches for critical vulnerabilities involving its digital network architecture center.
Malware concealed as "cheat tools" for popular video game - experts warn of knock-on dangers to corporate networks.
Advancements in precision agriculture, a farming management concept that incorporates internet of things (IoT) technology into farming techniques, has expanded the industry's cyber-attack surface.
As part of Security Serious week, more than 200 cyber-security professionals gathered for the Unsung Heroes Awards, recognising cyber-security heroes behind the scenes.
The British government has taken the unusual step of assigning attribution to a number of attacks and threat groups to the Russian intelligence agency GRU.
The Irish data regulator will investigate the circumstances around the cyber-attack against Facebook which saw the social media giant lose control of 50 million user accounts.
A team of FireEye researchers has detailed the activities of APT38, a group of North Korea-linked hackers focusing on financial crime and responsible for stealing millions of dollars using highly destructive malware.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense