A WordPress plug-in that's supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites.
Kaspersky Lab describes 8 most interesting issues from its recent event, covering criminals' data use; APT attribution; skills gap; ICS water attack; brain implant hack; false memories; lethal AI & data privacy.
Some 40 UK financial industry firms, including banks, are taking part in a 'desk-based' stress test organised by the Bank of England to see how they respond to a cyber-attack
The government is about to define who counts as 'operators of essential services', required to ensure their technology, data and networks are secured and cyber-resilient in line with the NIS Directive requirements.
Cyber Security Connect UK: Police reorganisation needed to keep up with cross-border cyber-crime says chief constable
UK policing is reaching a 'tipping point' where it will have to reform to keep up with the changing face of crime which is increasingly online, and especially if there is a no-deal Brexit say police chiefs.
Four leading European cyber-security organisations agree roadmap to avoid duplication of effort while working to make cyber-space a safer place.
The age of self-regulation should come to an end, according to information commissioner Elizabeth Denham, as she publishes report into the use of personal data in political campaigns and testifies to select committee.
Steps must be taken to protect the global internet routing system, built on the back of the border gateway protocol (BGP), from rogue operators such as China Telecom, according to a white paper from the Internet Society.
The cyber-security operations arm of US Cyber Command has begun posting virus samples to VirusTotal, the online repository of malware samples.
Thousands of Moscow's wealthiest residents had their information compromised after Moscow-based internet provider Akado Telecom experienced a leak.
The US Department of Defense is said to have prepared a cyber-counterattack to be launched against Russia if the nation meddles in next Tuesday's election.
A team of Chinese intelligence agents and their cyber-criminal minions were indicted by the Department of Justice for hacking into a US and French company that were jointly developing a new turbofan engine for use on commercial airliners.
The average fine against an organisation for a data breach doubled last year from £73,191 to £146,412 per incident.
An employee at the US Geological Survey (USGS) infected his agency's network with Russian malware delivered via adult websites.
New budget emphasises cybersecurity and high tech growth, but also introduces new digital services tax.
Two months after Facebook removed 652 inauthentic pages, groups and accounts for spreading misinformation and stoking political discord in other nations, Facebook announced Friday that it banished 82 more offenders for the same reason.
The hacktivist group Anonymous reportedly took down dozens of Gabon government websites over the weekend as part of its "anti-dictatorships" campaign.
In the US a federal court last Friday ordered one of the co-developers of the Mirai IoT botnet to pay US$ 8.6 million (£6.7 million) in restitution and serve six months of home incarceration as punishment for using the malware to launch DDoS attacks.
The Internet celebrates its 50th birthday - an awesome system that's insecure with new insecure access devices being added exponentially. If we do want change, we have to do it now says Berners Lee.
Security analysts use new techniques to expose attackers' commodity builders and tools and their infrastructures.
A newly discovered spam campaign powered by version two of the well-known Cutwail botnet has been found targeting Japanese users in an attempt to infect them with the URLZone (aka Bebloh) banking trojan.
Two individuals who were indicted last August for stealing information from the LinkedIn training site Lynda.com back in 2016 are reportedly the same pair of hackers responsible for the 2016 Uber breach that affected 57 million worldwide users.
British Airways has revealed it was the victim of a second data breach by Magecart in recent months, raising questions about how deeply the threat group managed to infiltrate the airline.
In the US, in the lead up to the country's mid-term elections the US Cyber Command has launched its first ever acknowledged offensive operation against individual Russians attempting to interfere.
Failed appeal set to bring increased scrutiny around employee data procedures
In brief: PM emphasises UK-EU cyber-security cooperation post-Brexit, Apple's Cook calls for Bloomberg retraction
News in brief: PM says cyber-security linchpin of UK-EU cooperation, Cook calls on Bloomberg to retract China hacking story, ICO publishes NIS directive guide and more...
Organisations or individuals interested in contributing to the NCSC's Cyber Security Body of Knowledge (CyBOK) are invited to take part in the public review process.
US/UK Cyber Accord signed at Atlantic Future Forum forms a public/private partnership for government & industry to explore emerging trends and technologies & consolidate the leading role of the UK and US.
Google knows lots about us, but it has to tread a balance between using that data to enhance services, while respecting our privacy and keeping our details secure.
There was a massive jump of over 400 percent in the number of data breaches reported to the ICO which were classified as 'cyber incidents' following GDPR coming into force.
SC's UK cyber-security salary explains attributes for different roles, shows high demand & huge variation: junior analysts, £25K in manufacturing; public sector CISOs on £95k, colleagues at large banks - £500k.
The launch of the National Cyber Security Centre's second annual review this week told us something about the progress that the organisation has been making - and hinted at areas where it will develop.
Facebook now suspects it was criminal scam artists and not nation-state actors who compromised tens of millions of accounts in a major data breach that was discovered last month, according to the Wall Street Journal.
A Kentucky man was sentenced to 30 months in federal prison for his role in creating and selling a remote access trojans (RAT) used to spy on victims.
HaveIbeenpwned is telling its readers who might have an account with Facepunch that the game studio suffered a breach two years ago exposing their information.
Twitter releases 10M tweets, reveals decade of foreign influence, including Russia's efforts during 2016 election
A dataset of more than 10 million Tweets released by Twitter Wednesday included a detailed picture of Russia's attempt to influence voters away from Hillary Clinton and, eventually, toward Donald Trump.
Computer crime has fallen by 30 percent in the past year, according to latest data from the Office for National Statistics.
It might sound more like a parent scolding his or her child, but reportedly Ecuador recently issued a memo to WikiLeaks founder Julian Assange, ordering him to mind his manners as a condition for getting his severed internet connection restored.
Attacks by hostile nation-states and organised crime against the UK are running at an average of 10 incidents per week, according to the National Cyber Security Centre in its annual report.
What keeps cybersecurity and business executives in the US awake at night is the ever-increasing attack surface they must deal with every morning when they wake up.
Congressional members are digging into the Bloomberg Businessweek report that the Chinese People's LA actually committed a supply chain attack by placing malicious processors in computers used by top US companies and the federal government.
A Russian-language cyber-espionage threat actor dubbed DustSquad targeting Central Asian users and diplomatic entities using a malware, dubbed Octopus, designed to exploit the hype surrounding the Telegram app ban in Central Asia.
Researchers at Phishlabs have discovered phishing sites hosted on emoji domains, posing a danger to unwary users and the networks they are using.
The prospect of regulation looms over manufacturers of internet connected devices as government recognises scale of threat from mushrooming industry.
A trio of unprotected Elasticsearch servers hosted by Amazon Web Service (AWS) left 113.5 million records of fitness tracking company FitMetrix customers exposed, according to the security researcher who discovered the databases.
Iceland fell victim to the largest phishing campaign to target the nation, a complex scheme which involved impersonating law enforcement officers.
Estimates by the Department of Health and Social Care put the figure for direct and indirect damages to the NHS from the May 2017 WannaCry attack at £92m.
Nato's recognition that future wars will be fought at least partly in cyberspace has led the alliance to consider the operational, legal and political challenges for its members.
Creation of complex malware and organisation of multi-layered targeted attacks has shifted from financially motivated cyber-criminals to state-sponsored threat actors.
Updated corrected figures: Healthcare cyber-security stuck in the waiting room as NHS rejects own recommendations
The NHS risks £billions GDPR fines after it decided it could not afford to implement key recommendations from its own review of the WannaCry ransomware attack.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense