Research News, Articles and Updates

WannaCry: McAfee outlines recovery technique for when the worst happens

A possible means to bypass the WannaCry decryption system has been developed by security researchers at McAfee. Here, the creators detail their experimental method.

New WanaCrypt0r variants spotted, but 'poor', version one worst over

While patching and software upgrades were still underway in the wake of the WanaCryptOr attack, reports of variants began appearing

APT32 targets private sector organisations with an interest in Vietnam

A cyber-espionage group dubbed APT32 is carrying out intrusions into private sector companies across multiple industries.

Ormandy criticised for revealing too much in Windows malware bug report

When security researcher Tavis Ormandy revealed a vulnerability in Microsoft's Malware Protection Engine, he published proof-of-concept code and earned himself a rebuke from Graham Cluley.

Both human and technical defences against email attachments inadequate

Conventional anti-virus and sandboxing solutions are no longer effective defences against malicious email attachments, but relying upon employees doesn't work for companies either.

ICYMI: Skype bug; Nomx slammed; Linus law down; Locky lives; LDAP DDoS

In Case You Missed It: Skype flaw Spyke; Nomx claims nixed; Linux law refuted? Locky's return; LDAP DDoS vector

The 2017 Verizon Breach Report: attacks pervasive but defenders have options

Three-quarters of breaches are down to outsiders and a quarter to insiders, and 73 percent are conducted for financial reasons with half involving organised crime says latest Verizon report.

Cyber-breaches wipe billions off investors' portfolios, report claims

A research report published by CGI claims to have been able to measure for the first time the impact that major cyber-incidents have on share prices - and it says it's getting worse.

Robotics industry 'must quickly mature its cyber-security practices'

New research into the security of robots and the software that controls them suggests that vulnerabilities could pose a serious risk to life and property.

IBM security researchers see the whole of Shamoon

Researchers find "missing link" in malware attack on Gulf states - explain how initial compromise escalates to wiping computer hard drives across an organisation.

RSA 2017: The systems, devices, flaws cyber-criminals will hit in 2017

SophosLabs' 2017 Malware Forecast highlights the areas that cyber-criminals will focus on in the coming year including IoT, MacOS, Linux and IoT.

University attacked by its own vending machines and other IOT devices

An unnamed University was attacked by some 5,000 campus devices from its vending machines to light sensors, "and all IOT devices" .

Researchers query hypervisor security in future AMD Zen processors

Technology in development that is designed to stop malicious hypervisors from reading and writing protected data in virtualised environments may not work as intended, researchers say.

Global cyber-security confidence falls to 70 percent

Second annual international survey of information security professionals finds global confidence in ability to accurately assess cyber-risk dropped 12 percentage points over 2016.

Research: Hacked companies could see customer exodus if breached

Study reveals 48 percent of people will close accounts following a data breach.

Eir we go again: Irish ISP router flaw allows total takeover

An open port linked to remote management software on Eir's D1000 modem router can allow an attacker to take over consumers' networks.

Italy gets mixed review on cyber-security from CRI 2.0

Italy is measured and found wanting in a country report produced by the author of the Cyber Readiness Index 2.0 which aims to benchmark the major economies of the world.

Birmingham cyber-sec chair demonstrates business-academic collaboration

Professor Mark Ryan takes the HP Chair in Cyber Security at the University of Birmingham to explore security issues where the digital and physical world blur.

Cyber-crime: on an upward trend

Cyber-crime growth is accelerating. Rob Wainwright reports how Europol's 2016 Internet Organised Crime Threat Assessment identifies an expanding cyber-criminal economy exploiting our increasingly Internet-enabled lives.

Do drug pump disclosures point to culture of insecurity in healthcare?

Researchers have uncovered security vulnerabilities in an insulin pump that had the potential to cost lives. SC asks if medical hardware device vulnerabilities are purely a technical problem, or whether a culture of insecurity is to blame...

Video: ISF's Durbin advises orgs to protect mission critical info assets

Information Security Forum managing director Steve Durbin sat down with SCMagazine.com executive editor Teri Robinson to discuss how organisations can better protect their mission critical information assets.

Payment fraud growth accelerates

Including fraud in the UK crime figures resulted in online crime overtaking physical crime, now Financial Fraud Action UK (FFA UK) reports that fraud in the payments sector has jumped 53 percent over last year.

Google refuses to patch alleged login page flaw

Google is refusing to patch an alleged faulty Login Page after an independent researcher claimed to have spotted a bug.

UK 'too attractive' to DDoS attackers

Distributed Denial of Service (DDoS) attacks are on the up according to new research; and the UK is firmly in the crosshairs.

Black Hat Las Vegas: Apple offers bug bounty programme

Apple is offering up to $200,000 to researchers reporting critical security vulnerabilities in Apple software, including its underlying operating system.

PhishMe codifies ransomware as a formal business model

Steganographic subterfuge: ransomware was already 'a thing', now it's a mature and established business model

Security researchers discover over 100 suspicious Tor nodes snooping on traffic

New research claims to show that up to three percent of hidden services directories, the backbone of the Tor anonymous router system, have been compromised, which could enable the identification of users in some cases.

Euro Data Chief: security is no excuse for flaky privacy

Privacy vs security is a contradiction in terms, according to the European Data Protection Supervisor Giovanni Buttarelli who has been reaffirming his opposition to encryption backdoors.

Florida researchers claim to discover cure for the common ransomware

By analysing changes in files, security researchers believe they have discovered a way to detect ransomware in the early stages of encrypting your data.

Business travellers putting organisations' cyber-security at risk

Private and corporate data are targets for hackers who are focussing their attention on rushed and stressed business people on the move.