Research News, Articles and Updates

Sound used to track movement via smartphone and laptops speakers

CovertBand uses high-frequency audio to place people in a room and track a person's movements using the speakers and microphones that are found in many smartphones, laptops and other devices.

Web application attacks accounted for 73% of all incidents says report

Web application attacks accounted for 73 percent of all incidents and pure public cloud installations experienced the fewest security incidents in recent industry report.

Honeypot reveals lack of oversight opened door to WannaCry & NotPetya

If researchers paid more attention to the Shadow Brokers dump of alleged National Security Agency hacking tools back in April, the WannaCry and NotPetya attacks may have never happened.

Kids with attitude - the face of Islamic hacktivism exposed in blog

Most United Islamic Cyber Force (UICF) members are young people with a low level of technical skills, limited life experience, who had fallen victim to propaganda, according to research by law enforcement agencies and Group IB.

CREST says that cyber-security in ICS needs a kick up backside

The not-for-profit accreditation body CREST says a lack of "standards-based technical security testing" is putting industrial control system environments at risk.

Network routers could leak data from LED lights, say Israeli researchers

Israeli scientists have demonstrated a method to steal data from common routers through blinking lights, but no known malware currently uses this vulnerability.

WannaCry: McAfee outlines recovery technique for when the worst happens

A possible means to bypass the WannaCry decryption system has been developed by security researchers at McAfee. Here, the creators detail their experimental method.

New WanaCrypt0r variants spotted, but 'poor', version one worst over

While patching and software upgrades were still underway in the wake of the WanaCryptOr attack, reports of variants began appearing

APT32 targets private sector organisations with an interest in Vietnam

A cyber-espionage group dubbed APT32 is carrying out intrusions into private sector companies across multiple industries.

Ormandy criticised for revealing too much in Windows malware bug report

When security researcher Tavis Ormandy revealed a vulnerability in Microsoft's Malware Protection Engine, he published proof-of-concept code and earned himself a rebuke from Graham Cluley.

Both human and technical defences against email attachments inadequate

Conventional anti-virus and sandboxing solutions are no longer effective defences against malicious email attachments, but relying upon employees doesn't work for companies either.

ICYMI: Skype bug; Nomx slammed; Linus law down; Locky lives; LDAP DDoS

In Case You Missed It: Skype flaw Spyke; Nomx claims nixed; Linux law refuted? Locky's return; LDAP DDoS vector

The 2017 Verizon Breach Report: attacks pervasive but defenders have options

Three-quarters of breaches are down to outsiders and a quarter to insiders, and 73 percent are conducted for financial reasons with half involving organised crime says latest Verizon report.

Cyber-breaches wipe billions off investors' portfolios, report claims

A research report published by CGI claims to have been able to measure for the first time the impact that major cyber-incidents have on share prices - and it says it's getting worse.

Robotics industry 'must quickly mature its cyber-security practices'

New research into the security of robots and the software that controls them suggests that vulnerabilities could pose a serious risk to life and property.

IBM security researchers see the whole of Shamoon

Researchers find "missing link" in malware attack on Gulf states - explain how initial compromise escalates to wiping computer hard drives across an organisation.

RSA 2017: The systems, devices, flaws cyber-criminals will hit in 2017

SophosLabs' 2017 Malware Forecast highlights the areas that cyber-criminals will focus on in the coming year including IoT, MacOS, Linux and IoT.

University attacked by its own vending machines and other IOT devices

An unnamed University was attacked by some 5,000 campus devices from its vending machines to light sensors, "and all IOT devices" .

Researchers query hypervisor security in future AMD Zen processors

Technology in development that is designed to stop malicious hypervisors from reading and writing protected data in virtualised environments may not work as intended, researchers say.

Global cyber-security confidence falls to 70 percent

Second annual international survey of information security professionals finds global confidence in ability to accurately assess cyber-risk dropped 12 percentage points over 2016.

Research: Hacked companies could see customer exodus if breached

Study reveals 48 percent of people will close accounts following a data breach.

Eir we go again: Irish ISP router flaw allows total takeover

An open port linked to remote management software on Eir's D1000 modem router can allow an attacker to take over consumers' networks.

Italy gets mixed review on cyber-security from CRI 2.0

Italy is measured and found wanting in a country report produced by the author of the Cyber Readiness Index 2.0 which aims to benchmark the major economies of the world.

Birmingham cyber-sec chair demonstrates business-academic collaboration

Professor Mark Ryan takes the HP Chair in Cyber Security at the University of Birmingham to explore security issues where the digital and physical world blur.

Cyber-crime: on an upward trend

Cyber-crime growth is accelerating. Rob Wainwright reports how Europol's 2016 Internet Organised Crime Threat Assessment identifies an expanding cyber-criminal economy exploiting our increasingly Internet-enabled lives.

Do drug pump disclosures point to culture of insecurity in healthcare?

Researchers have uncovered security vulnerabilities in an insulin pump that had the potential to cost lives. SC asks if medical hardware device vulnerabilities are purely a technical problem, or whether a culture of insecurity is to blame...

Video: ISF's Durbin advises orgs to protect mission critical info assets

Information Security Forum managing director Steve Durbin sat down with SCMagazine.com executive editor Teri Robinson to discuss how organisations can better protect their mission critical information assets.