Ethical hackers on the HackerOne platform are reported to have earned a cumulative US£100 million finding and reporting vulnerabilities through bug bounty programmes.
Robert Hannigan: Companies are imposing cybersecurity & data loss prevention standards on their law firms & monitoring their compliance. Law firms have had contracts terminated as a result.
A memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack according to Cisco's Customer Experience Assessment & Penetration Team (CX APT).
Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver.
The SC Awards Europe 2020 winners will be announced live online at 4pm each day on Tuesday 2nd June, tWednesday the 3rd and Thursday the 4th June - with engagement from viewers encouraged.
Fundraiser today crowd-sourcing support for FOSS contributors and organisations affected by COVID-19 pandemic, especially in the face of event cancellations.
Software company warns of threat that installs the NetSupport Manager remote administration tool to take over a system and execute commands remotely.
Hack uses OAuth2 framework and OpenID Connect protocol to access user data, bypassing 2FA.
Top10 most exploited vulnerabilities - no excuses - 'absolutely critical to patch as soon as possible'
Attackers targeting vulnerabilities & misconfigurations caused by hasty deployment of cloud services during the dramatic shift to remote working: "its absolutely critical to patch as soon as possible."
The Information Commissioner's Office has not done enough when it comes to GDPR, some industry experts have claimed.
The Minisry of Defence Strategic Command’s innovation hub, jHub, is supporting NHSx to securely gather and share COVID-19 symptom data for project OASIS.
US Attorney General William Barr calls for encryption backdoors after Saudi airman shooter discovered to be connected to al Qaeda after the US FBI cracked encryption on his iPhones.
ProLock ransomware also exploits unprotected Remote Desktop Protocol (RDP)-servers with weak credentials.
Experts discuss the stresses of cybersecurity and the impact it can have on their mental health, and what business leaders can do to encourage team members and help to relieve stress and burnout.
Leading educational facilities among those whose supercomputers were infected - in the UK, Switzerland Germany and one suspected in Spain - according to reports.
Coronavirus hasn't stopped our cyber-warriors continuing to excel, innovate, develop and deploy new solutions and raise up new champions, celebrated at the online SC Awards Europe 2020
Copperhedge, Taintedscribe and Pebbledash malware are the subject of recent analysis with all three believed to be operated by the North Korean operated Hidden Cobra APT group.
One of the UK government’s “strategic suppliers” is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen.
Cheltenham set to be transformed into the UK’s 'Silicon Valley to build cybersecurity capacity and bridge the skills gap in the UK.
For the third consecutive month Microsoft issued a hefty list of Patch Tuesday security updates covering 111 CVEs with 16 making the critical list.
A month after hacker forum WeLeakData.com was closed, the content of its database, including hackers’ private messages, is for sale on the dark web.
New report finds average cost of recovery is US$ 1.4 million (£1.1 million) if organisations pay the ransom, but US$ 730,000 (£593,000) if they do not. A quarter of victims admit paying up.
Of 34 CISCO security updates, eight impact the company’s Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defence Software.
Massive growth in XSS flaw attacks on WordPress websites over past week - up 30 times - mostly from a single threat actor.
Malicious actors pounce on a pair of critical vulnerabilities found in SaltStack’s open-source, event-based IT automation & configuration management tool Salt. “Salt master” servers compromised.
Trials have begun this week on the Isle of Wight for a Coronavirus tracing app, and while security and privacy are a key component, news of a glitch in an Indian app mean the issue remains under scrutiny.
White hat hacker reveals potential for ‘crying wolf’ exploit of weakness in 1980s tech that could potentially cause collisions when planes are in autopilot by social engineering of IOT.
Industry experts ‘encouraged’ by a government bid to plug a tech skills gap with a training boost for young people in preparation for life after Coronavirus.
Credential stealing attack uses Microsoft Teams notificaiton, numerous URL redirects, to conceal from email protection services.
The virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalise on global fears, as well as dramatic shifts in supply and demand.
Privacy advocates wary of the uses to which tracing app data may be put plus technical security, EU call for standarisation; NHS bluetooth app due; GCHQ gets access; encrypted decentralised approach
Security researchers have warned that newly created mobile banking malware can not only grab passwords for more than 200 financial apps, but intercept two-factor authentication codes as well.
The SAS@home event ranged over a Vietnamese APT, Czech disinformation, using open source intel to identify your vulnerabilities, to why tools cluster 'pre-boom' rather than in remediation
Warwick University has reportedly kept secret from staff and student data breaches to its infrastructure. Breach happened after employee unwittingly installed malware.
The global pandemic has seen cyber attacks grow and overall security stances slip, according to a survey from (ISC)² which says 47% of cybersec staff have been taken off security duties
Sophos and its customers were victimised when a previously unknown SQL injection vulnerability in the company’s physical and virtual XG Firewall units was exploited
Malicious Gif sent to victims could let malware scrape data in Microsoft Teams and spread to other groups.
Apple denies that a flaw in its email app leaves half a billion users vulnerable to hackers
£1.25 billion government support package to help UK businesses driving innovation and development through the coronavirus outbreak - critical to support UK's strong cyber-security innovation ecosystem.
58% of organisations say their ability to monitor, detect and respond to insider threat is only somewhat effective, not so effective or not at all effective. Only 12% thinking they are extremely effective.
Skeleton key could unlock Azure environment for cyber-criminals - not a vulnerability, but a new way to exploit an Azure synced environment so no patch expected.
Update with Covid-19 Tracing App index of 40 apps; will these apps result in permanent loss of privacy?
Unless we believe that the coronavirus threat is permanent then the public interest test to allow Covid-19 tracking apps surveillance capabilities is only passed for so long as the threat remains.
Scam reporting service launched to flag suspicious emails for the NCSC to assess and take down malicious content, Cyber Awareness campaign starts, includes advice on securing video-conferencing.
A lack of business network visibility is resulting in a series of common internal disconnects between IT, network and security functions, with 84% of security and IT teams admitting a negative relationship.
New report shows that Coronavirus lockdown has led to hackers targeting remote workers as a way into corporate networks.
Attackers who exploited CVE-2019-11510 and stole a victim organisation’s credentials could still be able to access that organisation’s network if it patched this vulnerability but didn't change passwords.
The NCSC has announced the alpha release of its Secure Communications Principles.
Software vulnerability brokers are reportedly looking to sell two zero-day Zoom video conferencing app exploits – one affecting Windows clients and the other impacting OS X clients.
New Agent Tesla malware module used to steal passwords from infected Wi-FI systems.
Onfido announces US$100 million (£91 million) funding round, led by TPG Growth, bringing total investment in the secure ID tech company to US$200 million (£182 million).
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout