Cylance's AI based antivirus product can be gamed so that attackers can bypass the system's machine learning algorithm and suspect code can be inserted from a file been previously marked as safe
The UK government has launched plans to make it safer for people to confirm their identity online and it is claimed that this could add three percent to the UK GDP by 2030, which should help the digital economy.
FaceApp is granting itself permission to use names, usernames and all likenesses in any media format without compensation whilst an impersonating app attacks users' devices with adware module, MobiDash.
Drupal released a security update to patch an access bypass vulnerability in Drupal Core, which could allow an attacker to take control of an affected website.
Malicious actors may use unique "identifying tokens" to circumvent anonymisation protections on Bluetooth Low Energy devices
Mirai malware has branched out into more than 60 known variants since it first wreaked havoc in 2016
Cisco released security updates for multiple products, some of which contain vulnerabilities that, if exploited would allow an attacker to take control of an affected system.
ElectionGuard assigns an encryption-enabled verification mechanism that distributes unique tracking codes to voters, which they can use to independently confirm that their votes were counted and not altered
Criminal cyber-infrastructures used to attack the UK have fallen with two thirds fewer IP addresses used by attackers in 2018 says the NCSC's latest Active Cyber Defence (ADC) report published earlier this week.
Threat of a Wannacry-style attack looms large, as many organisations harbour outdated, unpatched Windows systems despite repeated alerts
JetBlue flight halted as someone nearby - potentially a passenger - share the suicide vest picture to passengers and crew through Bluetooth
A new addition to the data breach reference website "Have I Been Pwned?" seemingly reveals that more than 100 million accounts were compromised in this year's data breach of the event-planning service Evite.
Human brains will be linked up to computers using 'flexible threads' created by Neuralink, the company founded by Elon Musk.
A new kind of phishing attack has been created and it uses server-parsed HTML as a base for its cyber-attack.
A flaw affects all WordPress websites where the Ad Inserter plugin version 2.4.21 or below is installed, and those affected are encouraged to update immediately
A researcher found a vulnerability that could allow attackers to pull and modify live information about drivers' vehicles through Tesla's customer service mechanism
MobonoGram 2019, advertised as an unofficial version of the Telegram messaging application with more features, runs an endless stream of malicious websites in the background
Researchers detail file-leaking API vulnerability in Lenovo-EMC Iomega external Hard Drives
Facebook called up again for violation of privacy rights, as it continues embedding tracking data inside photos that users download
Traditional security architecture is giving way to zero-trust architecture, as mobile work devices alter the concept and scope of network perimeter
Information-stealing malware TrickBot harvests addresses linked to several government agencies such as the US departments of Justice and the UK Ministry of Defence
There is no reason why applications can't be built securely but often they are not, BSI Cyber Security principal consultant Martin Pill told SC Media UK
Research by Immuniweb found 97 out of 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data.
Fake Amazon website 16Shop phishing tool lures victims into divulging financial information as Amazon Prime day starts.
Hackers within Bluetooth range could take over Glamoriser smart hair straighteners with their own phones, because there is no secure pairing or bonding process
GE acknowledges vulnerabilities in two of their anesthesia machine models, saying "a malicious party" can potential modify its working and results, while NHS emails have 11m attacks in three years
New versions of the advanced malicious surveillance tool FinSpy allow attackers to spy on all device activities and exfiltrate sensitive data such as GPS location, messages, pictures and calls.
Juniper has patched vulnerabilities across several product lines; Says there is no evidence of these issues being exploited
Cisco detected a "high" rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products due to an incomplete input validation
The way to secure the Internet of Things is to allow the self-organising migration of services away from a central cloud alone and into local infrastructure ecosystems where they can act independently. Or is it?
Apple watch users could listen through another customer's iPhone without consent in walkie talkie function that has now been disabled while a fix is created.
A study finds that education and transportation sector employees had the worst cyber-security knowledge, while finance industry employees were the most aware
Firefox developers and the greater Mozilla community detect a series of bugs, two of which were considered critical flaws
Privacy activist Max Schrems continues his legal battle to revamp the US-EU data-transfer mechanism, while Facebook says removing existing provisions will jeopardise trans-Atlantic trade
Security researcher have discovered a vulnerability in Siemens STEP 7 TIA Porta that affects the same family of devices compromised in the Stuxnet attack putting CNI at risk - patch available.
A MongoDB database that held records sourced from websites including Pipl.com and LexisNexis, was accessible to anyone with an internet connection
Microsoft's July 2019 Patch Tuesday included updates for 77 vulnerabilities
Adobe patches three vulnerabilities for Experience Manager and one each for Bridge and Dreamweaver
A fileless malware campaign abused a multiple of legitimate services, including the Windows Management Instrumentation Command-line tool, in order to deliver the final payload
Researchers reveal serious vulnerability in Zoom video conferencing app, which could allow websites hijack Mac cameras
Assante, director of critical infrastructure and ICS at the SANS Institute, USA, passed away early on July 5 after losing a long battle with cancer
BianLian, which first appeared as a dropper in October 2018, has turned spyware by adding screen recording module
Aurélio Blanquet, the recently elected Chair of the European Network for Cyber Security (ENCS ) Assembly Committee, calls for harmonisation and cooperation, particularly to close skills gap.
The ICO has proposed a £183 million data-breach penalty on British Airways; the biggest fine ever handed out by the ICO and the first to be proposed under GDPR
The Chartered Institute of Information Security Professional becomes first Royal Chartered body for information security - a status it says it will use to set the standards for skills and knowledge in the industry.
Police forensics provider Eurofins Scientific, victim of ransomware attack last month, is reported by the BBC to have paid a ransom to the attackers.
Deficient security monitoring, legacy systems and inadequate investment in security mean that even after WannaCry, the NHS remains vulnerable to cyber-attacks
To protect your company you need to protect your staff, hence training should include warnings of scammers promising to provide a 'verified' badge to lure Instagram users and phish their login credentials away
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout