An academic study of GitHub found that more than 100,000 of the web service's code repositories contain publicly accessible authentication secrets such as API and cryptographic keys.
PewCrypt is a Java-based ransomware that uses AES and RSA to encrypt files, while adding the extension ".PewCrypt". Decryptor available.
A new advanced persistent threat (APT) campaign injects a backdoor into ASUS Live Update Utility reports Kaspersky Lab, impacts more than a million users.
Flaw discovered in a security product given to banking customers to protect them against online threats. It allows hackers to inject remote commands into the product & take control of a system.
The US Department of Homeland Security has issued a warning to users of Medtronic defibrillators of two vulnerabilities that could lead to an attacker accessing and altering the device.
Hackers are continuing to abuse the recently patched zero day vulnerability in the WordPress plugin Easy WP SMTP that if exploited can give attackers administrative control of a site.
Two newly discovered critical vulnerabilities in Microsoft Windows 10 would enable an attacker to obtain access to Windows 10 computers and intercept sensitive information. Both now fixed in March update.
Invoices from a fake supplier tallied into the tens of millions of dollars and electronic payments were made by Google and Facebook into Latvian and Cyprian bank accounts controlled by Rimasauskas.
Facebook is once again making headlines after the company discovered it had been storing hundreds of millions of users passwords in plain text for years.
2018 saw a major rise in DDoS attacks against SaaS services, third-party data centres, cloud services, encrypted traffic, cloud-based services as well as in the profile of individual DDoS attacks.
Open Bug Bounty has launched its new GDPR PII Exposure programme which, it says, will make it easier for security researchers to report the exposure of personal data (PII) on websites to website owners.
Finalists for the SC Awards Europe 2019 are announced today. Best Security Company contenders are: Digital Shadows; Palo Alto Networks; Kaspersky Lab; CyberArk; Sophos; F-Secure. Best .......
The new joint Cyber-Telecom Crime Report 2019, published by Europol and Trend Micro details the ways cyber-criminals exploit vulnerabilities and access information via telecommunications technology.
18 security vulnerabilities found in reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others.
Facebook last month patched a critical denial-of-service vulnerability in Fizz, its open-source implementation for Transport Layer Security protocol TLS 1.3, researchers have reported.
Cisco Talos found 11 vulnerabilities in the CUJO Smart Firewall platform which could allow an attacker to take control of a device by executing arbitrary code or uploading & executing unsigned kernels on affected systems.
This week the Mozilla Foundation issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical.
The hospitality sector cyber-risk is highly relevant to the enterprise as business travel is an inescapable reality for many. It is consistently at the top of the data breach charts - a magnet to those who covet data.
Hackers carrying out business email compromise attacks are now trying to find out a victim's mobile phone number in order to initiate such attacks, according to new research.
Thanks to a newly agreed protocol, EC3 will be able to carry out rapid assessments of attacks, share critical information with other agencies, and coordinate the international aspects of their investigations.
A new Monero cryptomining campaign detected in the wild is being spread & operating in a manner more consistent with ransomware and other attacks that retain a level of persistence than has been seen before.
New Mirai malware adds broad range of exploits to existing code, as well as new brute force credentials.
SMEs may have finally grasped the challenges they face and are taking firm action to improve their cyber security, to prevent threat actors from leveraging flaws in their IT systems
Hackers stole information from former Israeli prime minister Ehud Barak's computer and phone months ago and sold it to Iran, according to multiple news outlets.
A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer.
Security advisory issued after privilege elevation vulnerabilities found in VMware Workstation Pro/Player and VMware Horizon.
London's top attractions have been attacked millions of times, including museums such as Imperial War Museum. Kew Gardens suffered 86 million recorded security incidents in the last financial year
The National Audit Office has criticised the Cabinet Office for failing to produce a business case for its £1.9 billion National Cyber Security Programme ahead of its implementation.
Phishing campaign attacker targets multiple customers and successfully executes payload without having to write the executable dropper or the payload to the disk by using process hollowing.
WordPress has released a security and maintenance patch which introduces 14 fixes and enhancements designed to help hosts prepare users for the minimum PHP version bump in version 5.2.
Trickbot modular banking trojan targets users' financial information & acts as a dropper for other malware to conduct system & network reconnaissance, harvest credentials & achieve network propagation
Zero-day vulnerability in versions 8 to 10 of the Microsoft Windows operating system allowed attackers to exploit a flaw in Windows' graphic subsystem to gain full control over a victim's computer.
What should motivate organisations to consider migrating to DevSecOps is that the lack of security in their DevOps approaches is already being exploited to the hilt by cyber-criminals.
Most controllers linked to the Emotet RAT resolve to IP addresses in South America, according to a report by Recorded Future.
Cyber-criminals are exploiting zero-day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan.
Newly discovered point-of-sale (POS) malware programs skims or scrape payment card information from e-commerce websites or in-store checkout terminals; GMO JS Sniffer, DMSniff and GlitchPOS
US Federal prosecutors are reportedly probing Facebook's data sharing partnerships with electronics companies, including smartphone makers, & a grand jury has subpoenaed information from at least two firms.
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use 2FA for security.
While the skills gap has been editorialised to death, less attention has been given to the problem of retaining those skilled staff once an organisation has recruited them. ISACA Report digs deeper.
A host of Twitter posts say Facebook is suffering its worst DDoS attack, with Facebook, Instagram, and WhatsApp users unable to get online, refresh feeds or post to the sites. Not so says Facebook.
China has been successfully attacking both the US Navy itself along with its suppliers and third-party vendors and stealing secrets to gain a military advantage says new Navy report.
More than two hundred malicious mobile apps with 250 million plus downloads globally used by their creators to spread adware and to steal sensitive data from devices in which they were installed.
The European Parliament adopted a new Cybersecurity Act on Tuesday in response to China's National Intelligence Law which compels domestic firms to "support, assist, and cooperate with state intelligence work".
The level of protection is reduced by half, but 2^63 is still a large number - however fixing the problem can potentially introduce new vulnerabilities or cause business systems to fail.
Hacked software enables drones to bypass no-fly zone restrictions; Israeli MOD and the Israel Innovation Authority grant US$1.2 million to develop AI to mitigate cyber-attacks in drones and robotics.
New ransomware has been discovered, promoted by hackers on Twitter, that uses NSA vulnerabilities EternalBlue and DoublePulsar to infect other systems.
Adobe has released patches to fix critical vulnerabilities in Photoshop CC and Digital Editions.
Microsoft's Patch Tuesday entry for March feature 18 critical security updates, out of 64 overall, all of which can lead to remote code execution if exploited and two of which are active in the wild.
Adversis researchers have discovered that dozens of companies have leaked sensitive data as a result of misconfigured Box accounts.
Several security vulnerabilities, three critical, have been discovered by researchers in Moxa industrial switches which are used extensively to build industrial networks for various sectors including oil & gas,
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout
Why do cyber security breaches continue to dominate the news headlines?
Brought to you in partnership with CrowdStrike