Security researchers have discovered fake WordPress plugins that act as backdoors for hackers and could be used to carry out DDoS and brute force attacks.
UC Browser found breaking several Google mobile app rules, possibly placing up to 500 million of its users at risk.
The Mind Your Own Business Act aims at protecting data and punish corporate executives who abuse it
Security researchers have discovered a bug in Sudo that bypasses privilege restrictions and enables hackers to execute commands as root on a Linux system.
VMware issues security advisory acknowledging a critical 'broken access control' vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry
Cisco releases 28 security advisories addressing a total of 30 vulnerabilities, including a critical unauthorised access bug found in the company's Cisco Aironet Access Points (APs) software
Two online recruitment companies leave AWS buckets holding CVs of more than 200,000 job-hunters public
Amazon Echo 1st generation and Amazon Kindle 8th generation devices harbour an old WiFi vulnerability enabling man-in-the-middle attacks
APT actors up their game; is it only a government concern or do enterprises need to pay more attention?
CISOs roll their eyes when they hear 'APT', or say they're not a real threat to most organisations, but they are on the rise, and their hacking techniques do pose a threat as they get weaponised by cyber-criminals.
Oracle issues more than 200 security patches, with Fusion Middleware, Java SE and MySQL receiving majority of the fixes
WordPress rolls out version 5.2.4 patching six vulnerabilities as a short-term fix prior to the release of version 5.3
The top 30 leading Android and iOS apps in the travel and tourism business fare poorly in security and privacy tests
Ethical hackers found 31 vulnerabilities - one rated critical while nine got a high severity rating - during the Pentagon's Hack the Proxy programme
Chinese APT actor Winnti Group uses backdoor to compromise a popular Asian mobile hardware and software vendor
Website claims to give iPhone users the ability to jailbreak their phones, instead plants malicious profile to conduct click-fraud
Anyone who is promoting their product as true AI its just talking bullshit, Eugene Kaspersky told delegates, via video, at Kaspersky's Next Conference in Lisbon on Monday.
Cyber-espionage platform Attor was utilised to target Russian-speaking individuals for at least seven years, finds ESET researchers
Zero-day vulnerability in Apple iTunes for Windows allows hackers to bypass antivirus detection on Windows devices
Data beach at Imperva was caused by a series of missteps during the migration to a cloud-based database service, says company CTO
Juniper Networks issues 27 software security advisories covering 84 product vulnerabilities, 31 of them critical
Panelists at DTX agreed that the focus needs to be on people, both users of cyber-security technologies and the general public, whether at home or at work, with technology subservient to secure usage.
There is a lack of formal education in cyber-security, says Tom Van de Wiele, principal security consultant, F-Secure
Grandmaster Garry Kasparov says its not the technology but the misuse of it by authoritarian governments that we have to be careful about
A US Defense Intelligence Agency analyst was arrested for supplying top secret national defense information on a foreign country's weapons systems to two journalists
Twitter discloses that it gave advertisers access to email addresses and phone numbers that users had supplied for two-factor authentication purposes
A newly published survey reveals that some 68 percent of IT security stakeholders don't know if they've experienced a Pass the Hash (PtH) attack. That isn't necessarily a cause for too much concern.
People need to know the company takes data theft seriously, and if colleagues are to report on suspicious behaviour, they need assurances of confidentiality - usually better achieved via HR than security teams.
California governor Gavin Newsom blocked police from using facial recognition technology in their body cameras
UK & US governments warn Windows, macOS & Linux users to update systems following discovery of multiple advanced persistent threat (APT) groups using a VPN exploit to remotely control computers.
Samy 'mypace' Kamkar credits environment as the most common factor that leads impressionable and talented teenagers to cyber-crime
Microsoft releases latest batch of security updates, fixing 59 vulnerabilities, nine of them critical
Decryptors are now publicly available for a Muhstik and HildaCrypt ransomware programs that recently emerged onto the scene
FBI issues an alert, warning about possible high-impact ransomware attacks targeting US businesses and organisations.
There has been a surge in female applicants for the NCSC's 2019 CyberFirst cyber-security summer courses (held in Cardiff, Belfast, Paisley, Newcastle, Birmingham and London), up 47 percent on 2018.
Data hoarded without any immediate use also could turn toxic for organisations, warn cyber-security experts
Research into DevOps reveals siloed thinking, lack of expertise and correct tools contributing to nearly half of firms not having completed developing their DevOps strategies, leaving companies vulnerable.
Several members-only dark web forums trade a stolen government database featuring the personal information of 92 million Brazilian citizens
Former Yahoo! software engineer pleads guilty of using his access privileges at the company to hack users' accounts and download private images and videos of young women
"All devices will go online regardless of their utility because of the data they can generate": cyber-security guru Mikko Hyppönen
Cyber-attacks tend to have a trickle down effect via a pyramid structure, with the top slot often occupied not by the cliched men in hoodies but by state intelligence organisation
Google's Pixel phone as well as devices from Samsung, Huawei, and Motorola affected by Android zero-day flaw.
Malware marks victims' TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later
Cisco issues a series of security updates, in the process disclosing 29 vulnerabilities, including 16 high-impact ones
Microsoft re-releases security update for a critical remote execution bug in Internet Explorer that has been actively exploited
Cyber-security readiness can have both positive and negative affects on company valuations when assessing acquisition targets. So how do you assess cyber-capability for M&A purposes?
Security firms Malwarebytes and HYAS string together several pieces of evidence that they believe tie Magecart Group 4 to the Cobalt Group
A "double-free" bug in WhatsApp lets attackers exploit it using a malicious GIF to access user content
New feature in Google's password manager will study a person's passwords and then inform them on its strength and whether it has been compromised
Sir Brian Leveson to lead the IPCO, providing independent oversight and authorisation of the use of investigatory powers by intelligence agencies, police forces and other public authorities.
Researchers uncover large Android banking trojan scheme that may have impacted hundreds of millions of Russians
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout