Phishing campaign in the guise of Google Docs forms asks for updating of Office 365 accounts to create fake Microsoft login pages to harvest corporate user credentials.
Joker spyware reappeared on the Google Play store over the last few months, a few samples at a time
Default password could let anyone gain access to Cisco Smart Software Manager On-Prem
CISOs across the world expect cyber-security talent shortage to worsen; 66 percent struggle to recruit senior talent, says survey
Increasingly tech needs to be coupled with an ability to see the big picture, strategise and articulate problems and potential solutions to policy makers - which is where the Cyber 9/12 Challenge comes in.
A survey by Egress says 97 percent of respondents listed insider data breaches are a major point of worry
Despite the harm data breaches do to business reputation, several UK enterprises remain alarmingly unprepared in cyber-defence, even complacent
A slew of flaws have been found that could affect devices running the Bluetooth Low Energy (BLE) protocol.
OS updates happen continuously and security demands constant change, but compatibility issues make OS migration a headache for most IT pros
Czechs authorities bounce into action, start an investigation after the disclosure that cyber-security company Avast had harvested customer data before selling it onto other firms.
We audit to understand AI decision-making, but not for the risk of subversion; security comes in last. 2019 saw a big increase in commodity malware abusing SSH machine identities in various ways.
Swiss firm Crypto AG was used by the intelligence agencies of Germany and the US to spy on foreign governments for decades - while they paid for the privilege.
Flaw in Windows-based troubleshooting program SupportAssist, pre-installed on nearly every new Dell PC
US Justice Department held four members of China's People's Liberation Army responsible for the Equifax data breach
Ransomware operators have started using legitimate, digitally signed hardware drivers to delete security products from targeted computers
Phishing campaign specifically targets users of Android devices to deliver Anubis, a malware that was originally used for cyber-espionage, now retooled as a banking trojan
With just six days to go until the SC Awards Europe final submission date of midnight 13 February, all potential winners with uncompleted entries are advised to finalise your entry as soon as possible.
Security professionals tasked with implementing zero-trust systems admit lack of confidence in their ability to apply it to the organisational security access architecture
Unit 42 Cloud Threat Report uncovers 199,000 insecure cloud templates, finds 43 percent of cloud databases unencrypted.
Multiple WhatsApp vulnerabilities could aid phishing campaigns and ransomware
Compensation was paid to most (71 percent) organisations hit by a supplier-related data incident if they had specific data usage guidelines for partners and subcontractors
Using cleaners to gain physical access and insert USBs into computers, criminal gangs are reverting to old school techniques - and they still work, police head tells delegates.
The hackers behind Trickbot have added a new Windows 10 UAC bypass to the malware to in order to execute code without the victim knowing.
This infographic provided by CurrentWare shows key reasons why remote workers are so vulnerable to cyber-security threats and provides actionable tips to help accommodate remote workers safely.
The Swiss multinational investment bank and financial services company started phasing out passwords from the identification and access system for its customers and employees
Israel National CERT executive director Lavy Shtokhamer explains to SC the need for proactive defence and coordination within and among nations
An annual mass survey of the diversity of talent working in cyber-security - encompassing all staff currently in the sector - launched by the National Cyber Security Centre (NCSC) and KPMG UK.
Security researchers have discovered a vulnerability in a WordPress plugin that enables attackers to forge a request on behalf of an administrator and inject executable code on a vulnerable site.
DMA attacks enable attackers to read & write memory off a victim system directly, bypassing the main CPU & OS. Using Dell and HP laptops, researchers found two different vulnerabilities, now mitigated.
The UK’s cyber security industry is now worth an estimated £8.3 billion, with total revenues in the sector up 46 percent from £5.7 billion in 2017 says DCMS UK Cyber Security Sectoral Analysis 2020 report.
CEOs are increasingly concerned about sophisticated cyber attacks on their own companies with four-in-five executives fearing cyber-attacks on their own company modifying their own online behaviour.
EU announces guidelines that its 28 member countries can restrict or ban high-risk 5G vendors from core parts of their telecoms networks, and are advised to use multiple suppliers, following UK lead.
The government today confirmed that it will allow Chinese manufacturer Huawei to help build the country’s 5G network - with restrictions - in defiance of US objections,
IoT networks using the LoRaWAN protocol are often insecure, according to researchers, due to a range of encryption issues and poor configuration choices.
Rights groups raise concerns about the legality of London Met Police’s surveillance software and its impact on privacy
To share best practice among ISPs the World Economic Forum and its global partners have published Cybercrime Prevention Principles for Internet Service Providers.
GE Healthcare’s Carescape patient monitoring devices have six high-severity security vulnerabilities, warned the US Cybersecurity and Infrastructure Agency
Kumar Ritesh, chairman and CEO at CYFIRMA, discusses the rising tide of data breaches in 2019, as SC Media UK collates the top 10 data breaches disclosed last year
BitPyLock threat actors are now exfiltrating data before the ransomware encryption begins
Early this month several parties published exploits taking advantage of the vulnerability, putting unmitigated user systems at risk. Citrix users are recommended to run this tool as soon as possible
The Muhstik botnet harvests vulnerable Tomato routers and researchers report that Muhstik mainly launches cryptocurrency mining and DDoS attacks in IoT bots to earn profit.
NSO denies involvement in case of Jeff Bezos, alleged to have had his phone hacked via a video file from the WhatsApp account of Saudi Arabia's crown prince, Mohammed bin Salman.
CyberRisk Alliance ("CRA"), a US-based cyber-security & information risk management business intelligence company & owner of SC Media, has appointed David Longobardi as Chief Content Officer.
Employee data of co-working provider Regus breached after third party accidentally publishes sales staff performance data
Entries close soon for SC Awards Europe 2020 which early indications suggest will be the most successful yet; we are honoured to have the endorsement of BT Security as headline sponsor for this year's Awards.
Betting companies have accessed a large, detailed database of the personal details of 28 million UK children, held by the Learning Records Service
Stats and expert comments on developments in data regulation; AI and machine learning; cloudsecurity; IOT & IIOT; Next gen authentication.
Two-factor authentication is easily thwarted by social engineering hence Sim swap attacks risk making 2FA via smartphones obsolete, according to security researchers.
The UK is the European country most attacked by cyber-criminals and within the UK London is disproportionately the target, suffering as many breaches as several European countries combined.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout