Buffer overflow vulnerability in the Squid web proxy could put organisations at risk with attackers potentially gaining ability to execute arbitrary code.
Millions knowingly putting their systems at risk of the next WannaCry by failing to update from Python 2
WannaCry ransomware as a classic example of what can happen when organisations run unsupported software, and to continue using Python 2 past its end of life equals accepting all those risks says NCSC
A vulnerability has been found in Bitdefender Antivirus Free 2020 that could allow an attacker to load unsigned code that could lead to privilege escalation
A lack of investment in cyber-security protections could imperil the future of smart cities and the IoT devices on which they run
A new type of Android-centric spyware has been found that is capable of avoiding Google's app-vetting process
About 200,000 domains are newly registered every day, of which 70 percent are used for a wide range of nefarious activities
Companies focused on compliance tended to struggle to patch all high-risk vulnerabilities across their organisation and tended to be slower in patching high-risk vulnerabilities. Those performing better used....
Paige Thompson, the person behind the massive Capital One data breach that exposed more than 100 million records will request a bail before a federal judge on 23 August
Instagram recruits white-hat researchers to test the security of its new Checkout feature, while a 2012 hoax meme finds more takers
A MoviePass subdomain database housing 161 million records was left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service's customers
Malware combines Python and PowerShell to create a cryptocurrency miner, which also has a worm-like component that helps it move laterally and infect victims
The Google Nest Cam IQ Indoor camera harbours a series of security loopholes, which could be used to disrupt or hijack the device
Records of online porn access from all over the world exposed, with particular concentrations located in France, Germany and Russia
Apple's latest iOS update reportedly undid a patch that was introduced in the previous release
Ransomware threats continue to evolve at an accelerated rate, according to security researchers
The US has renewed a temporary licence that allows American companies to sell their products to Huawei, saying more time is necessary to prevent any disruption
Olympic Park accelerates growth for UK cybersec ventures - provides connected base for internationals
Lorca and Plexal provide a collaborative campus to rapidly scale up 72 cybersec companies with £13.5 million government investment.
Using external data storage and third-party digital technology clearly puts banks on the hackers' radar, warned European Central Bank's supervisory arm director general Korbinian Ibel following a hack of ECB's website
A youth has been imprisoned for 16 months for DDoS-ing UK police websites, while another got 20 months after being caught advertising compromised data and illegal hacking services
UK's data-protection authority is looking into the facial-recognition system installed by real estate developer Argent in London's King's Cross area
Estonia's president calls on state to develop cyber-security, cryptography capabilities after an earlier ID card crisis put half the population at risk of id theft.
Adobe has patched several vulnerabilities, including 76 important ones in Acrobat and Acrobat Reader as well as several critical ones in Creative Cloud and Experience Manager
A new Remcos remote access trojan campaign uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques
Almost half of the cyber-security incidents reported in the UK over the past 12 months were caused by internal errors, where employees failed to follow security protocol or data protection policies
Collaborative Alliance for Cybersecurity confirms role in delivering UK Cyber Security Council, with lead role given to the Institution of Engineering and Technology (IET)..
Cisco Systems issued a series of security updates addressing 26 vulnerabilities, including two critical ones found in its Small Business 220 Series Smart Switches
Microsoft's CTF protocol harboured a series of 20-year-old flaws that could allow unauthorised parties to take over applications that use said protocol
A cybercriminal operation that's been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites
Intel has patched several vulnerabilities, including three high-rated issues that cover Intel's NUC (CVE-2019-11140), Processor Identification Utility for Windows (CVE-2019-11163) and Computing Improvement Program (CVE-2019-11162)
Biostar 2, used by thousands of companies worldwide, including the UK's Metropolitan Police and several banks, allowed access to data that include more than a million fingerprints
The unencrypted and easily interceptable check-in links of British Airways enable unauthorised third parties to view and change passengers' flight booking details and personal information
Malicious clicker trojans Android.Click.312.origin and Android.Click.313.origin have been found in a wide variety of normal-looking and operable apps, including maps, QR code readers, dictionaries, fitness trackers, route finders and text editors
Microsoft Security Response Center has listed two flaws, CVE-2019-1181 and CVE-2019-1182, in Remote Desktop Services as "wormable" and urged users to patch affected systems quickly
The White House has apparently drafted an executive order that would give the Federal Communications Commission the authority to influence regulations on how social media companies like Facebook obtain and post content to their sites
The Centre for Connected and Autonomous Vehicles (CCAV) will invest £2 million in a maximum of five cyber-security projects for testing autonomous vehicles
Veteran threat actor group Cloud Atlas boosts favoured tactics, tools and procedures by introducing polymorphic components that hinder detection
More than 40 Microsoft-certified software drivers from 20 high-profile vendors have been found to contain vulnerabilities that can be exploited by attackers
A new remote access trojan scans a device's Chrome browser history and collect application data, including the number of times the user has visited specific websites
Apple is opening up its phones to selected researchers to find flaw, and has increased its bug bounty to US$1 million: rogue iPhone cables latest threat
Security issues in F5 devices potentially make hundreds of thousands of load balancers into cyber-attack entry-points
There has been a significant ramping up of NHS IT spend following the May 2017 Wannacry ransomeware attack, with 65 NHS Trusts spending £612,128,793 in the 2018/19 financial year.
Poor vetting of 'Right of Access' requests under GDPR offers chance of data theft, found an Oxford University scholar
Systems from the top US voting machine vendor, some hooked to the internet for a year or more, were found in counties in swing states Florida, Michigan and Wisconsin as well as in other states
Facebook users in Illinois, USA, has obtained the right to sue the social media company under the Illinois Biometric Information Privacy Act (BIPA), which requires organisations to obtain user permission to collect and store biometric information
OpenDreamBox WebAdmin plug-in could enable hackers to execute commands on remote machines
Researchers seeking profit beyond that of a traditional bug bounty reward will require a fair share of business acumen to seal the deal, says former vulnerability broker Maor Shwartz
Even a smaller firm can successfully create and run a bug bounty programme, says Adam Ruddermann of NCC Group
Attackers are exploiting registration, subscription, and feedback forms on legitimate websites of respected and trustworthy companies for spam and phishing campaigns.
Enterprises are increasingly monitoring employees by way of their email and social media usage, often by AI-powered technologies. There are ethical questions that have to be asked. So SC Media UK asked them.
A US appeals panel has rejected the proposed £4.5 million settlement by Google on a privacy violation lawsuit
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout