A new kind of phishing attack has been created and it uses server-parsed HTML as a base for its cyber-attack.
A flaw affects all WordPress websites where the Ad Inserter plugin version 2.4.21 or below is installed, and those affected are encouraged to update immediately
A researcher found a vulnerability that could allow attackers to pull and modify live information about drivers' vehicles through Tesla's customer service mechanism
MobonoGram 2019, advertised as an unofficial version of the Telegram messaging application with more features, runs an endless stream of malicious websites in the background
Researchers detail file-leaking API vulnerability in Lenovo-EMC Iomega external Hard Drives
Facebook called up again for violation of privacy rights, as it continues embedding tracking data inside photos that users download
Traditional security architecture is giving way to zero-trust architecture, as mobile work devices alter the concept and scope of network perimeter
Information-stealing malware TrickBot harvests addresses linked to several government agencies such as the US departments of Justice and the UK Ministry of Defence
There is no reason why applications can't be built securely but often they are not, BSI Cyber Security principal consultant Martin Pill told SC Media UK
Research by Immuniweb found 97 out of 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data.
Fake Amazon website 16Shop phishing tool lures victims into divulging financial information as Amazon Prime day starts.
Hackers within Bluetooth range could take over Glamoriser smart hair straighteners with their own phones, because there is no secure pairing or bonding process
GE acknowledges vulnerabilities in two of their anesthesia machine models, saying "a malicious party" can potential modify its working and results, while NHS emails have 11m attacks in three years
New versions of the advanced malicious surveillance tool FinSpy allow attackers to spy on all device activities and exfiltrate sensitive data such as GPS location, messages, pictures and calls.
Juniper has patched vulnerabilities across several product lines; Says there is no evidence of these issues being exploited
Cisco detected a "high" rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products due to an incomplete input validation
The way to secure the Internet of Things is to allow the self-organising migration of services away from a central cloud alone and into local infrastructure ecosystems where they can act independently. Or is it?
Apple watch users could listen through another customer's iPhone without consent in walkie talkie function that has now been disabled while a fix is created.
A study finds that education and transportation sector employees had the worst cyber-security knowledge, while finance industry employees were the most aware
Firefox developers and the greater Mozilla community detect a series of bugs, two of which were considered critical flaws
Privacy activist Max Schrems continues his legal battle to revamp the US-EU data-transfer mechanism, while Facebook says removing existing provisions will jeopardise trans-Atlantic trade
Security researcher have discovered a vulnerability in Siemens STEP 7 TIA Porta that affects the same family of devices compromised in the Stuxnet attack putting CNI at risk - patch available.
A MongoDB database that held records sourced from websites including Pipl.com and LexisNexis, was accessible to anyone with an internet connection
Microsoft's July 2019 Patch Tuesday included updates for 77 vulnerabilities
Adobe patches three vulnerabilities for Experience Manager and one each for Bridge and Dreamweaver
A fileless malware campaign abused a multiple of legitimate services, including the Windows Management Instrumentation Command-line tool, in order to deliver the final payload
Researchers reveal serious vulnerability in Zoom video conferencing app, which could allow websites hijack Mac cameras
Assante, director of critical infrastructure and ICS at the SANS Institute, USA, passed away early on July 5 after losing a long battle with cancer
BianLian, which first appeared as a dropper in October 2018, has turned spyware by adding screen recording module
Aurélio Blanquet, the recently elected Chair of the European Network for Cyber Security (ENCS ) Assembly Committee, calls for harmonisation and cooperation, particularly to close skills gap.
The ICO has proposed a £183 million data-breach penalty on British Airways; the biggest fine ever handed out by the ICO and the first to be proposed under GDPR
The Chartered Institute of Information Security Professional becomes first Royal Chartered body for information security - a status it says it will use to set the standards for skills and knowledge in the industry.
Police forensics provider Eurofins Scientific, victim of ransomware attack last month, is reported by the BBC to have paid a ransom to the attackers.
Deficient security monitoring, legacy systems and inadequate investment in security mean that even after WannaCry, the NHS remains vulnerable to cyber-attacks
To protect your company you need to protect your staff, hence training should include warnings of scammers promising to provide a 'verified' badge to lure Instagram users and phish their login credentials away
All URL-detecting security measures are being avoided by criminals delivering malicious QR codes to victims' mobile phones as part of phishing campaigns
More than a quarter of 10,000 respondents to a global survey said they would rather have their cyber-security managed by artificial intelligence than human operatives - but didn't understand how AI works.
VMware has started patching two flaws, SACK Panic (CVE-2019-11477) and SACK Excess Resource Usage (CVE-2019-11478), which were originally found by Netflix researchers
Canada's CSE warns about attempts by foreign actors to influence the election in October; US homeland security alerts about phishing attempts that might target state and local election systems
D-Link settled a lawsuit based on a 2017 complaint that its routers and IoT cameras exposed sensitive consumer information to third parties while the company claimed they were secure
Two contributors to the OpenPGP community become victims of certificate spamming; More attacks expected
A HawkEye Reborn keylogger, Remcos remote access trojan (RAT), and various other cryptocurrency mining trojan campaigns are using the age-old "Heaven's Gate" technique to avoid antivirus detection
A new Act introduced in New York makes it mandatory for companies to disclose a data-breach incident even if an unauthorised person merely accesses the information
US CyberCom flags three tools that are "likely used for the manipulation and of exploited web servers" with "a clear capability on the part of the attacker to interact with servers they may have compromised"
The Canadian entertainment company and the largest theatrical producer in the world launched the app to promote the show TORUK - The First Flight, an Avatar-themed act that ended its five-year run on 30 June with a final show in London
A fake Flash Player trojan malware is targeting Macs was spotted in several places on the web, from sketchy copyright-infringing download sites to rogue, high-ranking, non-sponsored Google search results links
Reset codes are among the data exposed at Orvibo, making it easier for attackers could use the information to lock the customers of the Chinese home solutions company out of their accounts and eventually gain full control of their devices
23 EU Member States, ENISA and the European Commission meet in Paris for the two day Blue OLEx 2019 European cyber-crisis management exercise, within the framework of the NIS cooperation group.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout