London's top attractions have been attacked millions of times, including museums such as Imperial War Museum. Kew Gardens suffered 86 million recorded security incidents in the last financial year
The National Audit Office has criticised the Cabinet Office for failing to produce a business case for its £1.9 billion National Cyber Security Programme ahead of its implementation.
Phishing campaign attacker targets multiple customers and successfully executes payload without having to write the executable dropper or the payload to the disk by using process hollowing.
WordPress has released a security and maintenance patch which introduces 14 fixes and enhancements designed to help hosts prepare users for the minimum PHP version bump in version 5.2.
Trickbot modular banking trojan targets users' financial information & acts as a dropper for other malware to conduct system & network reconnaissance, harvest credentials & achieve network propagation
Zero-day vulnerability in versions 8 to 10 of the Microsoft Windows operating system allowed attackers to exploit a flaw in Windows' graphic subsystem to gain full control over a victim's computer.
What should motivate organisations to consider migrating to DevSecOps is that the lack of security in their DevOps approaches is already being exploited to the hilt by cyber-criminals.
Most controllers linked to the Emotet RAT resolve to IP addresses in South America, according to a report by Recorded Future.
Cyber-criminals are exploiting zero-day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan.
Newly discovered point-of-sale (POS) malware programs skims or scrape payment card information from e-commerce websites or in-store checkout terminals; GMO JS Sniffer, DMSniff and GlitchPOS
US Federal prosecutors are reportedly probing Facebook's data sharing partnerships with electronics companies, including smartphone makers, & a grand jury has subpoenaed information from at least two firms.
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use 2FA for security.
While the skills gap has been editorialised to death, less attention has been given to the problem of retaining those skilled staff once an organisation has recruited them. ISACA Report digs deeper.
A host of Twitter posts say Facebook is suffering its worst DDoS attack, with Facebook, Instagram, and WhatsApp users unable to get online, refresh feeds or post to the sites. Not so says Facebook.
China has been successfully attacking both the US Navy itself along with its suppliers and third-party vendors and stealing secrets to gain a military advantage says new Navy report.
More than two hundred malicious mobile apps with 250 million plus downloads globally used by their creators to spread adware and to steal sensitive data from devices in which they were installed.
The European Parliament adopted a new Cybersecurity Act on Tuesday in response to China's National Intelligence Law which compels domestic firms to "support, assist, and cooperate with state intelligence work".
The level of protection is reduced by half, but 2^63 is still a large number - however fixing the problem can potentially introduce new vulnerabilities or cause business systems to fail.
Hacked software enables drones to bypass no-fly zone restrictions; Israeli MOD and the Israel Innovation Authority grant US$1.2 million to develop AI to mitigate cyber-attacks in drones and robotics.
New ransomware has been discovered, promoted by hackers on Twitter, that uses NSA vulnerabilities EternalBlue and DoublePulsar to infect other systems.
Adobe has released patches to fix critical vulnerabilities in Photoshop CC and Digital Editions.
Microsoft's Patch Tuesday entry for March feature 18 critical security updates, out of 64 overall, all of which can lead to remote code execution if exploited and two of which are active in the wild.
Adversis researchers have discovered that dozens of companies have leaked sensitive data as a result of misconfigured Box accounts.
Several security vulnerabilities, three critical, have been discovered by researchers in Moxa industrial switches which are used extensively to build industrial networks for various sectors including oil & gas,
Facebook has filed a lawsuit against two Ukrainian men accused of creating fraudulent quiz applications that tricked users into installing malicious browser extensions.
A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials.
Software firm Citrix has admitted that its networks have been accessed by hackers and data exfiltrated after the company recieved a tip off from FBI.
UK Foreign Secretary Jeremy Hunt calls for a strategy that deters hostile states from intervening in free elections, announced: "Britain now has a National Offensive Cyber Programme."
Google is recommending all Chrome users immediately update their browser to fix a zero-day issue that is being exploited in the wild in combination with another vulnerability found in Windows. Together, the two bugs could enable a security sandbox escape.
A flaw within the BigBobRoss ransomware's code has been identified that can be used to decrypt the AES-128 ECB encrypted files without paying the ransom and a decrypter is now available.
A data leak at data validation company Verifications.io is three times larger than originally reported, comprising two billion leaked records not 809 million, according to cyber-security company Dynarisk.
An updated version of the brute-force malware StealthWorker has been discovered by security researchers. The new version amasses an army of bots to brute force its way into infecting e-commerce sites and content management systems.
In among the most significant steps taken so far to bring to an end the widespread use of passwords, the World Wide Web Consortium (W3C) & the FIDO Alliance have made the new Web Authentication specification the official standard.
Pinchy Spider and its affiliated cyber-gangs are reacting to attempts to decrypt and defend against their flagship malware GandCrab by altering how the ransomware is deployed and recruiting new members to broaden the gang's cyber-skills.
Facebook will pivot toward privacy over the next few years, "building a privacy-focused messaging and social networking platform" that includes end-to-end encryption, CEO Mark Zuckerberg said Wednesday.
Small organisations often don't have the resources to put toward cyber-security - and the shortage of skilled talent makes their plight even more difficult, Nathan Wenzler, senior director of cybersecurity at Moss Adams, told SC Media Executive Editor Teri Robinson.
What do the 3ve ad fraud campaign, the Magecart credit card skimming attacks and the Facebook-Cambridge Analytica scandal have in common? They were all made possible through the use of unmanaged third-party code
The latest Mobile Security Index from Verizon paints a contrary picture of the mobile security landscape, at least when viewed from the enterprise perspective.
Many corporate IT security organisations are starting to realign their strategies by taking less of a technology-focused approach and instead prioritising what's most important from a global business perspective according to Emily Heath, VP and CISO at United Airlines in the US.
SC Media's Senior Reporter Bradley Barth once again commutes to Fisherman's Wharf with several top cyber-security execs and for the first time a pair of undercover wireless research "workmen" come along for the ride.
The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for US$ 5 million (£3.8 million) in an attempt to recoup money the credit union lost due to Sonic's data breach in 2017.
Nation-state actors may not have brought the same chaos and disruption to bear during the 2018 midterms as Russian operatives did in the 2016 presidential election, but the US is still under a relentless onslaught of cyber-attacks.
SC Media US Executive Editor Teri Robinson interviews Venafi Vice President of Security Strategy and Threat Intelligence Kevin Bocek on SSL/TLS certificate marketplaces on the dark web.
The explosion of IoT devices across the world, both consumer-oriented ones and the ones used by enterprises, has resulted in attackers shifting their tactics and targeting these devices regularly to breach industrial control systems.
Security researchers have discovered a re-emerging international phishing campaign that delivers Ramnit Worm/Botnet malware targeting financial organisations in Asia which it believes is heading for the UK as well.
For the past six months the US National Security Agency has not been collecting metadata on Americans' calls and texts domestically, marking the quiet end to a controversial surveillance programme enacted by the 2001 Patriot Act.
WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyber-attacks in 2018, according to a new Sucuri report.
A newly discovered and heavily exploited Docker host vulnerability has allowed hundreds of websites to be illegally accessed and injected with a cryptocurrency miner.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout
Why do cyber security breaches continue to dominate the news headlines?
Brought to you in partnership with CrowdStrike