News


  • More data lost or stolen in first half of 2017 than the whole of last year

    September 20, 2017

    More data records have been lost or stolen during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion). Digital security company Gemalto’s Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are lost or stolen every day. During the first half of 2017 there were 918 reported data ...

  • Banker helped gang launder £16m for cybercriminals

    September 20, 2017

    A gang of five men, including a corrupt banker, have pleaded guilty to their part in laundering more than £16m for international cybercriminals. Using their man on the inside at Barclays, the gang set up around 400 bank accounts over a three-year period, according to the UK’s National Crime Agency. They shuffled stolen funds through these accounts ...

  • Attackers Use Undocumented MS Office Feature to Leak System Profile Data

    September 18, 2017

    An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first ...

  • Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads — 2.3 Million Infected

    September 18, 2017

    Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast’s own figures, 2.27 million ran ...

  • NCC hires three Bank of England cyber experts to beef up assurance business

    September 15, 2017

    Three of the Bank of England’s cyber specialists have joined NCC Group to lead a newly established threat assurance unit at the UK-based security consultancy firm. In their new roles within NCC’s new Centre for Evolved Next-generation Threat Assurance (CENTA), Phillip Larbey, Anthony Long and Fiona Paterson will be advising governments, regulators and regulated institutions on ...

  • Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked

    September 15, 2017

    OurMine is in headlines once again—this time for breaching the popular video streaming service Vevo. After hunting down social media accounts of HBO and defacing WikiLeaks website, the infamous self-proclaimed group of white hat hackers OurMine have hacked Vevo and leaked about 3.12 TB worth of internal files. Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu ...

  • Future Navy Accident Investigations Will Look for Cyber Attacks

    September 15, 2017

    Rampant internet speculation aside, there’s no evidence yet that any hostile electronic breach led to recent U.S. Navy mishaps, according to the admiral who leads the service’s cyber operations. In fact, it was mostly to put such speculation to rest that Vice Adm. Jan Tighe said she dispatched a small team to join the Navy’s investigation into the Aug. ...

  • Federal CISOs want more education and training to help boost incident response

    September 13, 2017

    Federal CISOs agree that investment in workforce training and education is the key to increasing incident response capabilities. If budgets weren’t an issue, Department of Homeland Security CISO Jeffrey Eisensmith said during a panel on CISO priorities for 2018 at the Sept. 13 Billington Cybersecurity Summit in Washington, D.C., he would put a “significant investment in ...

  • Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

    September 13, 2017

    The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due ...

  • Immediately Patch Windows 0-Day Flaw That’s Being Used to Spread Spyware

    September 13, 2017

    Windows 0-Day Flaw Get ready to install a fairly large batch of security patches onto your Windows computers. As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products. The latest security update addresses ...

  • Zerodium Offering $1M for Tor Browser Zero Days

    September 13, 2017

    The exploit acquisition vendor Zerodium is doubling down again. Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser. The company said it will pay up to $1 million for fully ...

  • BlueBorne: Critical Bluetooth Attack Puts Billions of Devices at Risk of Hacking

    September 12, 2017

    If you are using a Bluetooth enabled device, be it a smartphone, laptop, smart TV or any other IoT device, you are at risk of malware attacks that can carry out remotely to take over your device even without requiring any interaction from your side. Security researchers have just discovered total 8 zero-day vulnerabilities in Bluetooth ...

  • D-Link router riddled with 0-day flaws

    September 12, 2017

    A security researcher has shamed D‑Link by publicly disclosing 10 serious, as-yet unpatched vulnerabilities in a line of consumer-grade routers without notifying the vendor first. Security researcher Pierre Kim went public on a series of flaws in D‑Link DIR 850L wireless AC1200 dual-band gigabit cloud routers without disclosing the issue to D‑Link beforehand because of a ...

  • Android Users Vulnerable to ‘High-Severity’ Overlay Attacks

    September 9, 2017

    Security researchers warned of a high-severity Android flaw on Thursday that stems from what they call a “toast attack” overlay vulnerability. Researchers say criminals could use the Android’s toast notification, a feature that provides simple feedback about an operation in a small pop up, in an attack scenario to obtain admin rights on targeted phones ...

  • Equifax hack: Britons among 143 million people to have their details compromised

    September 8, 2017

    Credit agency Equifax has admitted that data from 143 million customers may have been compromised in a security breach earlier this year. US, UK and Canadian residents are among those to have their details accessed through a website application vulnerability. The attack was discovered to have run from mid-May until 29 July, but the US company has ...

  • Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities

    September 7, 2017

    The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

  • Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

    September 7, 2017

    Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 10 as well. “The bug is a programming error ...

  • Cyber alert – EU ministers test responses in first computer war game

    September 7, 2017

    European Union defence ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc’s military missions abroad. In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media ...

  • Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound

    September 6, 2017

    What if your smartphone starts making calls, sending text messages, and browsing malicious websites on the Internet itself without even asking you? This is no imaginations, as hackers can make this possible using your smartphone’s personal assistant like Siri or Google Now. A team of security researchers from China’s Zhejiang University have discovered a clever way of ...

  • Multiple Vulnerabilities Found in NVIDIA, Qualcomm, Huawei Bootloaders

    September 6, 2017

    Six exploitable flaws in chipsets used by Huawei, Qualcomm, MediaTek and NVIDIA were found in popular Android handsets, according to a report by University of California at Santa Barbara computer scientists. Each of the flaws exist in phones sold by Huawei, Sony and Google, and are tied to each of the phones’ bootloader firmware. The vulnerabilities ...