Industry News



27.02.15 - TalkTalk: 'Hackers stole customers' personal details – two months ago'
TalkTalk has finally confirmed in an email to customers that their personal details were compromised in a successful hack perpetrated at the end of last year. Personal data stolen from TalkTalk in the attacks included names, addresses, phone numbers and account numbers. Furthermore, the company has admitted that the information has been used in cases of attempted identity theft with scammers using the data to try and get bank account, credit card details and other information from customers.
26.02.15 - Europol, Microsoft and Symantec take down Ramnit botnet
The Ramnit botnet, which had infected 3.2 million computers around the world, has been taken down in a coordinated joint international operation by Europol's European Cybercrime Centre and a number of high-profile internet and web security firms. Ramnit was used by cyber criminals to gain remote access to computers, infecting them by disabling anti-virus protection and enabling the theft of personal details including banking information and passwords.
26.02.15 - State breakdowns: Anthem breach by the numbers
While a whopping 78.8 million consumers may have had personal information viewed by “hackers who had accessed our database,” an Anthem spokesperson confirmed in a statement emailed to SCMagazine.com on Thursday, about 60 to 70 million individuals are current or former Anthem members.
26.02.15 - Google steps up its BYOD game; looks to secure more than a billion mobile devices
On Wednesday, Google officially launched Android for Work, which was announced last June at its I/O conference. The aim is to offer businesses a stopgap that addresses BYOD needs, including secured access to sensitive data and OS fragmentation. There are more than a billion people using an Android device right now, and a good portion of them are on the corporate network somewhere in the world. Each day these employees manage their workloads on the same device they use for social media, dating, and entertainment.
26.02.15 - Botnet of Joomla servers furthers DDoS-for-hire scheme
Researchers have uncovered a distributed denial-of-service (DDoS) attack campaign that takes advantage of Joomla servers with a vulnerable Google Maps plug-in installed. Akamai's Prolexic Security Engineering & Research Team (PLXsert) worked with PhishLabs' Research, Analysis, and Intelligence Division (R.A.I.D) to analyze malicious traffic coming from multiple Joomla websites, a threat advisory (PDF) issued Wednesday said.
25.02.15 - ICO fines hacked insurance firm £175,000
The Information Commissioner's Office has handed out a £175,000 fine to Staysure.co.uk after the insurance company's data breach last year, which saw an unidentified hacker compromise 5,000 customers and access up to 110,000 live credit card details. Following the breach in October, the ICO has investigated the company's IT security practises and found that hackers had potential access to up to 110,000 live credit card details – including the three-digit security numbers (which should not be stored) – as well as customer medical records.
25.02.15 - Gemalto: NSA and GCHQ probably did hack us, but there was no massive leak of encryption keys
SIM card maker Gemalto has confirmed that its network was hacked - probably by the NSA and GCHQ - but said the breach could not have resulted in a massive theft of encryption keys. A story published by The Intercept - based on documents from NSA-contractor-turned-whistleblower Edward Snowden - claimed that a team made up of NSA and GCHQ staff hacked into Gemalto's network to try steal encryption keys used to protect the privacy of mobile communications. The attack is particularly noteable in that Gemalto was not the final target: the target was the users of mobile phones which used its technology, and raises questions about the behaviour and methods of the intelligence services.
25.02.15 - Malware on Lime Crime website, payment cards compromised
Cosmetics company Lime Crime is notifying an undisclosed number of customers that unauthorized access was gained to its website server and malware designed to intercept customer data, including payment card information was installed – from October 2014 to February. How many victims? Undisclosed. What type of personal information? Names, addresses, card account numbers, expiration dates, security codes and Lime Crime website usernames and passwords.
25.02.15 - Bug in popular WordPress plugin opens up websites to SQL injection attacks
A popular WordPress plugin that has more than 1.3 million downloads contains a vulnerability that can be exploited to perform SQL injection attacks against vulnerable websites, according to researchers with Sucuri, who consider the issue to be a very high security risk. The vulnerability exists in versions 3.9.5 and lower of the Slimstat web analytics plugin for WordPress, Marc-Alexander Montpas, senior vulnerability researcher with Sucuri, wrote in a Tuesday blog post. He urged all users to upgrade to version 3.9.6 immediately due to the severity of the issue.
25.02.15 - Not even GCHQ and NSA can crack our SIM key database, claims Gemalto
SIM card manufacturer Gemalto has given more details of what it understands is behind the reports that GCHQ and the NSA got their mitts on the encryption keys for its SIM cards. As we reported earlier, the company says it detected intrusions and prevented them, and that at no time were the systems which held information on the keys penetrated. If an intercept took place, it would have been when an actor listened into Gemalto's comms, the firm claims.
24.02.15 - Business disruption cyber attacks set to spur defence plans, says Gartner
By 2018, 40% of large organisations will have formal plans to address aggressive cyber-security business disruption attacks, up from 0% in 2015, according to research firm Gartner. Business disruption attacks require a higher priority from chief information security officers (CISOs) and business continuity management (BCM) leaders, the Gartner said.
24.02.15 - California dentist announces theft of server containing patient information
The office of a dentist in California, Cathrine Steinborn, was burglarized and a server containing patient and responsible party information – including Social Security numbers – was stolen. How many victims? Undisclosed. What type of personal information? Names, addresses, dates of birth, telephone numbers, Social Security numbers, dental and/or medical insurance information, health background information, treatment information, and billing information.
24.02.15 - Breach affects 10K motorists in U.K.
Nearly 10,000 motorists in the U.K. could be impacted by a breach that exposed details of their parking tickets online. A backdoor into a database belonging to PaymyPCN.net, which has reportedly collected parking fines for two decades and is linked to the Driver and Vehicle Licensing Agency (DVLA) database, allows the public to access information, including names and addresses, according to a report by Sky News.
24.02.15 - Businesses should not wait for EU data protection law, says PwC lawyer
Businesses waiting for the EU General Data Protection Regulation (GDPR) before taking action have already missed the boat, according to partner at PwC Legal, Stewart Room. Versions of the new European Union data protection regulation to replace the outdated 1995 directive have been approved by the European Commission and the European Parliament.
24.02.15 - CISOs: Our Organizations are Wide-Open for Cyber-Terrorism
A majority of CISOs foresee cyber-terrorism and cybercrime posing significant risks to their organizations over the next three years. The Global Megatrends in Cybersecurity 2015 survey from the Ponemon Institute found there to be a disturbing lack of resources and a critical disconnect between CISOs and senior leadership at work. In and of themselves, these points are new issues, but against the growing threat landscape, the fact that they are preventing companies from adequately addressing cybersecurity threats will have real consequences.
23.02.15 - BT Tower hosts simulated cyber-attack
The London BT Tower, probably the most high profile communications target in the UK, whose public gallery was closed to avoid terrorist attack, was the venue for a simulated cyber-terrorist strike on Saturday, testing the ability of amateur contestants to win back control of a large building's power supply from hackers. The cyber-attack simulation mimicked sophisticated cyber-crime groups using Heartbleed and Shellshock type cyber-attacks. Defence efforts using crime-fighting tools ranging from cryptography to advanced penetration testing packages such as Kali-Linux, were assessed by experts from organisers Raytheon UK, as well as GCHQ, the National Crime Agency, BT, C3IA and Airbus Group
23.02.15 - Leaky battery attack reveals the paths you walk in life
More than 100 mobile apps leak users' location regardless of whether they opt to keep the information private, according to researchers. Power consumption data is the source of the leaks, which make it possible to determine users' whereabouts with 90 percent accuracy. A quartet from Stanford University and Israeli defence contractor Rafael developed an app called PowerSpy to demonstrate the leak.
23.02.15 - Parents ‘want kids taught digital skills’
Parents ‘want kids taught digital skills’ More three quarters of Australian parents think that digital skills and computer programming should be integrated into school curriculums, says the AIIA. The Australian Information Industry Association (AIIA) has published a Digital Skills and Careers Report, in collaboration with National ICT Australia (NICTA) and the Australia Computer Society (ACS). The research was conducted by Newspoll.
23.02.15 - Organisations address virtual server backup but disaster recovery top priority in 2015
UK IT departments are increasingly able to say “job done!” when it comes to virtual server backup. At the same time, the number of disaster recovery, cloud storage and solid-state flash storage deployments continue apace. Those are the findings of the ComputerWeekly.com/TechTarget IT Priorities Survey for 2015, which questioned 111 UK IT professionals about their planned IT spending priorities for 2015.
23.02.15 - UK businesses' IT services better off in India than the cloud
UK businesses have yet to be convinced of the benefits of cloud computing, we continue to outsource the IT, according to a major global survey by KPMG. The annual Service provider and performance satisfaction study from KPMG looked at 2,100 global contracts worth £7.8bn, including 313 the UK. 44792_KPMG.jpg According to the study, 71% of UK businesses only spend 10% – or even less – of their IT budget on cloud services. Most are still outsourcing the traditional way, with India the favourite destination for IT services, according to 51% of UK companies. Poland was the next favourite with South Africa, both preferred by 8%.
23.02.15 - Legacy vulnerabilities easy route for hackers
Legacy vulnerabilities in older code are becoming increasingly big risks to corporations as attackers are zooming in on unpatched and largely forgotten issues, according to HP's Cyber Risk Report. HP's report highlights that push and pull between Google and Microsoft over vulnerabilities. Google has outed Microsoft issues before it could issue a fix to customers. However, Google's point is that Microsoft needs to step up the pace.
23.02.15 - Gemalto: Our SIM cards are secure, despite NSA hack claim
SIM card maker Gemalto has said its products - which are used in mobile phones, bank cards, and passports - are secure, despite claims that the NSA and GCHQ hacked its network to steal encryption keys in an attempt to eavesdrop on mobile phone conversations around the globe. A story published by The Intercept - based on documents from NSA-contractor-turned-whistleblower Edward Snowden - claimed that a team made up of NSA and GCHQ staff hacked into Gemalto's network to steal encryption keys used to protect the privacy of mobile communications by billions of people.
21.02.15 - Lenovo admits security issues with Superfish, releases removal tool
After playing a dead bat and attempting to push the perception that Superfish was not a security concern, Lenovo has admitted that it was caught napping on the security implications of preloading a piece of adware that installed its own self-signing man-in-the-middle proxy service that hijacked SSL/TLS connections. "We did not know about this potential security vulnerability until yesterday," Lenovo said in a statement released on Saturday, Sydney time. "We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it."
20.02.15 - US and UK accused of hacking Sim card firm to steal codes
US and British intelligence agencies hacked into a major manufacturer of Sim cards in order to steal codes that facilitate eavesdropping on mobiles, a US news website says. The Intercept says the revelations came from US intelligence contractor turned whistleblower Edward Snowden
19.02.15 - Wearables Evolving to Combine Fashion and Function
The intersection of fashion and fitness is the new frontier of wearable technology, a panel of fashion designers and tech experts said at the FastA/W15 event during MADE Fashion Week in New York City. The wearables market, which is quickly expanding, is well on its way to marrying smart tech with fashion. According to Gartner, 30 percent of smart wearable devices will be inconspicuous to the eye by 2017. But as developers and designers continue to make progress, the industry still has its challenges.
13.02.15 - Barack Obama to host cyber crime summit in Silicon Valley
US president Barack Obama is to meet representatives of the world’s largest companies, the US Secret Service, the FBI and the UK’s National Crime Agency today (13 February 2015) to discuss how to tackle cyber crime. The meeting follows a bad year for information security with several high-profile data breaches in the US and comes amid growing fears of the global economic impact of cyber crime estimated at around $445bn a year.
13.02.15 - 16 million mobile devices hit by malware in 2014: Alcatel-Lucent
French telecommunications equipment company Alcatel-Lucent has published a report compiled by its Motive Security Labs division, which found that malware infections in mobile devices increased by 25 percent in 2014, compared to a 20 percent increase in 2013. According to Alcatel-Lucent, the current malware infection rate for mobile devices stand at 0.68 percent, a figure which the company's Motive Labs used to estimate that around 16 million devices worldwide were likely to have been infected by malicious software as at the end of 2014.
12.02.15 - Mobiles and POS systems to top cyber hit list, says Verisign
Cyber-criminals will ramp up attacks on mobile devices and point of sale (POS) systems, according to the 2015 cyber trends and threat analysis by Verisign iDefense Security Intelligence Services. This is one of 10 predictions made by the iDefense analysis to help cyber security and business operations teams plan their response to the most critical cyber threats and trends affecting their enterprises.
12.02.15 - Scottish companies warned over 'insider threats'
Scottish companies are being warned to do much more to tackle the threat posed to their security by "corrupt and careless" employees. The warning will be made at Scotland's first national Insider Threat conference, organised by the Scottish Business Resilience Centre (SBRC). The event will hear that 85% of fraud is committed by past and present staff.
12.02.15 - Cyber attack takes down Dutch government sites
A cyber-attack took down most of the Dutch government's websites on Tuesday, it has been confirmed. The attack, which also took down some private sites, highlighted the vulnerability of public infrastructure. It came as the US beefed up its defences, and followed warnings that sites belonging to the French authorities had been targeted. Dutch MPs demanded that the government ensures state sites were capable of withstanding similar attacks in future.
12.02.15 - Forbes 'watering hole' attack the work of Chinese state cyber espionage, claim researchers
A "watering hole" attack on Forbes.com, one of the world's most popular news websites, which exploited zero-day vulnerabilities in Adobe Flash, was the work of Chinese state espionage organisations, according to an analysis by security services company iSight. Following the attack, which lasted from 28 November to 1 December last year, the company claims that US defence contractors and financial services companies were subsequently attacked as a result.
11.02.15 - DDoS attack leaves Dutch websites offline for hours
People in the Netherlands with government-related business to take care of would probably agree that yesterday was not the best of days to do it. In what initially appeared to be a simple glitch, all Dutch government websites went down on Tuesday morning, only coming back up more than twelve hours later. Initially, it was thought that the cross-site outage was related to problems with the fibre broadband network, since, as well as the government websites, several other big Dutch sites went down - and they were all hosted by the same company, Prolocation.
10.02.15 - Rise of the machines: Samsung TVs are spying on you, hacked vehicles put 'our lives at risk'
Samsung has admitted that its voice-activated Smart televisions may be able to record sensitive information from users, while fresh fears have arisen that security weaknesses in Internet of Things-equipped vehicles may leave them wide open to software hacks. The small print in the privacy policy in models of Samsung's Smart TVs that feature voice activation reveals that the devices may record background conversations between commands and that this data is sent to a third party. A user's television could therefore potentially record details of passwords or bank accounts and send them to a third party.
10.02.15 - Hackers will target online NHS medical data, warns ICO
Cyber attacks and ID theft will increase as patient data is made digital and accessible online, the Information Commissioner's Office (ICO) has warned. Dawn Monaghan, public sector group manager at the ICO, said that the goal of sharing patient data across the health service puts personal information at greater risk from hackers. "I would suggest that the cyber security and ID theft side of things will start to come up the pile in healthcare when you get proper online access to information," she said at a Westminster Health Forum event attended by V3.
09.02.15 - Security Think Tank: Lessons to be learned from Sony breach
While there is still some debate around how the attack on Sony was facilitated, what we do know is an attack this successful and of this magnitude will have required significant preparation and planning. It would appear that one of three things has transpired – either it was facilitated by the acts of a malicious insider or ex-insider; it was a non-malicious insider or human error; or it was successful because of poorly configured, patched and locked-down networks.
02.02.15 - Advent IM Recognised as Cyber Security Solution Supplier to HM Government
Holistic Security Consultancy and member of the Malvern Cyber Security Cluster, Advent IM Ltd, have today announced their confirmed status as Cyber Security Solution suppliers to HM Government. Advent IM today announced their confirmed status as Cyber Security Solution providers to HM Government, following their longstanding and successful supplier relationships with several government departments. The scheme is administrated by the Department for Business, Innovation & Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, enables the Government’s plan to work with more SME’s and also supports the export of UK cyber security expertise.
30.01.15 - Selling passwords for $150, and other dumb ways users threaten corporate security
Corporate passwords for sale, $150 OBO. That, apparently, is how little some employees may take in exchange for compromising their company's security. SailPoint’s Market Pulse Survey, compiled from responses from 1,000 workers from large companies with at least 3,000 employees, offers vivid examples of how easily one person can create a lot of risk—and why passwords alone are simply inadequate.
30.01.15 - Cybercrime: protect your business from these common hacks
Cyber attacks are frequently in the headlines – recent high-profile targets include Sony, with its spoof movie about assassinating a dictator. But it’s not just the business behemoths that need to prepare against hackers. In fact, nine in 10 SMEs say cybercrime is their top business concern, new research will show.
30.01.15 - Global DDoS attacks increase 90 percent on last year
Akamai Technologies' Q4 2014 State of the Internet - Security report has found that the number of distributed denial-of-service (DDoS) attacks nearly doubled since 2013. The report (PDF) showed DDoS attacks increased by 90 percent from Q4 2013, and increased by 57 percent compared to the last quarter. There was also a 52 percent increase in average peak bandwidth of DDoS attacks compared to Q4 2013.
29.01.15 - How three small credit card transactions could reveal your identity
Just three small clues—receipts for a pizza, a coffee and a pair of jeans—are enough information to identify a person’s credit card transactions from among those of a million people, according to a new study.
29.01.15 - The Future of Wearables Isn’t a Connected Watch
At Intel’s big Make It Wearable competition in San Francisco late last year, the theme of the day was “no way.” As a parade of entrepreneurs took the stage to promote their Next Big Things, the phrase erupted in my brain again and again. A glove that tracks workers’ movements on a factory floor? No way. A turtle-shaped bionic baby that new mothers, whose premature infants have to stay in incubators, wear on their chests? No way. A drone that attaches to your arm, flies off when you flick your wrist, hovers, and snaps a selfie? I mean, come on!
29.01.15 - Zeus variant targeting Canadian banks, U.S. banks may also be a target
A new variant of the nefarious Zeus trojan is targeting a number of banks in Canada, including Bank of Montreal, Royal Bank of Canada, and National Bank of Canada, according to SentinelOne.
29.01.15 - Data from death inquiries lost by Ministry of Justice
Discs containing information from three of the UK's most sensitive inquiries have gone missing after being put in the post. The material relates to inquiries into the role of the police in the deaths of three men, Mark Duggan, Azelle Rodney and Robert Hamill. Officials realised the discs were missing three weeks ago and one member of staff has since been suspended.
29.01.15 - Ofcom aims to regulate Internet of Things in the UK
Communications regulator Ofcom and the Information Commissioner's Office (ICO) are teaming up with industry and government to regulate the Internet of Things (IoT). The IoT describes the idea that billions of smart gadgets, sensors and devices are connected to each other and to the internet.
28.01.15 - Cyberthreat sharing must include strong privacy protections, advocates say
U.S. lawmakers should put strict privacy controls into planned legislation to encourage companies to share cyberthreat information with government agencies and each other, some advocates said.
28.01.15 - EU air passenger database about to take flight, but critics want it grounded
The European Commission is reportedly revving up the engines on a controversial plan to retain passenger flight data across the EU, although a prior attempt got its wings clipped due to privacy concerns. The new plan calls for a database with personal flight data such as travel dates, itineraries, ticket information and baggage information, according to a document published by Statewatch on Wednesday and described as a leaked and legitimate EC document.
28.01.15 - New Chrome extension spots unencrypted tracking
A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet. It’s hard to find a major website that doesn’t use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for those who have network-level access—such as an ISP or government—to spy on the data and use it for their own tracking.
27.01.15 - How could allowing customers to use personal hotspots pose a security risk to a business’s network?
The FCC just issued a ruling that companies like Marriott Hotels cannot block the personal WiFi hotspots of their guests. Marriott argued that by allowing guests to use their own hotspots it put their own network at risk. What risks could legitimately be posed to a network by allowing personal WiFi hotspots?
25.01.15 - Hoax call put through to David Cameron from person claiming to be head of GCHQ
A man claiming to be a hoax caller who was put through to David Cameron's phone after posing as the director of GCHQ has said he was high on drink and drugs at the time. A call to Britain's eavesdropping agency, during which a mobile phone number for director Robert Hannigan was disclosed to the caller, was followed by a hoax call to Downing Street, which saw the caller connected to Mr Cameron. The Prime Minister ended the call when it became clear it was a hoax and no sensitive information was disclosed, Downing Street said.
23.01.15 - Filtering by the back door: UK's privacy-threatening zombie leglisation revived
Proposed amendments to the Counter-Terrorism and Security Bill currently making its way through Parliament could significantly extend the government's powers of data retention and surveillance. The proposed amendments, introduced by four members of the House of Lords on Wednesday, would replicate many of the clauses of the Communications Data Bill, abandoned in 2012. The proposed amendments would open the door to the introduction of new requirements for telcos and other comms service providers to filter communications data, in order to satisfy requests from the police and "other relevant public authorities".
22.01.15 - EU wants to force internet, phone companies to turn over encryption keys
A senior European official has called on the region's leaders to force technology companies into sharing encryption keys with national authorities. The EU's counter-terrorism coordinator Gilles de Kerchove wrote in a document, leaked by Statewatch, is pushing the European Commission to adopt rules "obliging" internet and phone companies operating the region to cooperate with national authorities combating and investigating terrorism.
22.01.15 - UK businesses handing over cyber security to third parties
More UK businesses are outsourcing their IT security because budgets are not growing as fast as the security threat. A Pierre Audoin Consultants (PAC) study of 230 people at businesses with more than 1,000 staff found that the combination of increasing threats, shortage of skills and stagnant IT security budgets is pushing firms to outsource security.
22.01.15- South Korean nuclear power plant attacked by hacker
Computer systems at a South Korean nuclear power plant have been hacked, causing the company to conduct drills to test its ability to cope with a full-scale cyber-attack. Some documents belonging to KHNP - part of the state-run utility Korea Electric Power Corp – leaked online, but the organisation said there was no hacking of the nuclear reactor operations.
21.01.15 - How a 7-year-old girl hacked a public Wi-Fi network in 10 minutes - See more at: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes
Free Wi-Fi at a coffee shop or other public space is a welcome sign for millions of people everyday who want to get some work done, make a video call, or just catch up on a bit of online shopping. However, as results of a new experiment today prove, public Wi-Fi is so unsecure it can even be hacked by a seven-year-old child – and in just over ten minutes.
19.01.15 - Shoe retail chain Office decommissions servers after security breach
Shoe retail chain Office has decommissioned several of its servers that were compromised during a security breach that was first revealed in May 2014.
16.01.15 - Microsoft fumes, Google discloses another Windows security flaw
Google has discovered a bug in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1, and made its disclosure public after its Project Zero deadline of 90 days passed. The bug was found by James Forshaw, who also discovered a privilege elevation flaw in Windows 8.1, the disclosure of which drew the ire of Redmond earlier this week. Forshaw described his new issue as an impersonation check bypass that could be an issue if a service is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.
16.01.15 -Xbox And Sony Cyber AttacK: Teen Arrested
A teenager has been arrested in Merseyside following cyberattacks on Sony PlayStation and Xbox systems last year. The teenager was held today in Southport, Merseyside, after a joint British and FBI-led operation. He was arrested on suspicion of unauthorised access to computer material. He was also detained for alleged threats to kill, the South East Regional Organised Crime Unit (SEROCU) said.
15.01.15 - President Obama Is Waging a War on Hackers
In next week’s State of the Union address, President Obama will propose new laws against hacking that could make either retweeting or clicking on the above (fictional) link illegal. The new laws make it a felony to intentionally access unauthorized information even if it’s been posted to a public website. The new laws make it a felony to traffic in information like passwords, where “trafficking” includes posting a link.
15.01.15 - isky time for risk insurers as fraud threats increase
Insurers have been warned that they will collectively need to spend US$3.3 billion on information security to counter financial crimes and in the face of heightening fraud brought on by the global ‘digital revolution’. The alert comes from the latest research report by IDC which says that rigor on risk management will continue as insurers enter an era of what it calls ‘re-regulation’.
15.01.15 - Android malware encounters surged in 2014, up by 75 percent, report says
Although many U.S.-based security professionals and mobile device users might have once believed their devices were safe from malware, new research suggests that in 2014, Android mobile malware proliferated with encounter rates increasing by 75 percent over 2013.
15.01.15 - IC3 warns of payroll scam targeting university employees
The Internet Crime Complaint Center (IC3) issued an advisory on Tuesday, warning of an ongoing scam in which university employees receive phony emails about a change in their human resource status. The emails contain a link that, when clicked, directs the recipient to a website with a very similar appearance to their legitimate human resources site, the advisory indicates.
15.01.15 - Several vulnerabilities addressed in Firefox 35, some deemed critical
Mozilla released Firefox 35 on Tuesday, and it comes with fixes for numerous vulnerabilities, a few of which are deemed critical. Security researcher Nils is credited with discovering a critical ‘Gecko Media Plugin (GMP) sandbox escape' vulnerability that could enable an attacker to “escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process,” according to an advisory.
14.01.15 - Survey: most orgs not very prepared to recover IT assets following a disaster
Cloud services company Evolve IP conducted its “2015 Disaster Recovery & Business Continuity Survey” with more than 2,000 executive and IT professionals, and, in the end, learned that less than half feel very prepared to recover their IT and related assets following a disaster or other incident.
13.01.15 - UK PM looking to outlaw encrypted online communication
United Kingdom Prime Minister David Cameron will move to outlaw forms of digital communication that cannot be read by law-enforcement and intelligence agencies if he wins the next general election. Such a move could see messaging platforms that encrypt their data, including apps such as WhatsApp and Snapchat, along with Apple's iMessage and FaceTime, blocked under the proposed legislation.
12.01.15 - Obama to talk cyber with UK prime minister
President Obama and U.K. Prime Minister David Cameron will cap off the White House’s week of cybersecurity focus with a meeting to discuss anti-hacking measures, according to a British report.
12.01.15 - British Afghanistan troops' medical records lost
The medical records of hundreds of British soldiers are feared to have been lost in Afghanistan, it can be revealed. Two unencrypted laptops used by Army medics in theatre carrying the records of up to 1,300 troops were discovered to be missing in a recent equipment audit.
12.01.15 - Sussex Police Website Breach Leaves Public Email Addresses Leaked
The website of Sussex Police has suffered multiple data breaches, resulting in the leaking of e-mail addresses of officers and members of the public, the Government Computing website reported last week. The force is investigating three breaches of its external website in the attacks, which happened over Christmas. The incident may have affected up to 270 people.
08.01.15 - A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever
Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.
08.01.15 - Skype users report malicious ads on service
Skype users have reported seeing malicious adverts on the voice over IP service. According to a discussion thread, a user claimed to be “running the latest windows desktop client” yet received an advert that “will take you to a site pretending to be Adobe and try to download viruses to your machine”. Another comment claimed “the ad leads to a page that tries to initiate a download of a (supposed) Java installer”.
08.01.15 - Data Protection: Do nine-figure fines make you anxious, or are they just inconvenient?
Data protection should be very high on the agenda for every organisation at the moment. The Edward Snowden revelations have ensured that privacy and data security are already high on the agenda for members of the public.
08.01.15 - 2014 Hack Retrospective, Or Why Security Ecosystems Matter
The “Year of the Hack” will probably be one way that 2014 will be remembered. But it actually began in 2013 with a phishing email sent to independent, mid-sized air conditioning vendor Fazio Mechanical.
07.01.15 - Stealthy 'XOR.DDoS' trojan infects Linux systems, installs rootkit
A newly discovered trojan is infecting Linux systems and possibly building up an arsenal of devices to be used in distributed denial-of-service (DDoS) attacks, according to a blog post from Avast.
07.01.15 - DDoS Attacks Slam Finnish Bank
Police in Finland are investigating a series of distributed denial-of-service attacks against the country's OP Pohjola financial services group that have intermittently shut down online banking and direct debit services.
06.01.15 - Addressing Health Data Sharing Risks
As healthcare organizations step up their efforts this year to exchange more patient data with others to help improve care, it's urgent that they address the "significant risks" involved, says Erik Devine, chief security officer at 370-bed Riverside Medical Center in Kankakee, Ill.
05.01.15 - Sony's Hirai praises staff in hack, hails freedom of speech
Sony’s CEO finally broke his weeks-long silence on the hack of Sony Pictures Entertainment, saying he’s proud of its staff and partners for standing up to “extortionist efforts of criminals” and for getting “The Interview” to audiences.
05.01.15 - Gogo issues fake HTTPS certificate to users visiting YouTube
Gogo has been caught issuing a fake digital certificate for YouTube, a practice that in theory could allow the inflight broadband provider to view passwords and other sensitive information exchanged between end users and the Google-owned video service. Normally, YouTube passwords, authentication cookies, and similar site credentials are securely encrypted using the widely used HTTPS protocols. A public key accompanying YouTube's official HTTPS certificate ensures that only Google can decrypt the traffic. The fake certificate Gogo presents to users trying to access the video site bypasses these protections, making it possible for Gogo to decipher data. It has long been Gogo's policy to block access to streaming sites and other bandwidth-intensive services. A company official said the fake YouTube certificate is used solely to enforce the policy and not to collect data intended for YouTube. Security and privacy advocates criticized the technique anyway, characterizing it as heavy-handed.
05.01.15 - Free tool automates phishing attacks for Wi-Fi passwords
A new open-source tool can be used to launch phishing attacks against users of wireless networks in order to steal their Wi-Fi access keys. Gaining access to a WPA-protected Wi-Fi network can be extremely valuable for attackers because it puts them behind the firewall, in what is generally a high-trust zone. This allows them to mount man-in-the-middle attacks against the network's users to steal sensitive data and authentication cookies from unencrypted traffic.
05.01.15 - Retail cyber attacks drop by half despite rising data theft: IBM
A report released Monday from IBM security researchers suggests that, overall, cyber attacks against retailers are on the decline, even though the total amount of data compromised continues to steadily rise.
05.01.15 - iCloud hole closed following brute force attack
2015 began, predictably, with a major hack of a global service provider, when on New Year's Day a tool to hack all accounts on Apple's iCloud was announced – via a vulnerability reported today to have been fixed.
05.01.15 - Hackers can exploit free mobile apps to steal data, study shows
Hackers can access private data by exploiting vulnerabilities, mostly in free mobile apps, according to research by security consultancy MWR InfoSecurity. Code used by advertisers and third parties for tracking can be abused to access address books and text messages, and to take control of mobile devices, the study found.
05.01.15 - If you've been hacked, and nothing else is secure, you need an, err, old BlackBerry
Everyone knows that BlackBerrys were the communications system of choice of the chav-erati during the 2011 London riots. Using BlackBerry Messenger (BBM), they could securely coordinate their pillagings of the local Argos or Euronics electrical store without fear of the Old Bill listening in. Well, not until the Old Bill asked BlackBerry to help them out.
04.01.15 - UK police arrest suspected Lizard Squad member
British and US police may be closing in on cyber-vandal group that said it hit Sony and Microsoft games networks over Christmas, helped the Sony Picture hack and has launched a low-cost DDoS attack tool. UK police arrest suspected Lizard Squad member UK police arrest suspected Lizard Squad member Thames Valley police have arrested a 22-year old man from Twickenham who is reportedly a leading member of the Lizard Squad group of hackers.
31.12.14 - Google researcher exposes unpatched Windows 8.1 security flaw
A Google researcher by the name 'forshaw' found and reported a privilege escalation bug in Windows 8.1. Forshaw even reveals a PoC (Proof of Concept) program for the Windows 8.1 weakness. In it, forshaw details how to take advantage of the Windows 8.1 bug:
24.12.14 - Will the EU data protection regulations shoot down cloud social media and big data?
When the European Union Data Protection Protection Directive was passed in 1995, the concepts of data, data privacy and storage, and the potential for misuse of that data were very different. The internet, furthermore, was still young and the Directive, in any case, was largely based on the UK's own Data Protection Act of 1984.
19.12.14 - US to Increase Levels of Security Screening at Cruise Ship Terminals
The TSP is expected to increase security at cruise ship terminals by developing a standardized list of prohibited items; developing training standards to consolidate requirements for screeners; eliminating redundancies in cruise ship security regulations and; requiring the screening of all passenger, crew, visitors’ baggage and personal items.
19.12.14 - Huge data leak sees personal details of 15,000 Hackney residents published online
Bungling council officers have also revealed the age and housing benefit entitlement of Hackney Homes tenants and leaseholders in the botched Freedom of Information request, which was inadvertently published in full on the website What Do They Know (WDTK). The private information was publicly available online for 11 days before the error was noticed on November 25 – but affected residents were only informed of the huge data breach in a letter sent out this week.
18.12.14 - The Secret World of Stolen Smartphones, Where Business Is Booming
In late May of 2012, a damaged package split open at a FedEx facility in Rancho Cordova, California, spilling dozens of boxed iPhones across the shipping room floor. A worker there contacted Apple, which, with the help of corporate security at Verizon, confirmed what FedEx personnel already suspected: The devices were contraband, likely bound for the black market. Two hours later, a man named Brian Fichtner showed up at the facility. Fichtner is thin and wiry, with the clipped demeanor of a career cop and a passing resemblance to the actor George Clooney. He has spent his entire professional life in law enforcement, first as a narcotics investigator and most recently as a member of the California Department of Justice’s elite eCrime Unit, a group tasked with prosecuting tech-related violations—identity theft, revenge porn, the large-scale smuggling of electronics.
18.12.14 - The 'grinch' isn't a Linux vulnerability, Red Hat says
The “grinch” Linux vulnerability that Alert Logic raised alarms about Tuesday is not a vulnerability at all, according to Red Hat. “This report incorrectly classifies expected behavior as a security issue,” said a Red Hat bulletin issued Wednesday, responding to Alert Logic’s claims. Security firm Alert Logic Tuesday claimed that grinch could be as severe as the Heartbleed bug and that it’s a serious design flaw in how Linux systems handle user permissions, which could allow malicious attackers to gain root access to a machine.
18.12.14 - Worst Security Breaches of the Year 2014: Sony Tops the List
As 2014 winds down, the breach of Sony Pictures Entertainment is clearly the biggest data breach of the year and among the most devastating to any corporation ever. Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end.
17.12.14 - Cyber Attacks Stop Multi-Million Dollar Poker Tournament
The idea was to host the biggest Poker tournament since Black Friday with a multi-million dollar prize pool, which was open to Americans, but for now, it will remain only an idea. Winning Poker Tournament (WPN) was forced to cancel their latest tournament a short time prior to closing the late registration, leaving the 1,937 participants with nothing except a full refund and a vague message the player's tables.
17.12.14 - London teen pleads guilty to Spamhaus DDoS
A 17 year-old Londoner has pleaded guilty to a series of denial-of-service attacks against internet exchanges and the Spamhaus anti-spam service last year. The teenager – who we cannot name for legal reasons – also admitted money laundering and possessing indecent images. faces a sentencing hearing on 9 January, a police statement confirmed:
16.12.14 - OFCOM HIT BY 1,658 CYBER-ATTACKS IN TWO MONTHS
Regulator was keen to point out that none of the attacks were successful. There were 1,658 attempted attacks on Ofcom's IT systems in October and November. These attacks comprised of 382 SQL injection attacks, 188 malware and/or viruses, and 1,088 phishing emails. The attacks on the UK regulatory body for media and communications were defined as 'detected attempts at gaining unauthorised access to the Ofcom system'.
16.12.14 - OFCOM HIT BY 1,658 CYBER-ATTACKS IN TWO MONTHS
Regulator was keen to point out that none of the attacks were successful. There were 1,658 attempted attacks on Ofcom's IT systems in October and November. These attacks comprised of 382 SQL injection attacks, 188 malware and/or viruses, and 1,088 phishing emails.
15.12.14 - Top 10 Security Stories of 2014
As usual the year has vanished even faster than the last. Christmas time is upon us so it’s time once again to look back on the most-read security articles of the year. From a news story about Google glasses to a debate about choosing the right security products and infographic on the security industry’s different disciplines, it’s a real mixed bag.
15.12.14 - Cornwall Council sent information about salaries and redundancies to wrong staff in data breach
Cornwall Council has sent personal information about its staff, including salary details and redundancy packages, to the wrong individuals. The whistleblower who reported the breach said that letters were sent to 300 staff, but despite admitting to the breach, the council has claimed that only 50 people were affected, blaming the breach on a "data transfer error".
15.12.14 - 2014 in security: The biggest hacks, leaks, and data breaches
U.S. security contractor vetting firm hit by breaches A contractor for U.S. Homeland Security suffered a data breach, leading to the leak of personal information on employees. The private company, USIS, conducts background checks on behalf of the government agency. USIS came under fire for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused the company of faking more than half-a-million background checks.
11.12.14 - HMRC blocks 4,000 phishing sites to protect taxpayers
HM Revenue & Customs has closed down 4,000 illegal websites and responded to 75,000 phishing reports as part of its pro-active technical measures to protect taxpayers from online fraud. HMRC stated it had secured web domains that could be used by criminals to send fraudulent emails to customers for the purposes of delivering malware or stealing personal information.
11.12.14 - Charge Anywhere Admits Breach May Have Given Hackers Access for Five Years
Mobile payments firm Charge Anywhere has been left rueing its decision to only partly encrypt card data crossing its network after revealing that malware on its systems may have allowed attackers to capture card details from as far back as 2009. The New Jersey-headquartered firm, which handles payments for mobile apps, websites and M-POS systems, said in a lengthy statement that it found the previously undetected malware after being alerted about fraudulent transactions that appeared on some of its customers’ cards.
11.12.14 - DDoS of unprecedented scale 'stops Sweden working'. The target? A gaming site
Much of Sweden's fixed-line broadband became collateral damage as a result of a DDoS attack on a mystery gaming site this week. While DDoS attacks are par for the course for most online businesses these days, the vast majority of these attacks don't go on to affect the broadband connections of an entire country. But that's what happened to customers of Telia, Sweden's largest ISP, for 45 minutes on Tuesday night and then again intermittently throughout Wednesday afternoon and evening. Telia hasn't said how many of its 1.2 million residential subscribers were affected by outages but has confirmed the attack knocked out fixed-line broadband, digital TV, and VoIP connections.
11.12.14 - Home surveillance CCTV images may breach data protection laws, ECJ rules
mages captured on a household surveillance camera could breach data-protection rules if the person filmed was on a public footpath when videoed, the European court of justice (ECJ) has ruled. By clarifying European legislation, the judgment could have significant consequences for householders in the UK who use CCTV and keep or try to use the images, according to a legal expert.
09.12.14 - Police Must ‘Learn How To Support Cybercrime Victims’
Professional services firm KPMG has hit out at UK police forces, suggesting they lack an understanding of cybercrime triggers and are unable to offer support to victims of online crime. On November 27, Her Majesty’s Inspectorate of Constabulary (HMIC) published a 243-page audit , which stated that law enforcement agencies are failing to get to grips with cyber crime. The watchdog also highlighted concerns over the “erosion” of basic investigative skills.
09.12.14 - Target guilty of massive $30m data breach
Retailer found responsible for huge data hack, clearing path for banks to sue Target is to blame for a data breach that saw 70 million customer records stolen a year ago, a judge has ruled, paving the way for a flurry of lawsuits from banks seeking to recover their losses
09.12.14 - Can Iran Turn Off Your Lights?
Online security company Cylance released a report last week showing that an Iranian cyber-espionage operation “Operation Cleaver” had successfully breached U.S. and foreign military, infrastructure and transportation targets. The report claimed to confirm widely-suspected Iranian hacks of the unclassified Navy Marine Corps Intranet system, NMCI, in 2013. It describes (with explicitly naming) more than 50 targets around the world, including players in energy and transportation
09.12.14 - U.K. Court Case Against Google Could Clarify Law On Private Data
The U.K. data protection watchdog, the ICO, has intervened in a court case brought against Google on privacy grounds by a group of U.K. Internet users because it is interested in how aspects of the case might help clarify questions around the jurisdiction of national data protection law vis-à-vis Internet giants, which are invariably based overseas.
08.12.14 - The role of the chief data officer – why it is a necessary one - See more at: http://www.information-age.com/it-management/skills-training-and-leadership/123458734/role-chief-data-officer-why-it-necessary-one#sthash.giZYDC4i.dpuf
The chief data officer (CDO) is a new role that seems to be springing up across enterprise companies to oversee the processes, tools and governance around use of information. CDOs have been hired at organisations as diverse as the British Army, RBS, Aviva and Havas Media, while Deutsche Bank announced JP Rangaswami, ex-BT and SalesForce, as the bank’s first CDO this month.
04.12.14 - Sites certified as secure often more vulnerable to hacking, scientists find
Seals certifying the security of e-commerce sites and other online destinations have long aroused suspicions that they're not worth the bits they're made of—much less the hundreds or thousands of dollars they cost in yearly fees. Now, computer scientists have presented evidence that not only supports those doubts but also shows how such seals can in many cases make sites more vulnerable to hacks.
04.12.14 - Q&A: Cyber security and technology risk for investment funds
FW moderates a discussion on cyber security and technology risk for investment funds between Mike Gillespie at Advent IM Ltd, Jay Leek at The Blackstone Group, Scott Loughlin at Hogan Lovells US LLP, and Brian E. Finch at Pillsbury Winthrop Shaw Pittman LLP.
02.12.14 - Uber’s Database Could Be Tempting for Hackers
Uber hasn’t looked so hot on privacy lately. Between senior executive Emil Michael suggesting at a private dinner that Uber dig up dirt on journalists, and the revelation that general manager Josh Mohrer had been disciplined by the company for privacy violations against users, November was a rough month.
02.12.14 - The 10 Biggest Bank Card Hacks
The holiday buying season is upon us once again. Another event that has arrived along with the buying season is the season of big box retailer data breaches. A year ago, the Target breach made national headlines, followed shortly thereafter by a breach at Home Depot. Both breaches got a lot of attention, primarily because the number of bank cards affected was so high—more than 70 million debit and credit card numbers exposed in the case of Target and 56 million exposed at Home Depot.
02.12.14 - The breach at Sony Pictures is no longer just an IT issue
I'm going to make a prediction. The breach at Sony Pictures has nothing to do with North Korea, aside from the fact that the destructive malware believed to be present on Sony's network is similar to the malware used in South Korea in 2013 - an incident that was blamed on North Korea.
02.12.14 - Whitelisting project helps industrial control systems owners find suspicious files
Industrial control systems have been at the center of some scary security stories recently, but investigating malware infections in such environments isn't easy because analysts often having a hard time telling good files from suspicious ones. FEATURED RESOURCE PRESENTED BY TIBCO SOFTWARE 10 Best Practices for Cloud Business Intelligence: Enabling the Business Business driven Business Intelligence (BI) and analytics represent a shift in the enterprise that is LEARN MORE Security researchers have identified two malware campaigns this year that targeted SCADA (supervisory control and data acquisition) systems -- Havex and BlackEnergy. Such attacks are expected to grow in number, as new reports show that state-sponsored hackers are increasingly interested in critical infrastructure companies.
02.11.14 - Cybercriminals turn talents to stock market manipulation
Hackers have begun to use their skills to go after a target far more lucrative than the average brick-and-mortar retailer -- instead, researchers have discovered cybercriminals tampering with the stock market. A number of high-profile cyberattacks have dominated the headlines this year. US retailer Target suffered a debilitating data breach last year resulting in millions of customer credit cards being compromised, and Staples is currently investigating a security breach which struck stores in October.
02.12.14 - Silver-tongued phish bait lures execs, hooks M&A deals
A hacking group has been stealing identity information and reading emails to get the inside edge on stock markets to buy and sell to make quick profits. Vendor FireEye reckons the group sent articulate phishing emails with malicious attachments demonstrating "deep" knowledge of financial markets and corporate communications. In one instance the attackers targeted five organisations involved in a then non-public merger, months before the deal was announced. In another, it used information gleaned from a hacked consultancy to better target that firm's clients
01.12.14 - The Next Big Cybercrime Vector: Social Media
With attacks on enterprise networks becoming more sophisticated, organizations have stepped up perimeter security by investing in the latest firewall, data protection, and intrusion prevention technologies. In response, hackers are moving to the path of least resistance and looking for new avenues to exploit. Many security experts believe the next wave of enterprise hacking will be carried out via social media channels.
28.11.14 - PUNISHMENT SHOULD FIT THE DATA LOSS CRIME
UK consumers call for hasher penalties for organisations who lose customer data. More than half of UK consumers (59 per cent) believe organisations should face harsher penalties for losing sensitive data, according to research. A survey of 1,000 consumers by market researcher One Poll, on behalf of security firm LogRhythm, found almost a quarter (24 per cent) of people feel that punishments currently levied are often unequal.
27.11.14 - Data Protection Commissioner Informed of Law School Student Data Leak
The Data Protection Commissioner has been informed of a personal data breach in the Trinity College Dublin School of Law. Personal information from Erasmus applications made in 2013/14 was mistakenly uploaded to a Blackboard folder visible to all senior freshman law students. Staff had intended to make available a document containing a list of students currently on Erasmus or exchange so as to facilitate dialogue with prospective applicants for study abroad programmes. However, the file uploaded contained personal information from previous applicants, including their exam results, corresponding student numbers, and in one instance medical notes.
26.11.14 - E-cigarette from China distributes malware to systems
Here's another reason to quit smoking. E-cigarettes made in China are being used to distribute malware via a USB hookup to users' computers, according to a blog post by a Bit4Id security expert. The chargers of the e-cigs reportedly are hard-coded with malware, a discovery made after the system of an executive who had recently quit smoking was infected.
26.11.14 - You better watch out -- online retailers' security practices under the spotlight
This time of year sees a spike in online shopping activity, but that also means added worries about how well our information is being looked after when we buy online. Password management company LastPass has put together an infographic 'naughty and nice' list looking at how online retailers store information when we shop.
26.11.14 - Cheap Android tablets riddled with security flaws, test finds
Cheap clone Android tablets of the sort that crowd the shelves of many bricks-and-mortar US stores are often riddled with dangerous but hidden security flaws, a test by Bluebox Security has found.
26.11.14 - Google new Security Tools to improve Online Security
To protect your data on the web is very important, especially while business settings. Keeping this point in mind, the group of Mountain View has announced the introduction of two features dedicated to online security, with the aim of allowing users to exercise greater control over their own identity within the web. First one is addressed to all and another is an instrument already seen in recent months, now enrolled in the program that can also be accessed by Google for work( formerly Google enterprise).
25.11.14 - Self-Protection for Antivirus Software
In science fiction films, when a space ships is attacked, its deflector shields are not merely hit by accident, rather there is always an initial targeted attack on the deflector shield generator. In the real world of antivirus software, the deflector shield generator would be the kernel of the security suite – the antivirus application itself. If the deflector shield fails, then the ship – or in our case, the Windows system – is left unprotected and easy to commandeer. Naturally, manufacturers of security packages have known about this for a long time. That is why they have devised and deployed a number of measures for self-protection. What many users do not know: Several years ago, the IT sector developed open-access protection mechanisms that programmers can use in their source code – ASLR and DEP.
25.11.14 - Hacked webcam site is another reminder to improve security online
The UK Information Commissioner Christopher Graham has drawn attention to a webcam-monitoring Russian website, which offers thousands of private video streams, raising fears of unwitting and continuous surveillance. Graham conceded that he has little legal power to close such sites.
21.11.14 - Facebook continues to be in Hangover mode
Finally, I got a reply from Facebook in wake to my previous post and my email that I had sent earlier demanding an explanation on why they have not fixed the bug which I exposed about an year ago. For the sake of context, here is the link to my original post which defaces Facebook for its sheer ignorance for user's security:
20.11.14 - Baby monitors, CCTV cameras and webcams from UK homes and businesses hacked and uploaded onto Russian website
A Russian website has been found to be hosting hundreds of feeds of live footage from inside UK homes and businesses, which have been accessed by hacking into people’s webcams, which includes CCTV cameras and baby monitors. The UK’s privacy watchdog has urged people to upgrade their passwords after the website was found to feature 500 live feeds from Britain alone.
19.11.14 - Police warn of Isis cyber attacks on city banks
Police chief cautions firms in Square Mile to prepare for cyber attack from militants Financial institutions must do more to prevent Islamic fundamentalist attacking their networks, the head of the City of London police has said.
18.11.14 - 'Serious threat' as free web apps plant Trojans and ransomware
In a 17 November blog post, Trend Micro says criminals are using the FlashPack exploit kit to target corporate users who download apps supported by adverts. The ads secretly infect victims with a range of malware and ransomware, without the users clicking on malicious links or visiting unsafe websites.
13.11.2014 - Coca Cola sued by former employee over unencrypted laptop data theft
Coca-Cola is facing a potential class-action lawsuit after one of the people whose personal data was on one of a clutch of laptops stolen from the company says he suffered identity theft as a result of the breach. Laptops thefts are a common occurrence for most large organisations but the circumstances surrounding the loss of 55 laptops over a six-year period from the drinks giant’s Atlanta office and a bottling firm it acquired were always puzzling.
11.11.14 - Security-Officer-as-a-service - what does it mean and who is it for?
The obsession with acronyms has been long-standing in the IT industry, and now, to accompany it, is the fixation on the term "as-a-service". Software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-Service (IaaS) are the three staples of this new craze, and they've been followed by the likes of Communications-as-a-service (CaaS) and monitoring-as-a-service (MaaS).
10.11.14 - Cyber criminals target travelling executives, warns Kaspersky Lab
Cyber criminals target corporate executives while they are travelling to steal sensitive data, researchers at security firm Kaspersky Lab have revealed. The researchers uncovered a cyber espionage campaign, which they believe has been active for the past four years, focusing on C-level executives connecting to corporate data using hotel Wi-Fi networks.
10.11.14 - http://itsecurityguru.org/top-ten-stories/manual-account-hijackings-small-deadly/
The number of manual account hijacking cases is small, but such incidents can be distressing to users and they can result in significant financial loss. Research by Google and the University of California, San Diego found that by analysing manual hijacking cases that occurred at Google between 2011 and 2014, there are only nine incidents per million Google users per day.
08.11.14 - What Makes a Good Security Audit?
EFF recently began a new Campaign for Secure & Usable Crypto, with the aim of encouraging the creation and use of tools and protocols that not only offer genuinely secure messaging, but are also usable in practice by the humans who are most vulnerable to dangerous surveillance, including those who are not necessarily sophisticated computer users. The first phase of this campaign is the Secure Messaging Scorecard, which aims to identify messaging systems that are on the right track from a security perspective. In subsequent phases of the campaign, we plan to delve deeper into the usability and security properties of the tools that are doing best in the Scorecard. One crucial aspect of the Scorecard and the campaign is and will be code auditing. We've gotten a lot of questions about the auditing column in the Scorecard, so we thought it would be good to expand on it here.
08.11.14 - Shropshire fire service website hacked by 'Palestine' group
It follows a similar attack on the Nottinghamshire Police website yesterday. Today the hackers, calling themselves AnonGhost, replaced the Shropshire fire service home page with a logo and a message reading: "To all Governments of the World. We are watching you, we can see what you're doing, we control you, we are everywhere.
07.11.14 - Nottinghamshire Police website hacked by AnonGhost
A police force's website has been hacked by a group claiming to be the "voice of Palestine". Nottinghamshire Police website was replaced with an image and the words Khilafah will Transform the World, while music including Mike Oldfield's Tubular Bells plays on a loop.
07.11.14 - Mark Johnson guilty of 'crippling' Home Office cyber attack
A Twitter user has been found guilty of posting a "malicious" weblink which helped bring down the Home Office website. Mark Johnson, 44, had denied posting links to his profile encouraging people to join a co-ordinated cyber attack on the page in 2012. But a jury at Birmingham Crown Court found him guilty of encouraging or assisting the hacking effort. Johnson, from Stoke-on-Trent, will be sentenced on 5 December.
07.11.14 - Manual Account Hijacking Rare, But Damaging: Google
A study released this week shows that the number of manual account hijacking cases is small, but such incidents can be distressing to users and they can result in significant financial loss. While a large majority of account hijackings rely on botnets and are automated, there are cases where attackers spend a lot of time to profile victims and maximize the profit they make without using automation, according to the study conducted by researchers at Google and the University of California, San Diego.
06.11.14 - Home Depot says 53m email addresses taken in one of largest breach in history
Cyber criminals snatched 53 million email addresses of Home Depot customers in what has been touted as one of the largest data breaches on record.
06.11.14 - Social Hacking of Support and Implementation Teams
Support, customer service and implementation teams are the human gateways into many systems. Because they are human, with regular access to some of the most sensitive information for a business, they pose a special security risk from two kinds of behaviour: malicious behaviours, intended to exploit the system in some way, and innocent behaviours, which place the system at risk as a by-product, rather than a goal. In this article, we will focus on malicious behaviours and how to defend against them.
05.11.14 - Cyber threats 2014: Remote command execution in FreeBSD
Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.
05.11.14 - Is your connected car spying on you?
Modern cars are morphing into mobile data centres - connected, clever and packed full of sensors. But are they also becoming spies in our drives? As they record almost every aspect of our journeys and driving behaviour, interacting with our smartphone apps and sat-nav systems, who will own all the data they generate, how will it be used, and will our privacy inevitably be compromised?
04.11.14 - Looking Into Living Rooms: Watch Footage Of Thousands Of Internet-Connected Cameras Online
A nightmare from the Internet of Things has arrived just in time for Christmas: images from thousands of internet-connected cameras from all over the world are publicly available, online, and ready for anyone to easily view. In September, MailOnline reported about an unspecified website that allows ‘home hackers’ to spy on people through internet-connected cameras. About a week ago, Motherboard‘s Joseph Cox also reported on the website without explicitly mentioning the website’s URL in his article. However, by linking to a WHOIS-record of the website’s domain name, Cox gave away the website’s URL. Many Dutch media are now reporting about the website and mention the website’s URL: insecam.com.
03.11.14 - 6 things we learned from this year's security breaches
According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau. And that's not counting the 1.2 billion user names and passwords reportedly stolen by Russian hackers, or the 220 million records recently discovered stolen from gaming sites in South Korea.
3.11.14 - Uncloaking the Dark Arts of Evasive Malware
With so many security breaches in the headlines ­­from Home Depot to JP Morgan to Dairy Queen, ­­it would appear that cyber­criminals are winning the arms race against security professionals. Multinational retailers and banks are generally on the cutting edge of security technology adoption in the private sector, deploying a wide range of the latest network, application, physical and policy­based security defenses across their organizations. But with so many layers of defense in place against these attackers, how do they keep getting through? And with so many breaches made possible by malware being publicly disclosed, why are they still happening?
3.11.14 - Pro-ISIS script kiddies deface West Yorkshire egg-chasers' site
Pro-ISIS script kiddies defaced the website of Rugby League team the Keighley Cougars over the weekend in the latest of a series of attacks against somewhat obscure targets.
3.11.14 - Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit
Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye.
3.11.14 - Breach fatigue: do we even need notification laws?
Across the Atlantic, 2014 has been one of the most prolific years in recent memory for serious data breaches. Mandatory notification laws were, of course, brought in a few years ago to stop this very thing – the idea being that firms would take data security more seriously if they knew it could lead to damaging media headlines. Yet as the bad publicity continues to flow for the likes of Home Depot, JPMorgan and Target, are these laws still fit for purpose, and should the EU reconsider its own plans to roll-out similar regulations?
3.11.14 - Security contractor breach not detected for months
WASHINGTON (AP) — A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government's leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries told The Associated Press.
1.11.14 - Information leak and access control bypass in WordPress WP eCommerce Plugin
Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.
31.10.14 - Man who owns a smart TV says he’s ‘afraid’ of using it after reading its privacy policy
Just like with other electronic devices that used to be “dumb,” TVs have become increasingly smart lately, but that doesn’t mean that’s necessarily a good thing, especially when it comes to user privacy. At least that’s what Brennan Center’s Michael Price seems to think after he replaced his older TV that could offer access just to TV programs with a smart TV model that also delivers “streaming multimedia content, games, apps, social media and Internet browsing.”
31.10.14 - Zero Day Weekly: CurrentC hacked, White House breached, APT28 exposed, Verizon shamed
Apple Pay rival CurrentC, the WalMart, Sears, 7-Eleven and Best Buy-backed mobile payment system, became a laughing stock in security communities worldwide when it was hacked this week.
29.10.14 - Facebook, Google, and the Rise of Open Source Security Software
Facebook chief security officer Joe Sullivan says that people like Mike Arpaia are hard to find. Arpaia is a security engineer, but he’s not the kind who spends his days trying to break into computer software, hoping he can beat miscreants to the punch. As Sullivan describes him, he’s a “builder”—someone who creates new tools capable of better protecting our computer software—and that’s unusual. “You go to the security conferences, and it’s all about breaking things,” Sullivan says. “It’s not about building things."
10.29.14 - Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.
29.10.14 - Apple Pay rival CurrentC just got hacked
On Wednesday, those taking part in the CurrentC pilot program received a warning from the consortium of anti-credit-card retailers called MCX, or Merchant Consumer Exchange: The program was hacked in the last 36 hours, and criminals managed to grab the email addresses of anyone who signed up for the program.
22.10.14 - Draft EU proposals on cyber and data breach notification: where are we now?
As reported in our first edition, there are two proposals making their way through the Brussels legislature which will change the legal landscape for the reporting of cyber attacks. These are the draft Network and Information Security Directive...
22.10.14 - Blanket care.data opt out by GPs does not breach Data Protection Act
GPs who opt all their patients out of the care.data scheme would not be in breach of the Data Protection Act, the Information Commissioner's office has confirmed, as pilot schemes begin the re-introduction of the controversial data collection scheme.
22.10.14 - SIC tightens policy following data breach
A “BLATANT” breach of data protection has resulted in Shetland Islands Council announcing that it will no longer publish individual responses to school closure proposals from members of the public
21.10.14 - ICO warns UK broadcasters over filming using drones
UK broadcasters have been warned that their use of unmanned drones for filming purposes must adhere to data protection laws.
21.10.14 - Staples investigates possible Data Breach and credit card fraud
Retailer Staples is investigating a potential data breach and compromise of customers' credit card details
17.10.14 - Hackers strike defense companies through real-time ad bidding
A major change this year in how online advertisements are sold has been embraced by hackers, who are using advanced ad-targeting capabilities to precisely deliver malware
17.10.14 - Hikvision Enhances Performance of EXIR Network Bullet Cameras
Homes, offices and small-to-medium enterprises are set to benefit from the addition of Hikvision’s advanced EXIR Bullet network cameras to its easy IP solution line-up. The DS-2CD2T series of 2- and 3-Megapixel cameras feature high-performance LED light sources and a revolutionary rectangular lens for seamless HD formatting but now boast Infrared Gain Glass for ultimate light transmittance and unparalleled levels of night-time surveillance.
17.10.14 - Plan for Saudi-Iraq Border Fence Demonstrates Strong Role for Physical Security in Middle East
Covering 560 miles of the country’s northern frontier the fence is the first stage of a border security programme launched amid growing concerns about the risk posed by the self-proclaimed Islamic State (IS) marauding across Iraq and Syria.
17.10.14 - New technique allows attackers to hide stealthy Android malware in images
A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play’s own malware scanne
17.10.14 - 6 Browser Plug-ins That Protect Your Privacy
It's no stretch to say that ads are what make the Web go 'round. The content you're reading right now? Paid for by ads. Google, Facebook, Pandora, YouTube? Driven by ads. This is not a new concept: TV and radio have relied on commercials since their earliest days. Because, let's face it, something has to pay for all the free programming and services.
17.10.14 - Facebook doubles ad-hacking bounty
Facebook has doubled the cash it will pay out to folks who report holes in its advertising code. The bounty will rise in a bid to entice hackers to report bugs found in its ads code following an internal security audit that squashed an undisclosed number of vulnerabilities.
17.10.14 - Apple patches 144 security flaws across seven products
In addition to OS X 10.10 Yosemite, Apple released a number of other software updates on Thursday, largely for security fixes: Security Update 2014-005 for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5; OS X Server versions 2.2.5, 3.3.2 and 4.0; and iTunes 12.0.1. In total, 144 separate vulnerabilities are addressed in these updates.
17.10.14 - McAfee preaches integration with updated next-generation firewall
This year marks the 25th anniversary of the firewall and McAfee has acknowledged this milestone by upgrading its next-generation firewall (NGFW), adding new levels of integration and connectivity.
17.10.14 - Microsoft releases 8 patches, including anti-Sandworm fix - get yourself covered!
Microsoft released three critical patches last night, including a fix for the flaw being exploited by the sandworm gang. As part of what it now calls Update Tuesday, Microsoft said in an advisory that the three critical-rated and five important patches will address 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET and Internet Explorer.
17.10.14 - Anonymous app Whisper denies tracking claims
The editor of Whisper, an app for people to share secrets anonymously, has angrily denied reports that it has been tracking users and sharing data.
16.10.14 - Facebook debuts Safety Check, a disaster incident check-in tool
When disaster strikes, Facebook's new Safety Check tool will enable users to report their well-being to loved ones and will apprise them of connected neighbors whose whereabouts might remain uncertain.
16.10.14 - 17 percent of European APTs now targeting UK entities
The FireEye H1-2014 EMEA Advanced Threat Report claims that malware attacks - especially advanced targeted attacks - have nearly doubled in the first half of 2014. The number of unique infections, says the analysis, has grown steadily in the EMEA area
16.10.14 - AVG’s Wi-Fi Assistant: Wi-Fi hacking and tracking protection
AVG’s well above average security products for PCs, smartphones and tablets has taken a giant leap forward into protecting you against Wi-Fi hacking and tracking by smacking hackers with a software thwacking.
16.10.14 - ICO issues privacy warning over CCTV, wearable devices and drones
Emerging surveillance technology including drones and wearable video cameras - such as that on Google Glass - must only be used by the authorities when necessary and in a proportionate manner, the Information Commissioner's Office (ICO) has warned.
15.10.14 - Information Commissioner Releases New CCTV Code of Practice
The Information Commissioner’s Office (ICO) has issued updated guidance on CCTV video surveillance today. Entitled “In the picture: A data protection code of practice for surveillance cameras and personal information”, the 44-page document sets out “good practice advice for those involved in operating CCTV and other surveillance camera devices
15.10.14 - HTTPA: New tech transforms transparency into privacy
Preserving privacy by keeping information secret isn't working. Consumers give away precious data for online baubles. Data breaches, large and small, spill data all over the Web. Marketers indiscriminiately gather details about the online lives of people in their target markets
14.10.14 - Russians Suspected in Ukraine Hack
Exploiting a flaw in Microsoft Office, a group of hackers believed to be Russians breached computers operated by the Ukrainian government, according to the cyberthreat intelligence firm iSight Partners. The breach occurred during September's NATO summit in Wales, where leaders addressed Russia's seizure of Ukrainian territory
10.10.14 - Devices being remotely wiped in police custody
All the data on some of the tablets and phones seized as evidence is being wiped out, remotely, while they are in police custody, the BBC has learned.
10.10.14 - Only 100 cybercrime brains worldwide says Europol boss
There are only "around 100" cybercriminal kingpins behind global cybercrime, according to the head of Europol's Cybercrime Centre.
08.10.14 - Web inventor Sir Tim Berners-Lee sees future of 'trackable' data
Sir Tim Berners-Lee talked up the importance of web neutrality and how 'rich and trackable' data will be essential in solving issues around online privacy.
07.10.14 - Ransomware attack knocks TV station off air
On Monday, The ABC had to suspend programming out of Sydney, Australia and move broadcasting to Melbourne after their network was targeted by Ransomware. The malware prevented normal operations, resulting in ABC News 24 going off air for just over 30 minutes.
06.10.14 - BadUSB - now with Do-It-Yourself instructions
Back in August 2014, we wrote about BadUSB. That was a paper about USB firmware hacking written by a pair of researchers from Germany and presented at the BlackHat 2014 conference.
06.10.14 - GPs could opt all patients out of care.data opt under data protection laws, information office says
GPs could opt all their patients out of care.data if they have not had time or resources available to inform their patients, the Information Commissioner’s Office has said in its strongest statement on the issue so far.
01.10.14 - Brits more likely to change their spouse than their PIN number
19% haven’t changed their PIN for 15 years or longer, while the average marriage that ends in divorce lasts just 11.5 years - See more at: http://www.information-age.com/technology/security/123458511/brits-more-likely-change-their-spouse-their-pin-number?utm_medium=twitter&utm_source=twitterfeed#sthash.2iaylbqr.dpuf
01.10.14 - Trend Micro and INTERPOL team up against cybercrime
Security software and solutions firm Trend Micro has announced a three-year agreement with INTERPOL that will see it provide tools, training and human resources to the international police organisation and its 190 member countries.
29.09.14 - Cyber security peer panel: A duty to inform
The Information Commissioner’s Office has intensified its focus on lawyers with respect to data breaches, and mandatory breach notification is on the way
28.09.14 - Media must protect multiple fronts from cyber attacks
In July, The Wall Street Journal’s Facebook page was hacked with a false report: “#Breaking: U.S. Air Force One crash feared as air traffic control loses contact with pilot over Russian air space.”
28.09.14 - Data Breaches Rise as Cybercriminals Continue to Outwit IT
Security breaches rise again this year, costing an average of $415,000, as security pros fail to keep pace with cybercrime innovation.
26.09.14 - Advent IM gain dual certifications
Today Advent IM announced its successful certification to both Cyber Essentials and IASME
25.09.14 - Angus Council worker faces action over data breach
An Angus Council benefits service worker is at the centre of “remedial” proceedings for accessing a couple’s records with personal interest.
25.09.14 - What is the Shellshock bug? Is it worse than Heartbleed?
Security experts have warned that a serious flaw could be about to affect many of the world’s web users. Here’s what you should do
25.09.14 - IC3 flags scam after branding disgruntled IT staff a 'threat'
The US Internet Crime Complaint Center has revealed that cyber criminals are posing as its employees in order to dupe the public, only a day after announcing that disgruntled IT employees posed a "significant cyber threat" to the US businesses.
24.09.14 - Home Depot Breach Said to Feed Card, Account Frauds, WSJ Reports
Home Depot Inc. (HD)’s data breach, which put about 56 million payment cards at risk, has fed fraudulent transactions that in some cases have drained money from customer bank accounts, the Wall Street Journal reported
24.09.14 - UK special envoy tasked with improving data sharing
The British government has employed Sir Nigel Sheinwald (former senior diplomat and ambassador to the US) as special envoy on intelligence and law enforcement data sharing in the UK. The move was announced in July as part of the government's plans to introduce emergency legislation to preserve data retention and investigation powers (DRIP).
19.09.14 - NATO Steps Up Private Sector Co-operation with New Alliance
The world’s largest military alliance, NATO, has announced plans for a new initiative designed to bolster co-operation with the private sector on cyber security threats.
19.09.14 - eBay takes flak for leaving rigged iPhone listing up for 12 hours
eBay's getting flak for its chilled response to a serious attack.
18.09.14 - ICO fines pass £5m, local councils and NHS worst offenders
The Information Commissioner’s Office (ICO) has issued fines in excess of £5m for data breaches since it was given this power in 2010, with local councils and NHS Trusts being the worst offenders.
18.09.14 - Card and banking fraud back on the rise again
New figures just released by Financial Fraud Action UK (FFA UK) claim to show that card and remote banking fraud increased during the first six months of 2014.
17.09.14 - Cybersecurity plans still lacking in big business, survey reveals
A survey polling 200 lsenior decision makers reveals that many large business still don't “get it” when it comes to cybersecurity. The suvey results, published yesterday by Mishcon de Reya law firm, illustrate that despite the increasing sophistication and frequency of cyberattacks, businesses remain blind-sighted, with nearly a fifth admitting that their employees are not adequately informed about cyberthreats and risks while their organisation as a whole does not have a plan in place to deal with a supply chain security breach.
17.09.14 - eBay redirect attack puts buyers' credentials at risk
EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials.
17.09.14 - Survey reveals widespread mistrust of the cloud
Seven in 10 businesses don’t trust the cloud to obey data protection laws, according to research by Ponemon
16.09.14 - No action over data breach at South Central Ambulance Service
No action is to be taken against South Central Ambulance Service (SCAS) after the personal data of staff was accidentally published online.
16.09.14 - Financial institutions suffering from global cybercrime
Organizations are reticent to reveal the severity of cyber attacks on their systems, thereby injuring their reputations, which makes it difficult to measure how serious the costs have been to businesses.
16.09.14 - UK firms to compete for £4m cyber security fund
Small businesses in the UK's technology industry are set to compete for a share of £4m as part of a new government competition to tackle cyber crime
15.09.14 - Security compliance is necessary for real-time mobile data access
http://www.itproportal.com/2014/09/15/security-compliance-necessary-real-time-mobile-data-access/#ixzz3DlhSDKLW
14.09.14 - JP Morgan the victim of an 8-week long cyber attack
New York - This summer's hackers discovered a way into the servers of mega-bank JP Morgan Chase, exposing the backdoor vulnerability to access copious amounts of customer and company data
13.09.14 - Not pro Bono: Apple's audio junk mail made spammers' lives easier
Without warning, the iPhone maker emitted Songs of Innocence with all the haste of a critical security update after the group's appearance at its Apple Watch and iPhone 6 launch on Tuesday.
12.09.14 - Yahoo 'threatened' by US government with $250,000-a-day fine
Yahoo said the US government threatened to fine it $250,000 a day if the search giant failed to hand over user data
12.09.14 - ICO warns on leaving employees walking off with company info
The Information Commissioner's Office (ICO) has warned staff that walking off with the personal information of their employer when changing jobs is a criminal offence
12.09.14 - Google Responds to Gmail Password Dump
Only a small percentage of the roughly five million password and username combinations recently dumped online would have allowed someone to access Gmail accounts, according to Google.
12.09.14 - US court claims right to British MPs' emails
In a new twist to the US Government's claim that it has the right to access data held on Microsoft servers in Dublin, British MP's emails are now revealled to be among data that could be seized.
11.09.14 - ISIS, Al Qaeda To Launch Cyber Attacks To Set Up Digital Caliphate
Extremist groups in the Middle East are reportedly preparing to launch a massive cyber attack against the United States. According to a Fox News report, leaders of Islamic State of Iraq and Syria and Al Qaeda are stepping up efforts to seek a digital caliphate. One of the jihadist leaders had allegedly hacked the Gmail account of former British Prime Minister Tony Blair.
11.09.14 - Apple Pay is a really cool way to drain your entire bank account
The new iPhone payment technology will make spending money easier than ever. And that’s supposed to be a good thing?
10.09.14 - UK a global target in phishing attacks, new study reveals
0 Ava Fedorov September 10, 2014 UK a global target in phishing attacks, new study reveals Share this article: facebook twitter linkedin google A recent study published by Proofpoint has revealed that unsolicited email destined for recipients based in the UK is over four times more likely to contain a malicious URL than in the United States, Germany or France. The study, which analysed more than one million URLs over the course of three weeks, found that on average, UK-based email recipients are twice as likely to receive malicious URLs than those in the US, and a whopping five times more likely to receive unsolicited emails containing malicious URLs than their counterparts in Germany and France.
09.09.14 - 'Kyle and Stan' malvertising attack infects millions via Amazon and YouTube
A malicious advertising network dubbed 'Kyle and Stan' has dropped malware on possibly millions of users via hundreds of websites including Amazon, YouTube and Yahoo, according to a Cisco investigation.
09.09.14 - Phishing miscreants THWART securo-sleuths with AES-256 crypto
Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites.
09.09.14 - Here are some recent data breaches from Apple Pay’s new partners
With that in mind, here are some of Apple's new Pay partners who have recently been hacked:
08.09.14 - Social media remains an easily exploitable attack surface
Twitter is one of my favorite social platforms. As a journalist, I get news from it, but I also get to interact with my peers and friends. But Twitter, like every other social platform, has an interesting attack surface; one that criminals have been exploiting for years.
08.09.14 - 'Celebgate' hackers plotted more thefts via Android Flappy Bird clone
Researcher finds more attempts to steal private photos, while Symantec spots a botnet campaign to steal Apple account data.
08.09.14 - 'Undetectable' Peter Pan computer virus threatens UK businesses
A sophisticated spam attack has raised the spectre of a new wave of undetectable viruses coming from eastern Europe
05.09.14 - Barclays bank launches biometric authentication
Barclays announced plans to launch biometric readers for customer authentication
05.09.14 - Apple promises to upgrade iCloud security after celebrity nude photos hack
Apple CEO Tim Cook has promised to improve the security of its iCloud service after more than 100 celebrities were hacked, with the attackers publishing nude photos they found on the notorious 4Chan website
04.09.14 - Smartphone users unaware of hacking risks
More than half of mobile users are unaware that hackers can take control of their smartphones, according to research by Kaspersky
04.09.14 - Nato to adopt new cyber defence policy
Nato leaders are expected to accept that there is no distinction between cyber attack and physical attack at the organisation’s 2014 summit in Wales this week.
03.09.14 - eBay glitch blocks access for users on auction site
E-retailing giant eBay's users are reporting difficulty signing in to the site from locations in India, the US, the UK and other parts of Europe
02.9.14 - Home Depot share prices fall after news of data breach
Shares fell 2.5% after the security expert Brain Krebs claimed that hackers had stolen credit and debt cards from the chain.
02.9.14 - Home Depot share prices fall after news of data breach
Shares fell 2.5% after the security expert Brain Krebs claimed that hackers had stolen credit and debt cards from the chain.
01.09.14 - Hi-tech cars are security risk, warn researchers
The most complicated computational device you own is probably not in your pocket, not mining bitcoins in the back room or nestled by the TV helping the kids "frag" their friends in eye-popping video game HD.
31.08.14 - Q&A: Improving cyber security – advice for companies
FW moderates a discussion on improving cyber security between Mike Gillespie at Advent IM, Marcus Klische at BlackBerry, Elliot Lewis at Dell, Ron Raether at Faruki Ireland & Cox, Alex Krutov at Navigation Advisors, and David Prince at Schillings.
29.08.14 - Dairy Queen Latest Retailer To Report Hack
Dairy Queen is known for its hot fries and sweet treats, but it just made cyber history as the latest victim of a hack attack Relevant Products/Services. The fast food chain has revealed that customer Relevant Products/Services data Relevant Products/Services at some of its stores may be at risk.
29.08.14 - 20% Report Child Sex Abuse Downloads at Work
While it may seem horrifying to believe, a full 20% of respondents in a recent survey of UK professionals said that they were aware that someone in their workplace had downloaded child sexual abuse (CSA) material while at work.
28.08.14 - Racing Post pulls up short on IT security
The Information Commissioner’s Office (ICO) is warning businesses that they must be prepared for a targeted attack. The warning comes as the Racing Post signs a commitment to improve its IT security practices after 677,335 accounts were compromised during a data breach in October 2013.
28.08.14 - FBI probes cyber attacks on banks
The FBI is working with the Secret Service to determine the extent of cyber attacks against several US financial institutions.
28.08.14 - Warning: Emails referring to Halix Immigration Solicitors (halixsolicitors.com) and + 44 7042061665
The SRA has received information that an individual has received an email referring them to "Halix Immigration Solicitors" and "Mr Andrew Hutton, Principal Notary".
27.08.14 - Risk of cyber attack on the shipping supply chain increasing, say experts
The threat of cyber attacks on ports, shipping terminals and carriers has increased “significantly” over the past few months, experts have warned.
27.08.14 - DDoS attack downs Twitch on news of Amazon acquisition
Just hours after Amazon announced a $970m deal to acquire Twitch, the live video platform for gamers was taken offline temporarily by a distributed denial of service (DDoS) attack.
27.08.14 - Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
The whopping 70 per cent of retail and 69 perc ent of financial services apps are vulnerable to data breaches.
26.08.14 - fines Ministry of Justice £180,000 for unencrypted data gaffe at 75 prisons
The Information Commissioner’s Office (ICO) has fined the Ministry of Justice (MoJ) £180,000 after it discovered all 75 prisons in England and Wales had been storing data on hard drives without the encryption capability turned on for more than a year.
26.08.14 - Global regulator says cyber-attack could hurt financial markets
Global market watchdog International Organisation of Securities Commissions (Iosco) has warned that the next major financial shock - or 'black swan event' - could come from a cyber-attack.
26.08.14 - Digital pirates and the growing threat of cyber-attacks to shipping
In a world where young men are willing to pounce on VLCCs using only guts, wooden boats and rusty Kalashnikovs, the threat to shipping and maritime may now also be coming in a much more subtle manner from the computer hacker
26.08.14 - Lincolnshire County Council apologises to 4,000 people over personal data breach
Lincolnshire County Council is apologising after a ‘data breach’ which led to the names and email addresses of more than 4,000 people being sent to some 250 email addresses.
26.08.14 - Phishing campaign lures victims with models' photos
New phishing campaigns are capitalizing on two female models' looks to steal Facebook login information from users
21.08.14 - City of London police to get cybercrime training
With cybercrime responsible for seven out of ten fraud offences, according to data from the National Fraud Intelligence Bureau, the City of London police force is enlisting Russia-based security vendor Kaspersky Lab to bolster its cyber-crime-fighting prowess.
20.08.14 - UPS unit warns of data breach at 51 locations
Aug 20 (Reuters) - UPS Store Inc, a unit of United Parcel Service Inc, warned of a potential data breach at about 51 of its franchised center locations in 24 states across the United States
18.08.14 - UK cyber experts star in BBC 'house of hacking horrors' test
Security experts from Sophos, NCC Group and Nettitude have taken centre stage in an experiment run by the BBC to find out how insecure smart home devices like TVs, fridges and webcams are.
18.08.14 - Data breaches impact customer loyalty
Data breaches have a significant impact on whether a customer will interact with an organisation again, according to new research from SafeNet, a data protection solutions company. The global research, which surveyed over 4,500 people across five countries - US, UK, Germany, Japan, and Australia - found that nearly 65 per cent of respondents would never, or were very unlikely to, do business again with a company that had experienced a data breach where financial data (credit card information, bank account number, or login details) was stolen.
18.08.14 - You have been hacked!
THE theft by a Russian syndicate of 1.2 billion username and password combinations from 420,000 websites around the world means that the personal details of almost half of all users of the internet must now be considered severely compromised. It can be only a matter of time before the victims find nasty surprises in their bank statements and credit-card accounts.
14.08.14 - Half of us are at risk of cyber-attacks ‘because we don’t install anti-virus software on laptops or phones’
Not installing anti-virus and security software on new devices such as laptops and mobiles means that almost half of us are at risk from cyber attacks.
14.08.14 - New report shows extent of data breaches in 2014
Data breaches, especially the large-scale attacks that see millions of customers' data stolen, are becoming more common. They can be incredibly harmful to a company's reputation, as well as potentially costing them vast amounts of money to clean up. As such, it is important to keep up with the latest research on the subject in order to stay prepared
12.08.14 - Internet hiccups today? You're not alone. Here's why
It's not just you. Many Internet providers have been having trouble as they run into long expected (but not adequately prepared for) routing table problems.
12.08.14 - Only one in 100 cloud providers meet latest EU data protection requirements
The vast majority of cloud providers are not yet prepared to meet the requirements of the new EU General Data Protection Regulation that will come into effect next year to replace the EU Data Protection Directive adopted in 1995, research has revealed.
12.08.14 - Hackers Stole 2 Million Customer Records Per Day in Q2 2014
The second quarter of 2014 saw 237 data breaches that exposed more than 175 million customer records worldwide, according to the SafeNet Breach Level Index.
11.08.14 - Def Con: The good, the bad and 'the Feds'
The kids, aged between seven and 10 or so, are sat around in a semi-circle, as if ready to hear a bedtime story.
11.08.14 - Security Think Tank: Minor failings can trigger major data breaches
A good data breach incident response plan looks like one that has never been used. By that I mean it has been created and tested but never had to be called into use because the preparation, education and testing involved in good security has been so effective.
11.08.14 - UK teens to study cyber warfare through GCHQ-backed programme
Cyber Security Challenge UK is partnering with US defence giant Northrop Grumman
11.08.14 - US Air Force cyber security competition comes to UK
A defence contractor has joined with the UK's Cyber Security Challenge to bring a US Air Force cyber competition to this side of the Atlantic.
06.08.14 - US government faces new post-Snowden leaker
The United States Government could be facing a new leak source besides Edward Snowden, after classified documents emerged this week outlining data-collecting activities relating to the nation's central counterterrorism database.
06.08.14 - Russian crime ring reportedly nabbed 1.2 billion online credentials
On the heels of the admittance of just how much the severe cyber attack on Target cost the retailer comes the revelation of what might be the largest swath of stolen Internet credentials ever.
05.08.14 - Target's data breach tab: $110 million
The Minneapolis-based retailer saw net expenses of $110 million from the data breach -- no chump change but "less bad" than it could have been, according to analysts.
04.08.14 - Warning issued over 'Backoff' point-of-sale malware
The US Computer Emergency Response Team (US-CERT) has warned of new and potentially dangerous malware that is believed to have already infected some 600 retail businesses.
01.08.14 - Backbytes: Black Hat to the NSA – 'Your name's not down, you're not coming in'
The man from the US National Security Agency (NSA) always used to get invited to the best parties. He was particularly popular for his clever mind-reading trick - no one could work out how he did it...
01.08.14 - How one judge single-handedly killed trust in the US technology industry
US Judge Loretta Preska ruled Microsoft must hand over data it stores overseas
31.08.14 - Israeli Iron Dome firms 'infiltrated by Chinese hackers'
The BBC has seen evidence that appears to confirm hackers stole several secret military documents from two government-owned Israeli companies that developed the Iron Dome missile defence system.
30.07.14 - Tor warns users it was attacked, but details on deanonymizing efforts sketchy
While the company said users of Tor should "assume they were affected," the developers of the anonymous browsing service do not yet know what "affected" means.
28.07.14 - ICO warns companies over big data initiatives
The Information Commissioner's Office (ICO) has warned organisations that their big data initiatives must operate within the bounds of data protection laws.
24.07.14 - European Central Bank hacked and blackmailed in website attack
The European Central Bank (ECB) has admitted that its website has been hacked, with unencrypted personal contact details stolen, including email and mailing addresses, as well as phone numbers.
23.08.14 - Wall Street Journal computers taken offline after cyber attack
Computers at The Wall Street Journal were taken offline after it was discovered hackers had infiltrated networks at the brand, its publisher Dow Jones & Co has said.
18.07.14 - Computers at The Wall Street Journal were taken offline after it was discovered hackers had infiltrated networks at the brand, its publisher Dow Jones & Co has said.
Britain's small businesses are "woefully under-prepared" to combat cyber attacks, despite an increasingly reliance on the mobile devices that often offer an easy entry point into organisations for cyber criminals.
18.07.14 - LinkedIn users warned of new phishing scam
LinkedIn users have been warned about a new phishing scam designed to persuade them to hand over their login details.
16.07.14 - 96% of Organizations Experienced a Serious Security Incident in the Past Year
Most enterprises lack confidence in their security measures.
15.07.14 - UK constable accused of breaching data protection law to access women’s private info
UK chief constable, Nick Gargan, is under criminal investigation for allegedly breaking data protection legislation to access personal information of younger females whom he’s accused of inappropriately propositioning.
15.07.14 Cyber security fears drive businesses to third-party payment services
High-profile breaches highlight the need for secure credit card processing
15.07.14 - ICYMI: British spies, security researchers & finding value from BYOD
This week's In Case You Missed column looks at Britain's new surveillance laws, the sacking of a security researcher and questions on BYOD management.
10.07.14 - UK leads international partnership to fight financial malware
The UK’s National Crime Agency (NCA) is leading an international collaboration between law enforcement and private sector firms to fight bank theft malware.
09.07.14 - Security Think Tank: Minor failings can trigger major data breaches
A good data breach incident response plan looks like one that has never been used. By that I mean it has been created and tested but never had to be called into use because the preparation, education and testing involved in good security has been so effective.
09.07.14 - Betsi Cadwaladr health board criticised for data breach
Sensitive medical information about patients was sent mistakenly by a health board to another patient, a data protection watchdog has discovered.
08.07.14 - Report: Financial Industry Group Pushes for Cyberwar Council
Fears of a potentially devastating cyberattack worry the financial industry, but the Securities Industry and Financial Markets Association reportedly has a plan to create a public-private council to help tackle the issue. Some former former NSA and Homeland Security heads may help.
07.07.14 - Scots firms urged to step up cyber security measures
Scottish firms are being urged to step up security measures to prevent their cyber supply chain being hacked.
07.07.14 - 'Complacency' to blame for undetected data breaches
A new study from IT governance reveals that a half of IT staff believe that their company may have suffered a data breach without it being detected.
04.07.14 - NSA 'targets' Tor web servers and users
The NSA has been targeting the Tor anonymising system to spy on its users, suggests a report.
04.07.14 - Bletchley Park cyber security centre opens
Bletchley Park, the forerunner to GCHQ and synonymous with the Enigma code breakers of WWII, opened its international cyber-security exhibition earlier this week.
03.07.14 - Euro-cops get crash course in fighting cybercrime
A collection of high-ranking police officers are being trained in how to tackle increasingly advanced cyber threats at a two-week event hosted by Europol.
02.07.14 - Cyber and data protection doesn’t feature highly for UK boards
Cyber security and data protection have been ranked third in a list of boardroom priorities.
01.07.14 - BBC finds ambulance service data breach
The South Central Ambulance Service received a Freedom of Information (FOI) request from BBC Radio Berkshire, which revealed how data was leaked on the religion, sexuality, age and insurance details of close to 3,000 members of staff.
30.06.14 - Bug Found in Android OS, 10 Percent of Users Vulnerable
IBM researchers identified a vulnerability in Android OS version 4.3. The vulnerability lies in the Android KeyStore, which holds cryptographic keys and credentials.
30.06.14 - DDoS attacks are becoming more effective
Disruptive cyber-attacks are becoming more effective at breaching security defenses, causing major disruption and sometimes bringing down organizations for whole working days, according to a new global study from BT
28.06.14 - Information Commissioner's Office Says Google Glass Wearers Will Have to Comply With Usual Rules
Google Glass is now freely-available in the UK, but the Information Commissioner's Office, the independent regulator of data protection and privacy rights, has made it clear that just because it's mounted on your face doesn't mean Glass will be getting any special treatment.
26.06.14 - Attackers fling Stuxnet-style RATs at critical control software in EUROPE
Security researchers have uncovered a series of Trojan-based attacks which have infiltrated several targets by infecting industrial control system software from the makers of SCADA and ICS systems.
26.06.14 - Average chump in 'bank' phone scam is STUNG for £10,000 - study
UK consumers have lost more than £21m to "social engineering" scams where fraudsters impersonated bank employees and tech support since the beginning of the year, according to GetSafeOnline.
13.06.14 - AT&T breach allowed customer data to be used to unlock smartphones
IDG News Service - Personal information, including Social Security numbers and call records, was accessed for an unknown number of AT&T Mobility customers by people outside of the company, AT&T has confirmed
13.06.14 - Risk & Sec Management Theatre (Day 2 Mike Gillespie -Advent IM)
Aimed at corporate end users, the Risk & Security Management Theatre allows you to earn CPD points while learning more about the key issues that you face every day
12.06.14 - Cyber crime a top fraud concern for UK business
Cyber crime is a top fraud concern for UK businesses, according to the latest EY Global Fraud Survey.
12.06.14 - Data Breach Survey: Consumers Hold Retailers Responsible, Second Only to Criminals
Majority believe that retailers should be financially responsible for fraudulent charges. One third of consumers stopped shopping at certain retailers, based on data breach concerns
12.06.14 - Information Risk Gaps Costing Firms Dear, Warns Iron Mountain
Most businesses are aware of data breach risks but don’t know how to address them, new study reveals.
12.06.14 -Online Extortion Rears its Head Prior to World Cup
An advanced cyperattack was prevented at an online gambling website recently.
10.06.14 - McAfee: £300bn annual global cost of cyber crime
Cyber crime is a growth industry worth between £220bn and £340bn every year – more than the national income of most countries in the world.
04.05.14 - Thousands of Personal Details Exposed in Latest UK Data Breach Blunders
South Central Ambulance Service and Basingstoke council under investigation by ICO after accidental leaks.
04.06.14 - Cryptolocker: Police take further action on ransomware that hit 50,000 in UK
New control servers have been identified and shut down in the last two days, but no arrests yet
04.06.14 - Life sentences for serious cyberattacks are proposed in Queen's speech
y cyberattackers who cause 'loss of life, serious injury or damage to national security' could face full sentence
02.06.14 - Basingstoke council apology over benefits data breach
A council leaked personal details of housing benefit claimants, including their dates of birth and national insurance details, in response to a Freedom of Information (FOI) request.
02.06.14 - Middle East hackers target Europe and US
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/72e919a2-e98c-11e3-bbc1-00144feabdc0.html#ixzz33URWXovD A group of Middle Eastern hackers has targeted European national governments and a major US financial institution in a recent cyber espionage campaign, according to research by FireEye, the US cyber security company.
02.06.14 - South Central Ambulance Service staff data breach
The personal data of thousands of ambulance service staff has been accidentally published online, it has been revealed.
02.06.14 - 'Two weeks' to block cyber-attack as criminal network seized
People have "two weeks" to protect themselves from a "powerful computer attack", the UK's National Crime Agency (NCA) has warned.
30.05.14 - Criminals selling dumps of stolen Steam passwords for less than £10
Gaming platform Steam is dealing with regular attacks from hackers who are stealing and selling user data, as well as malware attacks and phishing, researchers warn
30.05.14 - ICO slams Council's 'startling' data security policy, threatens court order
The Information Commissioner's Office (ICO) has criticised Wolverhampton Council's "startling" approach to data security.
29.05.14 - PayPal phishing up 73% in Q1
The April 2014 Internet threats trend report from Cyren says there was a 73 percent surge in phishing URLs relating to PayPal, which the cloud security specialist says highlights a cybercriminal shift over to attacks that generate more money.
29.05.14 - Shoe retail chain Office latest victim of security breach
High street shoe retailer Office is the latest victim of a security breach, and has urged its customers to change their passwords for the website.
29.05.14 - UK National Cyber Crime Unit open to business
The UK's National Cyber Crime Unit is open to working with business and other organisations in the private sector, says deputy director Andy Archibald.
29.05.14 - Second eBay security flaw discovered
A security researcher, who last week uncovered a vulnerability in eBay’s website that allowed hackers to steal the personal details of 233 million customers, has discovered a second vulnerability.
27.05.14 - ‘Cybercrime is a vector,’ Says FBI Director
Cybercrime cuts across 'everything the FBI is responsible for'
27.05.14 - Operation takes down crime network affecting European electronic payments
Bulgarian and French judicial and law enforcement authorities, working in close cooperation with the European Cybercrime Centre (EC3) at Europol and Eurojust in The Hague, have smashed another significant Bulgarian organized crime network suspected of a variety of crimes including electronic payment and document fraud, currency counterfeiting and drugs trafficking.
27.05.14 - Avast takes community forum offline after data breach
Prague-based antivirus company Avast said Monday it took its community forum offline after a data breach, but payment information was not compromised.
26.05.14 - Half of Britons 'wary of eBay following data breach'
Almost half of Britons are seemingly less likely to use eBay following the news that the auction service was hit by a massive data breach earlier this year.
23.05.14 - eBay faces investigations over massive data breach
The UK's information commissioner is working with European data authorities with a view to taking action against eBay over its recent data breach.
21.05.14 - As more people around the world gain access to the internet, cybercrime will exacerbate, according to the cybercrime division of Europol
As more people around the world gain access to the internet, cybercrime will exacerbate, according to the cybercrime division of Europol
21.05.14 - Newcastle man arrested in West Midlands Police international cyber-crime operation
WEST MIDLANDS Police have arrested a Newcastle man as part of their international cyber-crime operation.
21/05/14 - ICO LAUNCHES CONSULTATION TO UPDATE THE CCTV CODE OF PRACTICE
Yesterday the Information Commissioner’s Office (ICO) announced that it has launched a consultation to update the CCTV code of practice. The world that we now live in has changed immensely since the code was first published in 2000 and so it is absolutely right that we have a new code that will include guidance on everything from automatic recognition of car number plates to body worn cameras to flying drones.
20.05.14 - Retail easy pickings for hackers, says Verizon
Retailers around the world are making it easy for hackers to access their IT systems and steal lucrative financial data, says Verizon.
16.05.14 - The Cyber Security Challenge COMPETITIONS...we would like to take this opportunity to update you all on the latest intelligence regarding the group calling themselves the Flag Day Associates.
Since our 2014 Masterclass Awards were interrupted by the aforementioned collective and their threatening video, the Challenge and its partners have been working to establish a way forward.
16.05.14 - Manufacturers risking reputation by ignoring cyber security
Many small and medium sized manufacturing businesses could vastly improve their online safety and subsequently their reputation if they made cyber security more of a priority.
14.05.14 - UK organisations failing to meet basic security requirements
Organisations are risking breaches of data by not adhering to standard industry security practices according to a new report by the UK's Information Commissioner's Office (ICO).
13.05.14 - EU backs 'right to be forgotten' in Google court case
A European court has backed the "right to be forgotten" for the first time and has ordered Google to delete "inadequate, irrelevant or no longer relevant" data from search results, if demanded by a member of public.
12.05.14 - Google account passwords stolen in phishing attack
Hackers have been stealing Google account passwords in a new and better crafted phishing attack that is hard to catch with traditional heuristic detection, according to Bitdefender.
12.05.14 - 'Private' electoral roll data sold to junk mail company after software error
Supposedly private electoral roll information is suspected to have been sold to junk mail companies in a series of leaks from local authorities
08.05.14 - Despite recent breaches, many UK retailers and financial firms haven't upgraded their online security strategies
Despite a recent spate of breaches affecting their industries, many UK retailers and financial firms still aren't taking the steps they need to protect their data online, according to a study published Wednesday.
07.05.14 - Council breaks data rules over 50 times in one year
POWYS County Council has been criticised after new figures showed it was involved in over 50 breaches of the Data Protection Act in one year.
07.05.14 - Software glitch discloses Wokingham edited electoral register
Personal details of more than 18,000 Berkshire residents held by a council have been disclosed to marketing companies after a computer error.
07.05.14 - DDoS attacks increasingly used as diversions for data theft or fraud
Nearly a third of UK buinesses report DDoS incidents in 2013
06.05.14 - Data breaches: A new source of worry for CEOs
NEW YORK (AP) — Add hackers to the long list of things that give CEOs insomnia.
05.05.14 - Herefordshire Council still offers "limited assurance" over data protection
HEREFORDSHIRE Council still offers “limited assurance” over data protection despite warnings about its systems last year.
01.05.14 - Analysis of serious and organised crime threats
The National Crime Agency has published the most comprehensive public-facing analysis to date of the serious and organised crime threats affecting the UK.
01.05.14 - InfoSec 2014: 17 Percent Of All Thefts In The UK Threaten Victim Privacy
According to police records, 162,932 items of computing and communications equipment were stolen in the UK in the past year
01.05.14 - Eugene Kaspersky: major cyberterrorist attack is only matter of time
Nations must be ready for a remote attack on critical infrastructure, including power and transport systems, says security expert
30.04.14 EU AND UK PUSH NEW CYBER-SECURITY REGULATIONS
The UK is in a challenging situation. According to recent stats from a BT Business Survey...
27.04.14 - McAfee Report Claims Online Gambling Enables Cybercrime
A research paper published by McAfee claims that cybercriminals are being paid via untraceable payments performed on online gambling sites. According to the whitepaper, “Jackpot! Money Laundering Through Online Gambling”, casino operators are fueling cybercrime by making it easy to pay those involved.
22.04.14 - Cyber attacks move to cloud with increased adoption, report shows
Cyber attacks on cloud environments have almost reached the same level as attacks on traditional IT, with increased adoption of cloud-based services by the enterprise, a study shows.
22.04.14 - UK finance firms to face planned hacking
Finance firms in the UK could be attacked by ethical hackers on behalf of financial services regulators to identify weaknesses in cyber security.
22.04.14 - Data breach discovery takes 'weeks or months'
A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.
19.04.14 - HMRC 'plans to share tax data with private firms'
Taxpayers' personal data could be shared with private firms under plans drawn up by Revenue & Customs (HMRC).
17.04.14 - Security holes in power grid have federal officials scrambling
In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns.
15.04.14 - Study: 52 Percent Of Businesses Defenseless Against Cyber-Attacks
According to a recent study, 52 percent of businesses are defenseless against a cyber-attack.
15.04.14 - Harley Group surgeons: 480,000 clients at risk from cyber hackers
A leading cosmetic surgery provider has been targeted by a computer hacker who may have accessed details of nearly 500,000 people considering procedures.
14.04.14 - Canada’s tax agency and UK parenting site first confirmed victims of Heartbleed
Canada’s tax agency and a British parenting site have announced data breaches due to the Heartbleed bug affecting OpenSSL. They are the first confirmed victims of the software flaw.
14.04.14 - Canada’s tax agency and UK parenting site first confirmed victims of Heartbleed
Canada’s tax agency and a British parenting site have announced data breaches due to the Heartbleed bug affecting OpenSSL. They are the first confirmed victims of the software flaw.
14.04.14 - Government launches cyber security certification for businesses
The government has launched its Cyber Essentials scheme to provide "clarity to organisations on what good cyber security practice is" and to "set out the steps they need to follow to manage cyber risks".
11.04.14 - Business can no longer ignore cyber conflict, says report
Private organisations have increasingly become collateral damage in political conflicts, according to the latest M-Trends report on cyber threats by Mandiant, a FireEye company.
11.04.14 - Business can no longer ignore cyber conflict, says report
Private organisations have increasingly become collateral damage in political conflicts, according to the latest M-Trends report on cyber threats by Mandiant, a FireEye company.
10.04.14 - Archdiocesan data breach leads to identity theft, false tax returns
A data breach of the Archdiocese of Portland’s computer systems has led to the filing of fraudulent tax returns, according to local media reports.
10.04.14 - Police forces still struggling on cyber front
Less than 7% of police forces in England and Wales have a comprehensive plan to deal with a large scale cyber incident, reveals an official report.
09.04.14 - Heartbleed Bug: Tech firms urge password reset
Several tech firms are urging people to change all their passwords after the discovery of a major security flaw.
08.04.14 - Experts advocate public-private partnership to combat cybercrime
With the spate of sophisticated cyber attacks on the Internet at the moment, stakeholders have called for increased collaboration between government and private sector in a bid to develop an information sharing mechanism geared towards blocking rising cases of breach in national security.
08.04.14- Symantec to CISOs: Watch for the 'mega-breach'
Company releases 2013 Internet Security Threat Report, warning organizations that phishing and watering hole attacks can bury them
07.04.14 - Hackers Lurking in Vents and Soda Machines
Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.
07.04.14 Germany Investigating Data Breach Affecting 18 Million
Three million of the affected people are in Germany, meaning many others are likely impacted
04.04.14 - Hackers nab 158,000 Boxee customer passwords in massive data breach
Anyone with an account on Boxee's customer forums should immediately change their password after hackers made away with details of 158,000 people.
03.04.14 - Video: The moment a sharp-eyed student discovers the cashpoint scam-cam which just filmed his pin number
Daft crooks looking to rip off bank customers ended up filming themselves as they fitted a Birmingham cashpoint with a spy camera.
03.04.14 - Insider Leaks 1,000-page Dossier on BBC Confidential Sources
The UK’s Information Commissioner’s Office has been asked to investigate alleged breaches of data protection laws after a former employee of Films on Record leaked a 1,000-page dossier of confidential information and source material from the BBC to the Mayor of Tower Hamlets
02.04.14 - ICO says anonymous data “not covered” by Data Protection Act - until it's de-anonymised
The Information Commissioner's Office (ICO) has claimed that anonymous data is not covered under the Data Protection Act, meaning that if anonymised patient record data were to be leaked or mis-used it would not consider it against the law - if anyone found out about it.
31.03.14 - Cyber on 5 Live
Mike Gillespie, of cyber-security company Advent IM, and Stephanie Daman, CEO of the Cyber Security Challenge, spoke live on BBC Radio 5 Live about cyber security on Monday morning, March 31.
30.03.14 - Hackers hit Microsoft Word and Excel users with evolved Tor malware
Hackers are targeting Word and Excel users with a sophisticated new data-siphoning malware that hides its movements using the Tor network, according to security firm Trend Micro.
28.03.14 - Cyber security supplier to government scheme
Cyber security supplier to government scheme guidance note and application form
28.03.14 - UK: ICO Plan to 'get better results' includes new way of funding
The UK Information Commissioner's Office (ICO) launched - on 26 March 2014 - its corporate plan for 2014-2017 ('the Plan') following its consultation 'Looking ahead, staying ahead: Towards a 2020 vision for information rights' which was launched in November 2013. The Plan states the ICO's corporate objectives and details the ICO's proposed actions in achieving the objectives.
28.03.14 - Women In Security Awards - nominations now open
Nominate your candidate now. The 2014 Professional Security Magazine – Women in Security Awards are the security profession’s dedicated awards that recognise and honour the accomplishments, value and contributions of women within the wider world of security. This is their third year; the first were presented to some acclaim at the ASIS 11th European Security Conference and Exhibition in April 2012 (See Pics here)
27.03.14 - UK HealthCare Notifies More Than 1,000 Patients of Data Breach
Lexington, Ky.-based UK HealthCare is notifying 1,079 patients their personal health information has been compromised.
25.03.14 - Don’t flout data protection rules, ICO warns law firms
Personal injury firms have been warned they could face fines if they have obtained work through nuisance calls and spam texts.
25.03.14-British Pregnancy Advisory Service £200,000 data protection fine
The British Pregnancy Advisory Service has received a £200,000 fine for breaching the Data Protection Act after an anti-abortion hacker gained access to the personal details of almost 10,000 people through the charity’s website.
25.03.14 - APT attacks use 'news of doomed flight MH370'
A series of advanced cyber attacks have used the lure of news about the disappearance of Malaysia Airlines flight MH370 to infiltrate nation-state and other targets, according to FireEye
24.03.14 - Tor browser app in the Apple app store is fake
For more than two months is is present in the official App Store a fake version of the Tor Browser app. It’s full of adware and spyware.
21.03.14 - ICO decides against probe of Santander email spam scammers
Not enough 'evidence' ... while readers insist unique-to-bank addresses used
18.03.14 - New survey finds many businesses still unprepared for cyber attacks
Over 80 per cent of online businesses are not adequately prepared for cyber attacks and upwards of a third have admitted to not having any concrete plan in place for when an attack strikes.
18.03.14 - ICO Looks Into BT E-Mail Data Breach Claims
ICO looks into claims that BT exposed its users’ email accounts during platform migration from Yahoo Mail
18.03.14 - Man Held Over Morrisons Payroll Data Breach
An employee of supermarket chain Morrisons has been arrested by police investigating the theft of payroll data of up to 100,000 employees.
17.03.14 - Privacy outrage causes bank to ditch plans for targeted ads based on customers' spending habits
Dutch bank ING has stepped back from a plan that would have seen its customers' payment histories used to serve them targeted ads after consumer groups and customers objected.
14.03.14 - Morrisons payroll data stolen and published online
Data from Morrisons’ staff payroll system has been stolen, published on the internet and sent on a disk to a newspaper. The data theft included bank account details.
13.03.14 - ICO investigates BT e-mail data breaches - report
The UK Information Commissioner's Office (ICO) is investigating BT after a whistleblower provided evidence that the e-mail accounts of customers were being compromised by spammers
12.03.14 - Cardiff company fined for failing to register with the ICO
A Cardiff-based green energy deal company, Becoming Green (UK) Ltd, has been prosecuted by the Information Commissioner’s Office after failing to notify the ICO that it handled customers’ personal data.
07.03.14 - Abortion provider BPAS fined £200,000 for data breach
An abortion provider has been fined £200,000 for a data breach that revealed almost 10,000 people's details to a hacker.
05.03.14 - Target Executive Resigns After Breach
The highest-ranking technology executive at Target has resigned, the company said on Wednesday, just one week after it revealed how badly its profits had been hurt during the holiday season by an enormous breach of its system that exposed customer information
05.03.14 - UK financial firms need strict IT security, says expert, as survey finds global rise in fraud and cybercrime
Financial services firms are more likely than non-financial companies to have been the victim of economic crimes such as fraud or theft, according to the findings of PwC's latest review of global economic crime trends
28.02.14 - Briton Charged With Hacking
A 28-year-old British man has been charged with hacking into the US Federal Reserve computer servers and stealing sensitive personal information.
26.02.14 - Systems overhaul required as Treasury Solicitor's Department falls foul of Data Protection Act
Whitehall's largest legal department, the Treasury Solicitor's Department (TSol) is to improve its data protection practices after an independent investigation found it had breached the Data Protection Act four times between 2011 and 2012
26.02.14 - 'Contagious' wi-fi virus created by Liverpool researchers
A computer virus that can spread via wi-fi like a "common cold" has been created by researchers in Liverpool. In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses.
24.02.14 - Holder: Companies should disclose data breach
Many companies wary that public notification will hurt their business
24.02.14 - Forensic readiness - the new 'business continuity'
If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning.
23.02.14 - Hospital records of all NHS patients sold to insurers
Hospital records of all NHS patients sold for insurance purposes days after controversial plans to extract patient data from GP files put on hold
21.02.14 - PSN gets encryption for higher security levels
An encryption service has been announced by the Cabinet Office that will enable public sector staff to share information at the IL3 security level over the Public Services Network (PSN).
20.02.14 - Businesses ignore unknown threats despite cost, study shows
Security breaches cost UK organisations an estimated £1.5bn a year, yet many continue to disregard the next big wave of risk to IT security from unknown threats, a study has revealed.
20.02.14 - University of Maryland hackers access 300,000 records
The University of Maryland has admitted that the personal information of more than 300,000 staff and students has been accessed in a “sophisticated” cyber attack.
19.02.14 - UK firms see 1,000+ internal data breaches a day, study finds
More than 300,000 internal security breaches took place in UK businesses over the past 12 months – an average of 1,190 per working day – a study has revealed.
14.02.14 - Security Think Tank: Before cloud, engage with asset owners
Hybrid cloud or private cloud within a public cloud is an attractive proposition for any business looking to harness the benefits of cloud computing, while acknowledging the need for adequate security layering on differing types of information.
13.02.14 - Thousands hit in Tesco.com attack
Tesco has deactivated some customers' net accounts after their login names and passwords were shared online.
06.02.14 - Universities and science minister unveils £73m big data funding
The government is to plough £73m into big data. Universities and science minister David Willetts unveiled the funding at a conference on high-performance computing today.
06.02.14 - UK critical infrastructure at risk of cyber attack, says IET report
UK critical national infrastructure (CNI) is at risk of cyber attack, says a report by engineering consultancy Atkins.
05.02.14 - Bank of England publishes Waking Shark II cyber security exercise results
The Bank of England has published findings from its Waking Shark II security exercise, which tested the financial sector’s contingency plans for cyber attack.
03.02.14 - Hertfordshire County Council fears cyber attack over banned words email list
Fears of a cyber attack by hackers, or hostile foreign powers, has led a council to refuse to release a list of words banned from its emails.
30.01.14 - @N Hack: GoDaddy Admits Employee Had Been Social Engineered, PayPal Denies It
On Wednesday, we learned that a hacker managed to hijack the coveted @N Twitter username after extorting its owner into handing it over. The former owner of the account, Naoki Hiroshima, has blamed PayPal and GoDaddy for the incident.
30.01.14 - Islington man denies data breach at Royal Berkshire Hospital
A 43-year-old Islington man denied a breach of the Data Protection Act involving patient records at Royal Berkshire Hospital.
30.01.14 - Retailers at high risk of POS attacks
Vulnerable point of sale systems are giving hackers easy access to customer data, with retail organisations top of the hit list.
30.01.14 - BAFTA user data potentially stolen after website "compromised"
The British Academy of Film and Television Arts - BAFTA - has revealed that part of its website has been "compromised by illegal means" and it's not currently guaranteed that hackers haven't made off with details of individuals on the BAFTA Guru mailing list.
28.01.14 - KPMG not looking for 'wannabe Matrix hackers' to fill cyber security skills gap
‘Big Four' professional services firm KPMG's UK head of cyber security Martin Jordan says that he avoids job candidates who want to be hackers, as he believes the required skillset can be found elsewhere.
28.01.14 - One in four UK office workers don't know what phishing is
The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study.
28.01.14 - US and British spies 'get personal data from Angry Birds'
US and British spy agencies routinely try to gain access to personal data from Angry Birds and other mobile applications, a report says.
28.01.14 - Data Protection and Off Shoring Data
Some thoughts on EU Data Protection Day from Advent IM and Security Institute Director, Mike Gillespie.
27.01.14 - Thousands of Coca Cola customers compromised after laptop theft
Beverage maker Coca-Cola has confirmed that the theft of unencrypted company laptops from the firm's headquarters in Atlanta may have compromised information on approximately 74,000 customers.
27.01.14 - Police smash financial cyber crime gang targeting UK citizens
Pan-European cyber crime fighting agency EC3 has been hailed after Polish police arrested five Bulgarians accused of electronic payment card fraud targeting mainly UK citizens.
27.01.14 - Hackers infiltrate Israeli defence computer
Hackers broke into an Israeli defence ministry computer after the user clicked on a tainted email attachment containing malicious software.
23.01.14 - Wymondham College apologises over pupils' data breach
A school has apologised for a data breach in which personal information about students was sent to their teenage classmates.
20.01.14 - NHS England database raises privacy concerns
Privacy groups have raised concerns about NHS England’s plans to create a single database of medical data collected from hospitals and general practitioners
20.01.14 - Cyber security threats growing against users, companies, Cisco says
Cyber security threats continue to plague users and businesses trying to defend against increasingly sophisticated and well-executed attacks, according to the Cisco 2014 Annual Security Report. Cyber security is a major business as Cisco and other companies develop cyber security efforts to protect end-users and businesses.
19.01.14 - Police warn firms over cyber crimes
WILTSHIRE Police are urging businesses in Swindon to get ‘cyber streetwise’ this year.
17.01.14 - Corporate Android users face flaw affecting billions of devices
Corporate Android mobile phone users are warned that potentially billions of apps running on these devices could be hijacked by attackers using a vulnerability first highlighted over two years ago.
16.01.14 - 'Companies are losing the battle against cyber crime' - KPMG auditors
The number of auditors with concerns about cyber security has doubled in the last year and businesses are losing the battle against cyber crime as a result.
16.01.14 - Corporate finance community risk deals collapsing unless cyber security is ramped up, says KPMG
Responding to the publication, today, of a report highlighting cyber security weaknesses in the world of corporate finance transactions, KPMG’s regional head of cyber is urging the UK’s financial community to follow the lead of Boardroom colleagues and prioritise cyber security.
15.01.14 - Business ‘complacent’ about cyber crime and terror risks, says Aon
Cyber crime and terror risks have been severely underrated as major threats affecting businesses in today’s ‘hyper-connected world’, according to an Aon survey of insurance captive directors. - See more at: http://www.theactuary.com/news/2014/01/business-complacent-about-cyber-crime-and-terror-risks-says-aon/#sthash.aTwog2bn.dpuf
14.01.14 - Security Think Tank: Consider security training before high-end technology
In simple terms, the answer to how the Snowden revelations about the National Security Agency (NSA) and GCHQ should be influencing future information security strategies in the UK would be, not at all.
14.01.14 - Patient data could be vulnerable in new NHS database
The National Health Service is to start saving patient data onto a centralised database, but with improved manageability comes concerns over potential breaches and data losses.
14.01.14 - Hackers could compromise car safety
Internet security is becoming as much of an issue in cars as in the home or office as a result of the increasing number of models offering connectivity services.
13.01.14 - Staffs Police face data protection probe over 'drink drivers named' Twitter campaign
Staffordshire Police, who ran a Twitter campaign against alleged drink-drivers over the Christmas period by naming and shaming suspects charged with the offence, are now being investigated by the UK's information watchdog for a possible breach of data protection law.
13.01.14 - Government tells UK SMEs to be 'cyber streetwise'
The government has launched a campaign urging small and medium-sized enterprises (SMEs) to become "cyber streetwise," to reduce the risk of cyber attack
08.01.14 - Putting software security in the hands of the buyer
For far too long, businesses have been at the mercy of software suppliers for ensuring that critical applications are secure.
06.01.14 - UK insurer hacked, loses 100K customer details
Nearly 100,000 Staysure customers may have had their personal details compromised
17.12.13 - Feedback 93% of organisations suffered a data breach in 2013
Some 93 per cent of large organisations experienced a security breach last year, according to a new survey commissioned by the UK Government's Department for Business, Innovation and Skills (BIS). Read more: http://www.itproportal.com/2013/12/16/93-of-organisations-suffered-a-data-breach-in-2013/#ixzz2njI9kQOX
17.12.13 - Pay day loans company fined £175,000 over millions of spam texts
The Information Commissioner’s Office (ICO) has served the pay day loans company, First Financial, with a £175,000 penalty after an investigation discovered that the company was responsible for sending millions of unlawful spam texts
16.12.13 - Home Office Leaks Details Of More Than 1,500 Illegal Immigrants
The confidential information was visible on the Home Office website for two weeks
06.12.13 - The world's biggest data breaches and hacks of 2013
From Facebook to Adobe, 2013 has been a tough year for companies looking to defend against cybercrime
06.12.13 - NatWest online services hit by cyber attack
A deliberate attempt to disrupt services at NatWest left some customers struggling to access online banking on Friday
06.12.13 - ‘Incredible’ SBC data breach –resident claims
A Selkirk man has described his shock at receiving confidential documents from Scottish Borders Council belonging to another Borderer.
04.12.13 - Councils threatened with disconnection from PSN in escalating security row
One London council was just hours away from being disconnected from the public sector communications network, Computer Weekly has learned, in an escalating row between central and local government over security compliance
26.11.13 - NATO launches ‘largest ever’ cyber-security exercises
NATO has kicked off Cyber Coalition 2013, the largest ever exercise of its kind intended to thwart massive, simultaneous attacks on member states and their allies.
Loss of 388 Council Laptops described as 'not a big security breach'
THE loss of hundreds of council laptops potentially containing personal details of council tax payers has been dismissed as 'not a big security breach'.
22.11.13 - Anglesey Council under fire over breaches in sensitive information system
Security and storage standards relating to manual records within the council’s offices were not appropriate
21.11.13 - ICO warns firms to train temps in data protection following Great Ormond Street breaches
The Information Commissioner's Office (ICO) has warned organisations that even temporary workers need data protection training in order to properly prevent against a breach
21.11.13 - Council fined for dumping pension records in supermarket bin wins appeal
A £250,000 fine issued by the Information Commissioners Office (ICO) on the Scottish Borders Council (SBC) over a pensions data breach has been overturned.
20.11.13 - How UK banks contain threats from cybercriminals
The UK's banks are regularly being caught out by cybercriminals, BBC research suggests.
18.11.13 - A third of SMBs unaware they've been cyber attack victims
One-third of small and midsize businesses (SMBs) have no idea if the organisation has been the victim of cyber crime or malicious hackers in the past 12 months, while management in over half of SMEs don't see cyber attacks as significant risks.
14.11.13 - Hundreds of children’s details lost by teacher on unencrypted council memory stick
The £80,000 penalty served by the Information Commissioner’s Office on North East Lincolnshire Council is yet another reminder of the need to train employees about the confidentiality and protection of personal data
13.11.13 - Bank of England hosts bankers to fight cyber war at City's Plaisterers' Hall
The Plaisters' Hall played host yesterday to a number of senior bankers and Bank of England and Treasury officials in a simulated cyber war to see how the banking elite would cope in the event of a massive attack.
12.11.13 - Adobe Sued Over Latest Data Breach
SAN FRANCISCO — After acknowledging last month that hackers gained access to the personal and financial data of 38 million of its active users, Adobe Systems Inc. on Monday was targeted by a class action filed in the Northern District of California.
11.11.13 - Malware analysts regularly investigate undisclosed data breaches
ThreatTrack Security published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.
08.08.13 - Council apologises after losing package of sensitive information
Red-faced Royal Borough bosses are making their entire 1,500-strong workforce sit through data protection training after sensitive information sent from another council was lost.
08.11.13 - NSA spying poisons the cloud market
A PriceWaterhouseCoopers survey found 54 percent of German companies find the cloud risky after learning of NSA spying. An earlier study by PwC finds that 84% of CEOs are confident about cyber security. If they only knew the truth.
08.11.13 - Upsurge in CryptoLocker ransomware
The US Government's Computer Emergency Readiness Team (US-CERT) has warned of an upsurge in the CryptoLocker ransomware virus.
07.11.13 - Fear of cyber attack driving a shift from risk-based security, says Gartner
Fear of advanced cyber attacks is driving a shift from tried-and-tested, risk-based security tactics, making them more vulnerable to emerging threats, a survey has found.
06.11.13 - Adobe hack: '123456' tops list of most-used passwords
"123456" tops the list of most frequently used passwords, according to researchers analysing the data dump pulled from Adobe's servers by hackers.
05.11.13 - One quarter of data breach victims suffer identity theft
Of the 16 million people affected by data breaches in 2012, more than a quarter of those went on to suffer from identity theft, according to new research by security firm Javelin
04.11.13 - Government agency compromised by fake Facebook hottie
Using social media profiles and a photo of a real (and consenting) woman, two hackers fooled a government employer into believing she was an employee, conning them out of a company laptop, network credentials, and more.
31.10.13 - Adobe cyber attack to trigger flood of legal action, forecast lawyers
A welter of legal action could tumble out of Adobe’s admission yesterday that it had suffered a far greater breach of data security in a cyber attack earlier this month, leading technology lawyers warn.
30.10-13 - Adobe hack affects 38 million customers
Adobe's data breach is more serious than previously disclosed with 38 million customer accounts hacked
29.10.13 - North East Lincolnshire Council fined £80,000 for losing data on children with special educational needs
North East Lincolnshire Council has been fined £80,000 by the Information Commissioner's Office (ICO) for losing an unencrypted memory stick containing data on children with special educational needs.
28.10.13 - Cyber security: Lawyers are the weakest link
With threats ranging from hacktivists to Chinese spies, it’s time for law firms to get their data security act together
28.10.13 - Top City firm fights off cyber attack
A leading City law firm has fought off sophisticated cyber attacks within the last fortnight, specialists revealed – ramping up fears that hackers view legal practices as a soft underbelly route to stealing sensitive client information.
25.10.13 - ICO Hits MoJ With £140,000 Fine For Data Breach
A serious data breach has led the Information Commissioner's Office (ICO) to impose a £140,000 fine on the Ministry of Justice (MoJ). Announcing the monetary penalty, the UK data protection watchdog said the decision followed its investigation into incidents that exposed sensitive information about the inmates at HMP Cardiff.
17.10.13 - Police warning after drug traffickers' cyber-attack
The head of Europe's crime fighting agency has warned of the growing risk of organised crime groups using cyber-attacks to allow them to traffic drugs.
16.10.13 - ICO slams Royal Veterinary College for lack of BYOD policies after data loss
The Information Commissioner’s Office (ICO) has warned firms of the need to implement proper bring-your-own-device (BYOD) policies after the Royal Veterinary College (RVC) was caught out by the trend when sensitive data, which was stored on a staff-owned device, was lost.
11.10.13 - Payday loans firm rapped for failing to register with Info Commissioner
A payday loans company and its director have fallen foul of the law by failing to register with data-protection officials at the Information Commissioner’s Office
08.10.13 - Cyber crimes costs UK businesses average of £3m per year
Cyber crime costs UK organisations around £3m a year on average, the second annual Cost of Cyber Crime Study has revealed.
08.10.13 - First Financial fined
A pay day loans company based in London and its director have been prosecuted by the Information Commissioner’s Office (ICO) after failing to register that the business was processing personal information.
03.10.13 - Medical records lost on bike ride home
The Information Commissioner’s Office (ICO) has issued Cardiff and Vale University Health Board with an undertaking following a breach of the Data Protection Act.
03.10.13 Addressing the skills gap in information security
In a recent Guardian Media Network survey, we asked 450 media professionals: as an employee, what level of training do you feel you have received against cyber attacks? A remarkable 70% revealed they had received no training whatsoever – 24% answered they had undertaken basic security training, while only 6% said they had received advanced training.
02.10.13 - UK business data theft at record high
Data theft from UK companies by employees is at a record high, according to law firm EMW
01.10.13 - Hundreds of hackers sought for new £500m UK cyber-bomber strike force
The UK's Ministry of Defence wants to recruit an army of computer experts to serve as "cyber reservists" to defend national security.
29.10.13 - North East Lincolnshire Council fined £80,000 for losing data on children with special educational needs
North East Lincolnshire Council has been fined £80,000 by the Information Commissioner's Office (ICO) for losing an unencrypted memory stick containing data on children with special educational needs.
29.10.13 - North East Lincolnshire Council fined £80,000 for losing data on children with special educational needs
North East Lincolnshire Council has been fined £80,000 by the Information Commissioner's Office (ICO) for losing an unencrypted memory stick containing data on children with special educational needs.
27.09.13 - CESG advises government that BYOD is possible, but not recommended
CESG, the information security arm of GCHQ, has advised government that although Bring Your Own Device (BYOD) strategies are possible for public sector organisations, it is not recommended.
27.09.13 - UK Secretly Arrests Schoolboy Over ‘World’s Biggest Cyber Attack’
London schoolboy has been secretly arrested over the “world’s biggest cyber attack” as part of an international swoop against a suspected organised crime gang.
26.09.13 - Barclays employee fined £3,360 for illegally accessing customer data
A former employee of Barclays Bank has been fined £3,360 after being found guilty of illegally accessing a customer’s data.
26.09.13 - Human implants, drones and traffic systems could all be hacked in future, Europol warns
Cyber criminals could soon hack in to unmanned drones, traffic management systems and even medical implants causing death and mayhem, Europol has warned.
25.09.13 - Blisworth fire hits internet users '50 miles away'
People as far away as Birmingham have been left without broadband internet for five days after a fire in Northamptonshire
13.09.13 - Arrests over 'cyber plot' to steal from Santander bank
Twelve men have been arrested over an "audacious" alleged plot to steal millions of pounds from a bank by remotely taking control of a computer.
13.09.13 - Should employees be punished for sloppy cyber security? [POLL]
Should employees face any kind of penalty for poor security hygiene? what about if they have had training? Poll and article.
09.09.13 - UK ICO Criticises Elements Of The Proposed EU Cybersecurity Directive
Last month, the Information Commissioner's Office (ICO) published a response to the government's call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO's criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive
02.09.13 - Police learn how to tackle cyber crime at Napier
Police officers across Scotland are heading back to class to brush up on tackling online crime
30.08.13 - ICO fines Aberdeen City Council after social services data posted online
Sensitive information relating to vulnerable children leaked as a result of 'impractical and ambiguous' home working policy
23.08.13 - The Legal Community has Become Part of the Cyber Security Equation, “But Don’t Run Before You Can Walk,” says Global Digital Forensics Founder.
The stakes in the cyber security game have never been higher. Cyber attacks can devastate successfully targeted organizations on many fronts, from cash losses and liability concerns, to losing the trust of clients, vendors and investors, and of course, the publics’ perception of an organization’s integrity, all of which can translate directly to substantial bottom line losses, or worse.
19.08.13 - EU data breach disclosures to be enforced soon
The new European Union regulation requiring mandatory personal data breach disclosures by telecoms operators and internet service providers (ISPs) comes into force on Sunday 25 August 2013.
16.8.13 - PCI Council previews changes to data security standards
The PCI Security Standards Council is giving merchants a first look at changes that could be introduced later this year to its credit card data and payment application security guidelines.
13.8.13 - CESG launches cyber-incident response schemes to ease pressure on GCHQ
The Communications Electronics Security Group (CESG) has launched two new schemes to help organisations obtain the relevant expertise in the event that they are subjected to a cyber-attack.
13.8.13 - Two thirds of consumers don't fully understand how businesses collect and use their data
Businesses are collecting more information about individuals than ever, but almost two thirds of people aren't aware what data about them is being collected or don't know it's being collected at all.
12.08.13 - ICO to investigate London bins that track smartphones
The Information Commissioner's Office (ICO) is making enquiries into a number of bins in London that track passing smartphones to target advertising to its owners.
09.08.13 - Serious Farce Office: SFO suffers biggest-ever criminal data breach
Documents, tapes and data files from BAE Systems investigation go astray as agency blames ‘human error’
09.08.13 - ICO blog: The cost of carelessness - how stats help inform the action we take
Carelessness remains the top reason for data breach incidents according to the ICO.
08.08.13 - Companies avoid cloud due to lack of security skills
Businesses are being deterred from taking up cloud services due to a lack of security skills.
06.08.13 - Not cyber myths: Hacking oil rigs, water plants, industrial infrastructure
Security researchers explain that hacking oil rigs, pipelines, water pumps, industrial facilities, and the power grid are not myths born in the cyber-mist, but realities.
05.05.13 - IT pros' most feared breach consequence is workload
In the event of a data breach, more IT professionals are concerned with having to do more work rather than the fact that the company may lose customers, or even that they might get fired.
01.08.13 - Comment: There’s No Such Thing as Cyber War
Too often, journalists, politicians, and security professionals are quick to declare ‘cyber war’ at the earliest signs of hacking or intelligence gathering between opposing states. True war consists of tragedy and tangible, kinetic impact. It involves injury and death, not just an exchange of information.
31.08.13 - The 2013 Awards Finalists
The 2013 Awards Finalists
30.07.13 - Dating websites 'potentially in breach of data protection act', warns ICO
Four of the UK's biggest online dating websites could be in breach of the Data Protection Act over how they handle users' personal details, the Information Commissioner's Office (ICO) has warned.
30.07.13 - Security professionals report a 'significant' increase in external attacks and internal breaches
UK IT and security professionals believe that external attacks have increased significantly in the past 12 months, while more than half have reported an increased risk of internal data breaches.
22.07.13 - ICO in hot water over Google
The UK’s privacy watchdog is in trouble for letting Google off the hook over illegally collected Street View data. TechWeek has found flaws in Information Commissioner’s Office the investigation of Google’s siphoning of people’s data during its Street View rounds.
19.07.13 - ICO's £250k fine for Scottish Borders Council overruled
Local authority successfully appeals fine imposed after pensions records turned up in a dustbin
19.07.13 - Cyber criminals pose as Soca in latest ransomware threat
Criminals are mounting a new ransomware scam, which locks computers to display a message claiming to come from the UK Serious Organised Crime Agency (Soca) demanding payment to unlock it.
16.07.13 - U.K. Ministry of Defence hit by cyberattack, data stolen
The U.K. government department was victim of a cyber-espionage attack that saw sensitive data stolen by unnamed hackers, a parliamentary report discloses
15.07.13 - NHS Computers With Patient Data Sold On Ebay
An NHS trust has been fined £200,000 by the data watchdog after it sold an old computer which contained the personal details of more than 3,000 patients.
15.07.13 - UK defence industry to fast-track supply chain security
The UK’s newly established Defence Cyber Protection Partnership (DCPP) has adopted an ambitious schedule as it seeks to implement controls to increase supply chain security as quickly as possible.
04.07.13 - ICO publish report on findings from Charity advisory visits
http://www.ico.org.uk/for_organisations/data_protection/working_with_the_ico/~/media/documents/library/Data_Protection/Research_and_reports/outcome-report-charitable-organisations-2012-13.ashx
03.07.13 - Assassin’s Creed developer hacked, exposing user details
Ubisoft is the latest computer games company to be hacked, with usernames, email addresses and encrypted passwords compromised
02.07.13 - UK healthcare is changing - do you know who is protecting your data?
The effects of leaked personal health information can be exceptionally damaging.
01.07.13 - Facebook slurped phone numbers says Norton
Norton has pinged Facebook for slurping Android users' phone numbers without their consent.
01.07.13 - U.K. Parliament wedges head in the privacy sand, plans move to cloud despite NSA spying scandal
Headstrong U.K. parliamentary IT fellows believe, in spite of an ongoing scandal over NSA spying on non-U.S. citizens, a move to the cloud is still a good idea. Here's why it's not
24.06.13 - Home Secretary Theresa May alarmed at revelations that hacking went beyond media and was used by lawyers and private companies
Theresa May, the Home Secretary, has expressed alarm over revelations that hacking went far beyond the media and was routinely used by lawyers and private companies to obtain sensitive information about rivals.
18.06.13 - Call centres in BBC3 programme hit with £225,000 fines
Nationwide Energy Services and We Claim U Gain, part of Swansea-based Save Britain Money Ltd, were responsible for more than 2,700 complaints
18.06.13 - 69% of small businesses don't think data breaches will impact their reputation
As National Small Business Week gets underway in the US, research has revealed that most small businesses are blissfully unaware of the information security risks that may be arrayed against them
17.06.13 - It takes 10 hours to identify a security breach
Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee.
14.06.13 - Most Data Breaches Caused by Human Error, System Glitches
June 17, 2013— CIO— When it comes to data breaches, hackers and organized crime garner most of the headlines, but most data breaches are caused by human errors and system glitches--application failures, inadvertent data dumps, logic errors in data transfer and more. As a result, educating your employees and making sure they're not cutting corners is a big component in preventing data breaches.
16.06.13 - Hacked off! City investigate claims of online spying by rival clubs Read more: http://www.dailymail.co.uk/sport/football/article-2342849/Manchester-City-investigate-spying-claims-rival-clubs.html#ixzz2XDt9zB3d
Manchester City are continuing investigations into an alleged breach of security involving their scouting reports.
13.06.13 - Cloud computing: how can companies reduce the security risk?
Pravin Kothari outlines a three-step approach to help businesses ensure their information remains secure in the cloud
13.06.13 - Cloud data breach notification: Defining legal obligations
If a breach of security happens in the cloud and no customer is around to hear it, does it make a sound? A silly question perhaps, but it is often surprisingly complicated to ensure that an enterprise will be promptly informed by a cloud provider in the event of a cloud data breach.
10.06.13 - Security engineer revealed to be source of Prism whistleblowing
A former US government IT security engineer has revealed himself to be the whistleblower at the heart of the Prism controversy.
07.06.13 - School codebreaking contest hunts cybersecurity talent
Schools are being urged to sign up for a codebreaking competition aimed at developing the next generation of cybersecurity experts.
07.06.13 - Glasgow City Council fined £150,00 for loss of unencrypted laptops
Glasgow City Council has been fined £150,000 for the loss of two unencrypted laptops, one of which contained personal details of more than 20,000 people.
07.06.13 - Web privacy - outsourced to the US and China?
Overnight, the Guardian and the Washington Post have made startling claims about the extent of the US government's surveillance of web communications.
07.06.13 - Advent IM Security joins the Government’s Procurement Framework -G-Cloud.
Advent IM has a lengthy track record as a Security Consultancy for public bodies and Her Majesty’s Government. The Advent IM Catalogue on G-cloud shows the full range of services available to both public and private sector organisations. G-Cloud is designed to make it easier and faster for those public bodies and departments to procure directly and that now includes expert Security Consultancy from the team of specialists at Advent IM. No longer having to face the convolutions and cost that the tender process can sometimes entail.
04.06.13 - Surveillance Code of Practice Published
The new Surveillance Camera Code of Practice was published today, with police and public authorities in the UK set to be subject to it. Under the new code they will have to prove that a system’s technical capabilities are "proportionate" to their use
04.06.13 - Surveillance Code of Practice Published
The new Surveillance Camera Code of Practice was published today, with police and public authorities in the UK set to be subject to it. Under the new code they will have to prove that a system’s technical capabilities are "proportionate" to their use
05.06.13 - Corporate data loss seen to be a collective responsibility
Three-quarters of respondents to a recent poll believe that data loss is a collective responsibility.
24.05.13 - Butch Cassidy and the hacking kids
The recent media interest surrounding the heist of several million pounds worth of money from cashpoints across the globe highlights the fact that, with the connectivity introduced by the internet age, the definitions of national boundaries have changed beyond recognition.
23.05.13 - Man made redundant fined for stealing sensitive information
When he learned that he was being made redundant from his position as Community Health Promotions Manager at a council-run leisure center, he emailed sensitive medical information on 2471 people to himself to help establish his own new company.
23.05.23 - Prison needed for serious data offences, says Information Commissioner
People who misuse personal information should face tougher penalties, including the threat of prison in the most serious cases, Information Commissioner Christopher Graham has said.
15.05.13 - ICO research finds lack of understanding around EC data protection proposals
According to a survey of 506 businesses by the Information Commissioner's Office (ICO), there is a clear lack of understanding around the proposed EU data reforms, particularly around estimated cost expenditure on meeting data protection responsibilities under the new law.