There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software. But the truth is that probably a bigger risk to the typical mobile user are the actual apps that they choose to run on them. Have they been coded reliably, are they taking...

Yes, targeted attacks - especially those perpetrated by an adversary with considerable resources, such as a foreign state - may incorporate zero-day vulnerabilities, but often they begin with something as simple as a phishing message tricking your staff into handing over their passwords. That's a lesson you learn from a new report published by...

Thanksgiving is a time for reflection. It provides us with a space for acknowledging all those many people and life experiences that one way or another enrich our lives, year after year. With the spirit of Thanksgiving in mind, we have gathered together the comments of some of the industry's leading professionals on who they are thankful for fueling...

Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study ...

A hacker group known as the Armada Collective is currently targeting secure email services with prolonged blackmail distributed denial-of-service (DDoS) attack campaigns. Last week, Geneva-based encrypted email service ProtonMail announced that it had been temporarily knocked offline by a DDoS attack. After issuing a post explaining what it was...

Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users. Now attention has been turned on to another piece of software that can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote...

If you're running a CCTV surveillance camera in your office, high street store, or at home make sure that you are not unwittingly helping hackers launch denial-of-service attacks. That's the warning that has been issued by the security team at Incapsula, who discovered a botnet of 900 CCTV cameras spread across the globe, flooding targeted websites...

The internet is a little bit safer today, and that is something we should all be grateful for. The reason? Security researchers have taken on organised criminal gangs who have been using the notorious Angler Exploit Kit in malware campaigns stealing up to $3 million each month through ransomware attacks. The Angler Exploit Kit is a prime weapon in...

Banks have another security headache on their hands, as ATM-infecting malware is becoming increasingly sophisticated in its attempt to help criminals audaciously empty out cash machines on the high street on demand, without having to have previously stolen the payment cards of legitimate customers. Dubbed GreenDispenser by researchers at Proofpoint,...

The Office of Personnel Management (OPM) has revealed in a statement that when hackers breached its systems earlier this year they made away with approximately 5.6 million fingerprints - a significant increase from the 1.1 million previously reported. As is now well known, in addition to fingerprint data being stolen the Social Security numbers,...

A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors. The report, "Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors", claims that...

Yes, simulated humans exist. And even if they don't quite walk amongst us, they do lie in beds in hospitals, helping medical students get valuable experience in caring for patients without the worry that one wrong step might result in a real human life being lost. Don't know what I'm talking about? Then meet iStan, the "most advanced wireless...

Where would the dark web be without Tor? Probably in the bright, uncomfortable spotlight of law enforcement if it doesn't find an alternative method of cloaking itself. Agora, the dark web site that grabbed the dubious honour of being the world's most popular online drugs marketplace following the shut down of Silk Road and Silk Road 2.0, has...

If Microsoft calls a vulnerability "critical," warns that it affects all versions of Windows, and is prepared to issue a patch outside of its normal Patch Tuesday monthly schedule, you should sit up and listen. Today, Microsoft has issued an advisory about a zero-day vulnerability, dubbed CVE-2015-2502, that could allow an attacker to hijack control...

Security researchers have found a cross-site scripting (XSS) vulnerability on the Salesforce website, that could be exploited by malicious hackers to conduct phishing attacks and hijack the accounts of users. The researchers at Elastica report that they uncovered the weakness on one of Salesforce's subdomains, admin.salesforce.com. Specifically, the...

ICANN, the organisation which oversees the internet's domain name system, regulating web addresses and working with registrars around the world, has revealed that it has fallen victim to a hacker attack during which the details of users who had created profiles on the organisation's public website were exposed. Email addresses (which act as...

We all know that there's a problem with passwords. Most internet users are careless when choosing passwords - either re-using the same passwords they've used elsewhere or making them too easy to crack. And if they're not guilty of that mistake, there's always the chance that their computers are infected with spyware watching their keystrokes and...

This week, as part of our new "Infosec Influencer" series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to...

For just over a week, government departments, research institutes and other high-value targets have been on the sharp end of a sophisticated attack, where fake voicemails are being used to create a diversion while malware infects computer systems. As security researchers at Palo Alto Networks's Unit 42 division detail, it is believed the attack is...

Back in 2013, technology giants Apple, Microsoft, Facebook and Twitter all suffered a serious security breach. Their corporate networks had all been attacked by the same hacking gang, after Mac-using staff visited a website for iOS developers hosting a zero-day Java exploit. The previously unseen Pintsized Trojan horse was able to waltz around the...