US Senate report finds appallingly bad cyber-security practices at eight US government agencies.
The schemers allegedly spoofed crypto trading posts to steal virtual coins from thousands of victims.
Lake City officials give in and agree to pay nearly $500,000 to ransomware gang.
Qualcomm says the SoC upgrade will slice material costs for vendors without compromising security.
Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing.
Updated: With GDPR in full swing, the data watchdog wants to help consumers access the information the police have on them.
Organizations should be aware of the latest impersonation techniques and file service exploits.
Red Mosquito allegedly has a profitable sideline in place for ransomware victims.
Two brothers arrested in Israel last week have been linked to the massive 2016 Bitfinex hack.
Whether the social media giant likes it or not, the court case is going ahead.
Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass.
Bill would also force large tech companies to disclose what user data they collect and how they're monetizing it.
Anonymous Belgium hacker sentenced to 18 months in prison for past cyber-crimes.
The woman in question allegedly rejected their romantic advances.
Will ad blockers still work in Chrome? We'll see starting late July, early August.
Attack took place last week, after President Trump backed off from using conventional weapons to strike Iran.
A vulnerability in MyBB has been blamed.
CISA also warns against other Iranian hackers' favorite techniques: password spraying, credential stuffing, spear-phishing.
Phishing attack lets hackers into Oregon DHS employee accounts.
NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups.
WordPress sites hacked and infected with Ngioweb Linux malware; hijacked into commercial proxy service.
OpenSSH to encrypt SSH private keys while at rest in a computer's RAM.
Could ‘SaaS’ take on a new meaning?
The mobile botnet is focused on compromising Android devices.
The malware emulates Linux in its quest for cryptocurrency.
Hackers breach MSPs and use Webroot SecureAnywhere console to infect customer PCs with the Sodinokibi ransomware.
Data for 2.9 million bank members was taken from the bank's system by a now-fired employee.
Former Nest cam owners could have accessed old devices despite cameras being reset to factory settings.
Two days after patching the first zero-day, Mozilla fixes a second one, used in the same attacks as the first.
Database containing 390,000 Vascepa prescriptions for 78,000 patients left open on the internet.
Opinion: The irony is strong in enforcing ID verification laws when the government fails to implement its own legal checks.
There were actually two zero-days -- not one -- combined into an exploit used in a spear-phishing attempt. Other cryptocurrency organizations were also targeted.
Turla APT hacked Iran's APT34 group and used its C&C servers to re-infect APT34 victims with its own malware.
The conviction is the first of its kind in the country.
The release resolves a critical Mozilla Firefox vulnerability in active use.
These are the top 20 biggest, fastest, and most lucrative bounty programs on the HackerOne platform.
Riviera City officials previously agreed to pay $941,000 to rebuild their entire computer network.
Florida ad agency leaks the keys to its entire kingdom, including invoices, campaign metrics, and all collected data.
The aftermath of the data breach seems to be too much for AMCA to bear.
New wave of attacks against Oracle WebLogic servers using a brand new zero-day detected over the weekend.
Extension developer says he sold the extension weeks before; not responsible for the shady behavior.
New Plurox malware spotted in the wild in February; uses leaked NSA exploits; focuses on cryptocurrency mining.
Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day.
FBI warns security clearance holders to be careful when disclosing work information on social media profiles.
Google launches new "Suspicious Site Reporter" Chrome extension.
Hacker "Gnosticplayers" took credit for the hack in a private conversation with ZDNet last month.
The zero-day bug impacts multiple models in the TP-Link product line.
Google restricted SMS controls. Hackers found a way around it.
Zero-days disclosed in "Facebook for WooCommerce" and "Messenger Customer Chat."
New "League of Entropy" service will generate a stream of random numbers using five servers located across the globe.
Offenders include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, and others.
Impacted agencies include the Centers for Medicare and Medicaid Services (CMS), the Social Security Administration (SSA), the US Postal Service (USPS), and the Department of Veterans Affairs (VA).
The new Trojan variant is actively striking commercial banking customers.
Security researchers spot new Mirai variant called Echobot that targets a wide range of IoT devices and enterprise apps.
OSU is one of several US universities impacted by data breaches in recent weeks.
Private emails between the charity and parents were reportedly available for public viewing.
Microsoft says Azure infrastructure stops the worm's self-spreading component, but VMs remain compromised.
Healthcare billing vendor got hacked last year and hackers put patient data for sale online.
Hacker is scanning the internet and planting shells on web-based DNA sequencing apps.
Security researcher finds dangerous XSS bug in Google's Invoice Submission Portal.
The accounts specialized in manipulating and influencing political conversations.
Gamification is the way forward when it comes to training officers in tracking down criminals.
Yubico staff discovers bug in YubiKey FIPS Series keys; offers replacements for affected customers.
Almost half of the internet's email servers are now being attacked with a new exploit.
Drones were deployed to foil the cryptojacking attacks.
SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems.
The heart of the matter stems from an investigation into suspected gang activity.
The group is using Chinese victims as guinea pigs to try out their malware.
Google relaxes control on new Chrome extensions API that would have crippled ad blockers.
Nearly 1,000 employees sent home for the entire week, on paid leave.
iPhone and iPad users can now use their secondary Android smartphones as 2SV/2FA security keys.
Number of hacked Magento 2.x stores doubles for the third month in a row.
Left unpatched, the bugs can lead to data leaks, service denial, and privilege escalation.
Fixing code execution bugs was a priority this month for Adobe.
The DoJ’s nationwide campaign investigated close to 20,000 complaints.
Windows security update will block pairing of certain weak BLE security keys at the OS level.
Microsoft patches four of five zero-days published by SandboxEscaper.
Academics detail new Rowhammer attack named RAMBleed.
Company comes clean after a hacker put its data up for sale on the dark web in April.
FIN8 returns with improved malware and new attacks aimed at POS systems in the hotel industry.
Recent attacks abuse invitation and event notification mechanisms.
Troy Hunt says he is in early discussions for his life’s work to be purchased.
CBP said subcontractor stored photos on its internal servers without authorization, and then got hacked.
Browser maker working on premium version of Firefox with extra features like VPN access and secure storage.
Feds put stronger case forward against Mariposa creator and Darkode forum founder.
A database owned by Shanghai Jiao Tong University required no authentication to access.
Over one million accounts were leaked, and a vulnerable encryption algorithm may have been in play.
Researchers disclose major vulnerabilities in HSMs (Hardware Security Modules).
Dangerous spam campaign targets European users with backdoor trojan.
ATM vendor rolls out software update, says no attacks detected in the wild, low chance of exploitation.
It was China Telecom, again. The same ISP accused last year of "hijacking the vital internet backbone of western countries."
ICEFOG malware resurfaces in the arsenal of multiple Chinese cyber-espionage groups, not just one.
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and Server 2019.
The data leak impacted Tech Data’s client servers, SAP systems, and more.
Huawei may be left reeling from the latest blow against its reputation and products.
Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts.
Unofficial investigation puts the number of victims between 80 and 90 users. Unknown how hackers stole users' funds.
German cyber-security agency warns against buying or using four low-end smartphone models.
Backdoor discovered in Agama cryptocurrency wallet. Unconventional tactic saves users from getting robbed.
The hackers use steganographic techniques to hide their activities.
The bug could be used by hackers to intercept your streaming and steal your information.
Mining for Monero is the campaign’s ultimate goal.
Exim vulnerability lets attackers run commands as root on remote email servers.
Apple joins Google, Firefox, and Microsoft in banning SHA-1-signed TLS certs.
Three and a half years after its launch, ATS is still not widely adopted.
New BeiTaAd adware found in 238 apps available on the official Google Play Store.
Our keystrokes can verify who we are but researchers show behavioral verification systems can be easily fooled.
Stolen medical information can sell for up to six times as much as PII, and there are reasons for that.
Chrome 75 comes with a hidden Reader Mode, bug fixes, and nothing much.
NSA issues ominous security advisory after Microsoft published two similar warnings last month.
Most vulnerabilities that are exploited in the wild have a CVSS severity score of 9 or 10.
Apple wants users to have a privacy-focused login system at their disposal at any time.
Targeted ads make 4% more revenue than classic (dumb) contextual ads, academics say.
The new malware family infects web servers to mine for cryptocurrency.
Financial and medical information has potentially been exposed.
Interested in the world of cybersecurity? Consider picking up a copy of these books to enjoy over summer.
A modern bank cyber-heist is methodically planned and usually takes months.
Apple's new third-party login system will focus on user privacy, preventing user tracking.
New Iranian hacking tool is named Jason and can be used to brute-force Microsoft Exchange email servers.
Russian authorities add Tinder to database that requires company to share user data with the government.
Mac security researcher discloses zero-day to bypass ban on synthetic events.
The data demand will apply to tourists and potential immigrants.
Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.
GandCrab crew says it made enough money and plans to retire within a month.
Academics abuse NFC-enabled devices with capacitive touchscreens to induce fake screen taps.
Google cracks down on misleading marketing and extensions with shady descriptions.
Apple’s widespread blocking of these applications is at the heart of the chaos.
Time's running out on patching older systems against the BlueKeep vulnerability.
Internet providers will not be able to penalize those who refuse, either.
People Inc. says an employee email account was the source.
The Chinese military is also working on a similar plan to replace Windows with a custom OS.
Google also limits what types of third-party apps can access a user's Drive files.
At least one criminal market has moved from Tor to I2P. Others asked to do so as well.
The source of the exposure appears to stem from a management company for Marriott, Plaza, and others.
The cyberspies have ramped up their efforts with refreshed hacking tools.
The decision comes after the settlement of a court case concerning the CrowdStrike Falcon flagship product.
POS malware discovered installed at 102 Checkers and Rally's restaurants.
Phantom Secure customers included the Sinaloa carter and the Hells Angels biker gang.
Malware believed to have been created by Chinese hackers.
The attack is believed to have Chinese roots.
The lawsuit claims that Apple has violated the privacy of its users in the quest for profit.
Messages were spread to seed dissent over US influence in the Middle East.
Extent of the hack is unknown, but Flipboard said hackers had access to its systems for almost nine months.
New research puts an initial estimation of 7.6 million vulnerable systems into more context.
NSS Labs has admitted that CrowdStrike Falcon product test results were “inaccurate.”
Chinese military won't move to Linux, but develop a custom OS instead.
Team of researchers finds GitHub access tokens for various companies inside Travis CI build logs.
Amber alerts will be shown on the screensavers of more than 300 ATMs installed in airports and shopping malls.
A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.
Serendipitous discovery unearths new threat for MySQL server owners.
Hacker claims to have stolen the data of 139 million Canva users.
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
Staff members have allegedly abused their positions to spy on Snapchat users.
Support for WEP and TKIP to be removed in future Windows 10 releases.
A Moody’s downgrade shows that poor security can have severe financial fallout.
Google Safe Browsing didn't show phishing warnings for mobile browsers between mid-2017 and late-2018.
SandboxEscaper publishes two more Windows zero-days, bringing her total up to eight zero-days in ten months.
UK warns of Russian global hacking campaign targeting critical infrastructure and government networks.
TfL says the default data collection will be used to boost customer services.
Bestmixer.io was known for ‘washing’ cryptocurrency to make the funds untraceable.
A Google query was all it took to find the data of 4,500 customers -- none of whom were informed about the leak.
Industry group wants to make DNS over TCP support mandatory.
SandboxEscaper has now published seven zero-days in Microsoft products; two more to come.
SensorID technique can track users across apps and websites using sensor calibration data.
Security researcher 'SandboxEscaper' returns with new Windows LPE zero-day.
G Suite passwords were encrypted when stored on disk, so, at least, they weren't stored in plaintext.
To fully protect yourself from potential Zombieload attacks, vendors and early benchmarks show you'll face performance losses of up to 40%.
After eight months of alpha testing, Tor Browser for Android is now ready for rollout.
TrickBot infections impacted, PC fleet, phone and HVAC systems.
Company makes TLS support and fine-grained user/role management free for everyone.
Issue similar to Alpine Linux's CVE-2019-5021 impacts 194 other Docker images.
Survey of 27 hacker-for-hire services found that only five launched attacks against victims.
Google Chrome v76 is getting a new security feature to fight popup spam.
Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company.
LeakedSource sold data on over 3.1 billion accounts, made CAN$247,000 (US$183,000).
Faulty production script gave users access to all their company's Salesforce data.
Stack Overflow now says hacker might have also accessed user data.
TeamViewer said it detected and stopped the attack before hackers could do any damage.
The corporation has been accused of using fake accounts to influence political campaigns.
Unpatched clients leave Ethereum network vulnerable to 51% attacks.
Hacktivist scene collapses as Anonymous hacker collective dies a slow death.
Stack Overflow said it detected a security breach over the weekend.
AT&T, Sprint, T-Mobile, and Verizon tell the FCC they've terminated most user data sharing arrangements.
Brave devs warn about new alternative user fingerprinting method being rolled out with Chromium-based browsers.
New Attack Surface Analyzer 2.0 works on Windows, but also Mac and Linux.
Executive order doesn't mention Huawei, but it's a Huawei ban for all intents and purposes.
Passport data for high-ranking Russian politicians among the leaked information.
Vulnerability in Bluetooth pairing protocol forces Google to replace Titan keys sold in the US.
UK spies are no longer allowed to skip court if their choices are considered unlawful.
Some residents may be developing the technology but it won’t be permitted for use on their doorstep.
The startup offers a cloud-based endpoint protection solution to the enterprise.
The update aims to prevent code execution attacks and data leaks.
PowerShell script tells you if your Windows OS is safe from MDS attacks.
Where to get updates for Zombieland, RIDL, Fallout, and all the new Intel MDS vulnerabilities.
Microsoft patches 79 security flaws in the May 2019 Patch Tuesday update train.
Researchers, academics detail new Microarchitectural Data Sampling (MDS) attacks.
Further investigation into a single C2 has revealed some interesting results.
Vulnerable software is potentially facilitating surveillance and data theft.
The system can detect breaking glass as well as the sound of smoke alarms.