Czech intelligence agency: "Data analysis suggests that the attack came from China."
Czech antivirus maker discloses second attack aimed at compromising CCleaner releases.
Sky-high rates of return were promised to participants.
Credit card and payment information was the target of the three-year-long attack.
Face Unlock bug lets someone unlock you're Pixel 4 phone while you're asleep or out cold.
Chrome and Firefox extensions released over the summer. Windows support added this month.
Steganography malware trend moving from PNG and JPG to WAV files.
iOS users tricked into installing online games and told to "reach Level 8 in 7 days."
Tamper Protection prevents malware from disabling Windows Defender features.
One of China's most brazen hacking sprees involved intelligence officers, hackers, security researchers, and company insiders.
Academic study analyzed 379 incidents of incorrectly-issued SSL certificates from a total of 1,300+ known cases.
HP releases security update for HP Touchpoint Analytics app. Device owners advised to update.
A NIST guide was needed as the patch testing process for some companies involved asking questions on internet forums.
Tor Project admins blacklist 800+ of the total 6,000+ Tor network servers.
Only 2% of 4,200+ survey takers answered all ten questions correctly in a very basic tech quiz.
What do phishing emails, camping, wine, and embarrassment have in common, you ask?
Arbitrary code execution and memory vulnerabilities may impact Mac machines.
It has been reported that roughly 400 US police departments are collaborating with the smart doorbell firm.
Twitter couldn't say how many users had been impacted by this latest bug.
Built-in OpenPGP support coming to Thunderbird 78, scheduled for release in the summer of 2020.
French cyber-security agency warns of ongoing cyber-espionage campaign after Airbus and Expleo hacks.
IBM and McAfee aim to tie cybersecurity products and data together through open source code and standards.
The health organization has admitted its failure in safeguarding user data.
Proof-of-concept code available online; trivial to exploit.
Security breach took place in 2017, but user details are only now being shared online, including on Telegram channels.
Annoyed victim hacks back ransomware gang and releases all their decryption keys, along with a free decrypter.
The remote code execution bug is being used in attacks against high-profile websites.
FBI warns about SIM swapping and tools like Muraen and NecroBrowser.
The security issue won’t be resolved, considering the age of the products.
Several experts, companies, and national entities have voiced very convincing concerns about DoH and its features.
Signal bug lets attackers place and then auto-answer a call by pressing the Mute button.
Urgent/11 vulnerabilities impact multiple operating systems, not just VxWorks.
The Iranian hackers also targeted current and former US government officials, journalists, and Iranians living abroad.
Glitch in EA FIFA 20 tournament site accidentally leaked some players' data to other players.
Turla hacker group lives up to its reputation with another clever/wacky hacking technique.
Vulnerability was patched in older Android OS versions, but resurfaced in newer releases.
Microsoft security expert also ranks authentication factors based on their ability to fend off attackers.
Google to stop loading "mixed content" in Chrome starting next year.
Up to 40,000 macOS systems expose a particular port online that can be abused for pretty big DDoS attacks.
Older Athena IDProtect smart cards are impacted, along with the WolfSSL, MatrixSSL, Crypto++, Oracle SunEC, and Libgcrypt crypto libraries.
The lawsuit alleges Google should be held accountable for bypassing default iPhone privacy settings.
Personal files and messages are at risk in unpatched builds of the app.
Offer stands only for October 2019. Origin users will get November for free.
Police seize servers from bulletproof hosting provider that harbored tens of DDoS botnets.
Zendesk said hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers.
Sensitive data was available to anyone with a browser.
Google expands history auto-delete to YouTube, adds better privacy controls to voice assistant.
Google's Password Checkup is currently available for Android devices and Google's web dashboard.
New CPU memory type proposed. No silicon prototype. Just a research paper and a lot of hope.
The vulnerabilities can be exploited to make unauthorized VoIP calls, spoof caller IDs, deny voice calls, and even execute malicious code on users' devices.
Fifteen US school districts, accounting for 100 schools, were hit in the past two weeks alone.
The military bunker was allegedly used to host servers catering for Dark Web markets and child pornography websites.
His efforts have earned him two years in prison.
Former Yahoo engineer accessed about 6,000 email accounts, primarily belonging to young women.
After a month, hearing aid manufacturer Demant has yet to recover after the attack.
eGobbler group exploits bugs in Chrome for iOS, and Chrome and Safari for desktop to show popup ads and redirect users to malicious sites.
All the 27 desktop and web PDF viewer apps that were tested were found to be vulnerable in a way or another.
New Linux kernel "lockdown" module to limit high-privileged users -- even root -- from tampering with some kernel functionality.
The ad-blocking landscape is in line for some standardization, starting with the blocklists' synthax.
Proofpoint: 85% of all malicious email spam sent in Q2 2019 contained a link to download a malicious file.
There's now an app to test your phone's SIM card for both Simjacker and WIBattack
Rheinmetall plants in Brazil, Mexico, and the US disrupted by malware infection.
The downloader has an unusual way of executing next-stage payloads.
New jailbreak will work on iPhones 4S up to iPhone 8 and X.
The company allegedly collected and stored biometric data without user consent.
Dunkin' Donuts disputes claims made by New York state officials in recent lawsuit. Says it's looking forward to proving its case in court.
A lawsuit brought forward by investors has been dismissed -- but can be refiled.
New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud.
Exclusive: Security researcher gets a nasty surprise while hunting for bugs on AT&T's websites.
Banned file types include Java, Python, and PowerShell extensions.
Developers mask their apps to circumvent heavy restrictions on gambling.
Next iteration of the HTTP protocol starts making its way into production systems.
The threat group is able to remotely control vulnerable systems without credentials.
Would you pay $240 for a calculator app? What about a QR code reader? A GIF maker?
Magecart (web skimming) attacks are evolving into a direction where they're gonna be harder and harder to detect.
Fake US veteran hiring website spreads remote access trojan (RAT).
Exclusive: Another dating app fails to secure production server and puts users at risk.
Pricing starts at $2.46 per gigabyte (GB) of ingested data.
New zero-day could trigger a new forum hacking spree across the internet.
Carpet bombing - the DDoS technique that's just perfect for attacking ISPs, cloud services, and data centers.
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
A first-of-its-kind research project highlights the connections between nearly 2,000 samples of Russian APT malware.
McAfee says these incidents are exposing enterprises worldwide to data loss and theft.
The threat group’s attack chain is now even heavier with a string of malicious payloads.
US utility providers targeted with spear-phishing emails that try to install the LookBack remote access trojan.
Microsoft publishes rare out-of-band security update to address CVE-2019-1367 and CVE-2019-1255.
Another version of the same malware, but with RAT-like features, spotted targeting Indian research centers.
The bug could also be used post-exploit to circumvent PC defenses.
You will be spared human eavesdroppers, too, unless you choose to opt-in.
YouTube creators from the auto and car community were hit the hardest in what appears to be a coordinated attack.
On the other hand, everyone was busy blasting Google for a similar plan in Chrome.
Cambridge Analytica fallout yielded tens of thousands of app suspensions and bans.
Elliot Gunton and Anthony Tyler Nashatka charged for 2015 EtherDelta hack.
Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it is closer to home.
Card-skimmers may have impacted close to 200 hotel properties and their customers.
Charges now include unregistered drone operation, meth use, and unlawfully owning firearms.
Twitter removes new accounts part of state-run information campaigns in the United Arab Emirates, Egypt, Saudi Arabia, Spain, Equador, and China.
Two Chrome ad blockers caught manipulating cookies so extension devs could earn commissions on users' backs.
Suspects run tech support scam sites and made over $10m from over 7,500 victims by billing unneeded tech support fees.
New 20,000 batch of payment card details found on the dark web and traced back to new Click2Gov hacks.
Card skimming is the modus operandi of Magecart but many of the new campaigns focus on malvertising instead.
A research study suggests that private information is being transferred even when devices are idle.
A severe critical privilege escalation vulnerability has been found in the open source registry software.
Because all cybercriminals are law-abiding citizens and have a legal department.
GitHub is now also a CVE CNA and can issue its own CVE numbers for bugs disclosed in projects hosted on the platform.
Windows Defender "Quick" and "Full" scans stop after a few files and a few seconds.
Crypto-mining malware returns to take the crown as today's most prevalent malware threat.
The Top 25 list gives developers indicators of what cybersecurity threats they should be most aware of.
The new Nemty malware may have ties to GandCrab and Sodinokibi.
US claims Snowden broke the non-disclosure agreements he signed with the NSA and CIA. The US is now seeking to keep all the profits from Snowden's new book, launched today.
Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador's population.
Reports suggest the potential compromise of a mailing list with malicious invoices landing in client inboxes.
Certificates can be used to sign-off on malicious payloads and can fetch a lucrative price on the black market.
Even cyber-criminal gangs can't secure their MongoDB servers properly.
The Linux malware makes use of a rootkit to disguise itself on infected machines.
Phillip Capital Inc. has been penalized for a data breach and failing to disclose the incident to clients quickly.
The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.
Emotet botnet resumes malspam operations after going silent for nearly four months.
A new study reveals vulnerability rates are not decreasing in our connected devices -- far from it.
LastPass has released a fix last week. Vulnerability details are now public. Users advised to update.
Over 10,000 users may be caught in the crossfire of ICE’s request.
Elasticsearch server leaks personal data on Ecuador's citizens, their family trees, and children, but also some users' financial records and car registration information.
The price and supply fallout highlights how technology has the potential to threaten core economic systems.
A midnight raid was not what court administrators had in mind for electronic record security tests.
Ability execs arrests over the weekend after raids on the company's offices.
Former hacker aims for a white-hat career, apologizes to one of his victims, and gives out advice to users.
US wants to seize financial assets associated with the Lazarus Group, Bluenoroff, and Andarial.
The new Trojan will also harvest information from open browser sessions.
Twenty-year-old Frenchman arrested at Paris Airport on Monday for extorting tens of victims.
Country officials say unresolved privacy issues could pose a risk to consumers.
Sandboxie is now a free download. Source code to be open-sourced at a later date.
The key? Shifting to hardware isolation and system resets.
Google search data reveals the most popular hacker in the world, alongside the cybersecurity topics we care most about.
Simjacker attack abuses STK and S@T Browser technologies installed on some SIM cards.
The state Senate appears to be listening to appeals to reel in the widespread use of biometrics.
Security issue fixed in late June, with the release of Chrome OS 75. Additional remediation steps below.
There are ramifications for enterprise customer retention as an understanding of data protection increases.
Facing legal assault, NSO Group pledges to fight customers abusing its tools to spy on innocents, political opponents.
Two Android flashlight apps, in particular, are requesting 77 permissions... for some reason.
Even after deletion, images would remain in storage on user devices.
Two bugs could lead to arbitrary code being let loose on infected systems.
Starting with Chrome 78, the browser will automatically switch to DoH-compatible servers for certain DNS providers.
Microsoft's September 2019 Patch Tuesday comes with 80 fixes, 17 of which are for critical bugs.
Operation reWired: 167 suspects arrested in Nigeria, 74 in the US.
Academics develop new network-based attack that steals keystrokes from an active SSH session.