Misfortune Cookie vulnerability returns to impact medical devices

The four-year-old security flaw has reared its head once again but this time medical equipment, and not routers, are at risk.

Bitfi finally gives up claim cryptocurrency wallet is unhackable

Color me surprised.

Former Qualys exec charged with insider trading after protecting brothers from financial loss

The former Chief Commercial Officer tipped off his family in advance of poor financial results.

Why is Google selling potentially compromised Chinese security keys?

Opinion: To sign up for Google's Advanced protection program, you must buy security keys from a Chinese vendor. Security questions have since been raised considering current intelligence laws in China.

Meet ransomware which wears the face of former president Barack Obama

The peculiar malware asks victims for a "tip" in return for a decryption key.

SonarSnoop attack can steal smartphone unlock patterns

SonarSnoop technique transforms smartphones into mini sonar systems to track a user's finger across the screen and steal phone unlock patterns.

Wireshark fixes serious security flaws that can crash systems through DoS

Proof-of-concept code detailing related exploits has been released to the public.

Windows utility used by malware in new information theft campaigns

WMIC-based payloads highlight how attackers are turning to innocuous system processes to compromise Windows machines.

New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers

Security researchers have spotted a new strain of IoT malware that has been growing in sophistication and silently infecting more and more devices online.

Premera Blue Cross accused of destroying evidence in data breach lawsuit

Class-action lawsuit plaintiffs claim US health insurer Premera Blue Cross intentionally destroyed evidence despite ongoing litigation.

Bitcoin Gold delisted from major cryptocurrency exchange after refusing to pay hack damages

Cryptocurrency exchange Bittrex removes Bitcoin Gold trading options after BTG team refuses to pay $256,000 as reparations for May 2018 cyber-attacks

Department of Labour denies server compromise in recent cyberattack

The government department says the attack did not expose any sensitive or confidential information.

Google open-sources internal tool for finding font-related security bugs

Google Project Zero releases BrokenType, a tool that found nearly 40 security bugs in Windows font rasterization components

Google's campus door security blasted wide open by its own engineer

Malicious code sent across Google's network had some interesting results.

This malware disguises itself as bank security to raid your account

CamuBot takes advantage of your trust in your bank to hide in plain sight.

Facebook's 'war room' hunts and destroys election meddling, fake news

The physical room will be tasked with protecting the network against insidious attempts to tamper with the US midterm elections.

Thousands of 3D printers may be leaking private product designs online

Nearly 3,800 3D printers with an OctaPrint interface were left exposed online with no password authentication, inadvertently leaking 3D models and webcam feeds.

MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys

Tainted extension caught stealing passwords for Google, Microsoft, GitHub and Amazon accounts, but also Monero and Ethereum private keys.

Chrome 69 released with new UI and random password generator

Google revamps Chrome main user interface with new white rounded tabs, replacing classic gray angled tabs after a decade.

Cryptojacking campaign exploiting Apache Struts 2 flaw kills off the competition

Proof-of-concept (PoC) exploits have been quickly adopted to compromise Linux systems.

FIN6 returns to attack retailer point of sale systems in US, Europe

The secretive cyberattackers are known for stealing credit card data to sell on the Dark Web.

Thousands of MikroTik routers are snooping on user traffic

The routers susceptible to hijacking at being exploited through a known vulnerability.

New Silence hacking group suspected of having ties to cyber-security industry

New Russian-speaking "Silence" group linked to the theft of at least $800,000 from Russian and Eastern European banks and financial institutions.

Google investigating issue with blurry fonts on new Chrome 69

Font rendering appears to have broken down when Google promoted Chrome 69 from the Beta to the Stable channel. Windows users affected.

Recent Windows ALPC zero-day has been exploited in the wild for almost a week

ESET says it detected PowerPool group using recently disclosed Windows ALPC zero-day to improve the efficiency of its malware.

Google fixes Chrome issue that allowed theft of WiFi logins

New Wi-Jacking attack can recover WPA2 pre-shared keys by abusing a Google Chrome design issue. Issue was correct in Chrome 69.

Vodafone: You used 1234 as your password and were hacked? You cover the cost

Updated: Hackers are behind bars for stealing $30,000 from accounts, but Vodafone wants their victims to pay the tab.

Cisco warns customers of critical security flaws, advisory includes Apache Struts

The massive security update includes a patch for the recently-disclosed Apache bug -- but not all products will be fixed yet.

Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings

The security flaw, if left unpatched, has the potential to cause unnecessary reboots.

The ultimate guide to finding and killing spyware and stalkerware on your smartphone

Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it is closer to home.

Tor Browser gets a redesign, switches to new Firefox Quantum engine

Tor Browser finally updated to use new-and-improved Firefox Quantum codebase. This includes new Photon UI.

Vulnerabilities found in the remote management interface of Supermicro servers

Eclypsium researchers disclose second vulnerability affecting Supermicro servers in the past three months

DOJ to charge North Korean officer for Sony hack and WannaCry ransomware

After charging Chinese, Iranian, and Russian cyberspies, US prepares indictment against North Korean officer.

Tesla modifies product policy to accommodate "good-faith" security research

Tesla promises to reset car firmware and software damaged during security research. Also promises not to go after "good-faith" researchers in court.

How US authorities tracked down the North Korean hacker behind WannaCry

US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers.

Alex Stamos: Pretty clear GRU's goal was to weaken a future Clinton presidency

Former Facebook CSO breaks down differences between fake news, GRU operations, and IRA troll farms

Hacker uses ProtonMail VPN. Hacker DDoSes ProtonMail. Hacker gets arrested.

Braggadocio teen part of up-and-coming Apophis Squad hacking squad fails to protect his identity. Gets promptly arrested by UK police. Pleads guilty.

Schneider Electric may have shipped USB drives infested with malware

The flash drives were "contaminated" during the manufacturing process.

Top Mac anti-adware software in App Store steals your browsing history

A Mac app ranked in the top App Store tiers secretly sends the browsing history of users to a server in China.

US government releases post-mortem report on Equifax hack

GAO report takes us inside Equifax from March 2017 onward, showing how a few slip-ups led to one of the biggest breaches in US history.

Tor Project releases first alpha of Android mobile browser

After yesterday the Tor Project released Tor Browser v8, today, the organization had another surprise in store for its loyal fanbase —an Android mobile browser.

Tens of iOS apps caught collecting and selling location data

Apps collect data such as GPS coordinates, WiFi network IDs and more, and pass all of it to advertising and monetization firms.

Bill that would have the White House create a database of APT groups passes House vote

US hopes that a name-and-shame strategy would deter foreign nation-state hacking groups to attack US infrastructure as often as now.

Peeled onions and a Minus Touch: Verizon data breach digest lifts the lid on theft tactics

The 2018 report gives us a glimpse of tactics hackers are using today in the name of data exfiltration.

Worries arise about security of new WebAuthn protocol

Cryptography experts point out that new WebAuthn protocol recommends or requires the implementation of old and weak algorithms known to be vulnerable to attacks for years

Standard to protect against BGP hijack attacks gets first official draft

NIST and DHS project publishes first draft of new BGP Route Origin Validation (ROV) standard that will help ISPs and cloud providers protect against BGP hijack attacks.

Popular VPNs contained code execution security flaws, despite patches

Updated: Patches applied to a vulnerability in ProtonVPN and NordVPN builds led to the discovery of separate bugs which had to be resolved quickly in recent updates.

Mirai, Gafgyt IoT botnets stab systems with Apache Struts, SonicWall exploits

Updated: The IoT botnets are back with a new arsenal containing a vast array of vulnerabilities.

These are the warning signs of a fraudulent ICO

Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fake and what is legitimate?

Researcher finds new malware persistence method leveraging Microsoft UWP apps

New malware persistence method works only on Windows 10 and abuses built-in UWP apps like the Cortana and People apps.

LuckyMouse uses malicious NDISProxy Windows driver to target gov't entities

The hacking group is covertly infecting Windows machines with Trojans by way of stolen certificates belonging to a Chinese security company.

Exploit vendor drops Tor Browser zero-day on Twitter

A company that sells exploits to government agencies drops Tor Browser zero-day on Twitter after recent Tor Browser update renders exploit less valuable.

Microsoft details for the first time how it classifies Windows security bugs

The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.

Tech support scammers find a home on Microsoft TechNet pages

Security researcher finds over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.

British Airways breach caused by the same group that hit Ticketmaster

Security researchers find clues connecting the Magecart group to the breach at British Airways.

How to steal a Tesla Model S in seconds

An attack technique has been revealed which allows threat actors to unlock a Tesla vehicle in no time at all.

Alexa's land-and-expand strategy is racking up the numbers

While Google is outselling Amazon in global units of smart speakers, other numbers show Amazon is doing just fine in expanding Alexa's reach and usage

'Father of Zeus' Kronos malware exploits Office bug to hijack your bank account

The $7000 malware shows there is serious money to be made in the banking Trojan market.

Online security 101: Tips for protecting your privacy from hackers and spies

This simple advice will help to protect you against hackers and government surveillance.

First IoT security bill reaches governor's desk in California

California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."