Over 40,000 credentials for government portals found online

Malware operators have collected login credentials for government portals in Italy, Saudi Arabia, Portugal, Bulgaria, Romania, more.

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

Attackers scan for Ethereum wallets and mining rigs that have carelessly exposed port 8545 on the Internet.

Google+ hit by second API bug impacting 52.5 million users

Google moves Google+ sunset date forward, from August 2019 to April 2019.

Half of the Tor Project's funding now comes from the private sector

Tor Project reports $4.2 million income in 2017, of which only 51 percent came from government funds.

Android adware tricks ad networks into thinking it's an iPhone to make more money

New Android adware discovered in 22 apps downloaded over two million times.

Cybercrime and malware, 2019 predictions

Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

Those annoying sextortion scams are redirecting users to ransomware now

Sextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.

Senator blasts FTC for failing to crack down on Google's ad fraud problems

US Senator says Google is profiting off advertising fraud and has no interest in addressing it.

DHS looking into tracking Monero and Zcash transactions

DHS has had great success with tracking and analyzing Bitcoin transactions already. They are now looking for similar solutions for tracking "privacy coins."

OpSec mistake brings down network of Dark Web money counterfeiter

European law enforcement conducts 300 house searches and makes 235 arrests.

Marriott to reimburse some guests for new passports after massive data breach

Hotel chain responds to US senator. Says it will foot the bill for some users' passport replacement costs.

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks

Cybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.

Industrial espionage fears arise over Chrome extension caught stealing browsing history

Company test runs own traffic analysis service and finds malicious Chrome extension in its own backyard. Ooops!

ESET discovers 21 new Linux malware families

All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.

Twelve US states join for the first time to file multistate data breach lawsuit

Lawsuit details a long list of security fails on MIE's part.

A botnet of over 20,000 WordPress sites is attacking other WordPress sites

Botnet is still up and running but law enforcement has been notified.

BeatStars discloses security breach in Twitter live stream

BeatStars website mass-defaced after hacker intrusion. Website back up and running again.

Adobe releases out-of-band security update for newly discovered Flash zero-day

Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.

Cyber-espionage group uses Chrome extension to infect victims

Suspected North Korean APT uses Google Chrome extension to infect victims in the academic sector.

The CoAP protocol is the next big thing for DDoS attacks

CoAP DDoS attacks have already been detected in the wild, some clocking at 320Gbps.

Google releases Chrome 71 with a focus on security features

Google improves Chrome's ability to filter abusive ads and detect shady mobile subscription forms.

Over 100,000 PCs infected with new ransomware strain in China

Ransomware authors might have shot themselves in the foot by handling payments via WeChat. Local law enforcement could track ransom payments.

Quora discloses mega breach impacting 100 million users

Account info, passwords, emails, private messages, and user votes were exposed.

Researchers discover SplitSpectre, a new Spectre-like CPU attack

Spectre-like variations continue to be discovered, just as academics predicted at the start of 2018.

Two iOS fitness apps tricked users into making TouchID payments

Both apps —"Fitness Balance app" and "Calories Tracker app"— removed from the Apple App Store.

New online service will hack printers to spew out spam

PewDiePie hack has spawned a new web service over the weekend: Printer-Spam-as-a-Service.

Czech Republic blames Russia for multiple government network hacks

Czech intelligence service says two Russian cyber-espionage groups hacked Ministry of Foreign Affairs, Ministry of Defense, and members of the Czech Army.

Marriott sued hours after announcing data breach

One class-action lawsuit is seeking $12.5 billion in damages.

ACLU wants court to release documents on the US' attempt at backdooring Facebook Messenger

While the FBI-vs-Apple battle played out in the public, the FBI-vs-Facebook encryption backdoor war remained a secret for months.

Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie

Hacker lends a helping hand to YouTube star losing his crown.

Moscow's new cable car system infected with ransomware two days after launch

Cable car system is now back up and running after a two-day downtime.

Marriott reveals data breach affecting 500 million hotel guests

Hackers have had access to the Starwood guest reservation database since 2014.

These are the worst hacks, cyberattacks, and data breaches of 2018

Millions of records were lost, services were disrupted, and credit card data was stolen as hackers ran amok over the year.

This is how Docker containers can be exploited to mine for cryptocurrency

Containers are becoming a target for cryptojacking in rising numbers.

Samba Trojan becomes the bread and butter of fresh attack campaign

The malware's veteran operators go low and slow to compromise Linux machines without detection.

Floyd Mayweather, DJ Khaled settle SEC charges over illegal endorsement of cryptocurrency ICOs

"You can call me Floyd Crypto Mayweather from now on."

US Senate computers will use disk encryption

New security measure is meant to protect sensitive Senate data on stolen Senate laptops and computers.

After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers

Indian police raid 26 call centers, make 63 arrests.

Sky Brasil exposes data of 32 million subscribers

The cause of the data leak was an Internet-accessible ElasticSearch server that was left without a password.

Hackers can exploit this bug in surveillance cameras to tamper with footage

Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

AriseBank CEO faces 120 years behind bars over alleged cryptocurrency scam

Millions of dollars in investor funds were allegedly spent by the suspect on a luxury lifestyle.

KingMiner malware hijacks the full power of Windows Server CPUs

Attack rates are rising and detection rates are falling.

Dunkin' Donuts accounts may have been hacked in credential stuffing attack

Hackers were after user accounts in the company's rewards points program.

Dell announces security breach

Company says it detected an intrusion at the start of the month, but financial data was not exposed.

Hackers are opening SMB ports on routers so they can infect PCs with NSA malware

Akamai says that over 45,000 routers have been compromised already.

New industrial espionage campaign leverages AutoCAD-based malware

Researchers warn about industrial espionage group targeting companies in the energy sector with AutoCAD-based malware.

ElasticSearch server exposed the personal data of over 57 million US citizens

Leaky database taken offline, but not after leaking user details for nearly two weeks.

Atrium Health data breach exposed 2.65 million patient records

The security incident also exposed an estimated 700,000 Social Security numbers.

Second time lucky: Cisco pushes fix for failed Webex vulnerability patch

New attack techniques have rendered the original patch useless.

IBM QRadar Advisor with Watson boosted with MITRE framework

The machine learning system is being given a crash course in cybercriminal techniques.

Pegasus gov't spyware used to target colleague of slain drug cartel journalist

Just days after the death of a reporter investigating drug cartels, the spyware appeared on the radar.

FBI dismantles gigantic ad fraud scheme operating across over one million IPs

DOJ also charged eight suspects. Three suspects have already been arrested.

Microsoft warns about two apps that installed root certificates then leaked the private keys

It's a Superfish and eDellRoot déjà vu!

Seven GDPR complaints filed against Google over user location tracking

GDPR complaints have been filed today against Google in the Netherlands, Poland, the Czech Republic, Greece, Norway, Slovenia, and Sweden.

Android adware has plagued the Google Play Store in the past two months

Security researchers unearth several adware campaigns distributed via apps available through the official Google Play Store.

This worm spreads a fileless version of the Trojan Bladabindi

The malware is capable of keylogging, spying, and far more.

Uber fined £900,000 by UK, Dutch privacy regulators over 2016 data breach

The hacker responsible was paid off to keep quiet.

US iOS users targeted by massive malvertising campaign

A malvertising campaign deployed via a high-profile ad platform targeted iOS users across the US. Crooks hijacked over 300 million web sessions.

Hacker backdoors popular JavaScript library to steal Bitcoin funds

Users of BitPay's Copay desktop and mobile wallet apps are affected. An update has been released earlier today that doesn't contain the malicious code.