San Francisco resident Robert Ross first realised something odd was going on when his iPhone lost its signal on 26th October. But his cellphone signal wasn't all that Ross had lost. Within minutes he had also lost his entire $1 million life savings, including the money he had stashed away for his two daughters' college education. According to media...

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again. Dutch security consultant Willem de Groot, who has been tracking MageCart and similar threats since 2015 and has come across over 40,000 compromised stores, says in...

Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months. Analysts working at Qihoo 360's Netlab team say that they first identified the new botnet in September 2018. They have dubbed it "BCMUPnP_Hunter" because of its exploitation of a security hole in the...

Most people in the world would describe it as a company "admitting they've been hacked." But if you're the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you're "announcing a data security event affecting customer data." Read beyond the headline,...

A US court has sentenced a programmer to 30 months in a federal prison in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely manage computers, but was actually used by criminals to backdoor PCs and secretly spy on victims. 21-year-old Colton Grubbs, of Stanford, Kentucky, admitted earlier this year that his...

Online criminals have frequently distributed their malware attacks as fake updates for Adobe Flash. Security-savvy computer users haven't found such attacks difficult to spot and know to only get updates to Adobe Flash Player from the company's own website. A new wave of attacks, however, has added a twist to the traditional malware attack disguised as...

Everyone responsible for securing organisations today recognises the significant growth in BEC (Business Email Compromise) attacks, also sometimes known as "Whaling" or "CEO fraud". BEC scammers trick accounting and finance departments into wiring considerable amounts of money into bank accounts under their control, posing as genuine suppliers invoicing...

An Australian teenager who hacked into Apple's network on multiple occasions over several months and stole sensitive files has been told that he will not be imprisoned. As Bloomberg reports, the unnamed hacker - who was 16 years old when the security breaches began - exploited a VPN designed for the use of authorized parties to access Apple's internal...

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...

A man who spent years on the run from the FBI for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website has finally been sent to prison. Twenty-nine-year-old Peteris Sahurovs (also known as "Piotrek" and "Sagade") was sentenced this week by a U.S. court to 33 months in prison for conspiracy to commit...

Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. Adware Doctor, which sold for $4.99 and was listed last week among the highest grossing apps in the "Paid Utilities" category of the macOS App Store, promised it would "keep your Mac safe", "get rid of annoying pop-up ads"...

ABBYY, the developer of optical character recognition and text-scanning software, left a server containing 142GB of a customer's scanned documents exposed for anyone on the internet to access, no password required. The AWS-hosted MongoDB server, accidentally left configured for public access, contained some 203,896 properly OCR'd contracts, non...

It's not great when any organisation loses a laptop, but if the contents of the computer's hard drive have been fully encrypted and a strong password has been used it's hardly the end of the world. After all, the chances of a criminal being able to access any sensitive information on the mislaid or stolen device is remote - and the cost should be...

Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend. India's Cosmos Bank, based in the western city of Pune, suffered an attack which saw hackers use...

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed. According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP's online customer portal that could allow unauthorised parties to determine the partial home address of...

According to a new report, popular smartphone games such as "Clash of Clans" are being used to launder hundreds of thousands of dollars on behalf of credit card thieves. Researchers at Kromtech Security describe how they first came across the money-laundering ring in mid-June when they analyzed an unsecured MongoDB database. The database, which was...

Data breaches are getting more expensive. That's one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach. So what is the actual cost of a data breach? Well, obviously it varies depending on the nature of the organisation that has lost control of its data, the nature of data that...

So, you recognize that insider threats are a considerable risk inside your company? Just imagine how serious those threats are for a business that designs mobile spyware for helping law enforcement and intelligence agencies spy on "people of interest." NSO Group is a firm that, in its own words, provides "authorized governments with technology that...

It's been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access. And what was inside that massive haul of data? The detailed personal information of 230 million consumers and 110 million business contacts - including phone numbers, addresses, dates of birth, estimated income, number...

Computer security experts have discovered an unusual attack targeting users of Android devices. As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users' devices as they browsed the web. The warning message is customized to the...