Anyone who has a presence on the internet is likely to be suffering from breach fatigue. Data leaks are reported in the headlines on a daily basis, and users can feel so overwhelmed by the sheer number of breaches that they feel there's little they can do to keep ahead of hackers. It can almost feel like a full-time job as you try to determine if...

Security researchers are warning of a new wave of phishing emails which are using an unusual disguise in their attempt to both bypass scanners at email gateways and dupe unsuspecting users. The attack arrives in users' inboxes in the form of an email purporting to be a notification about a voice message using subject lines such as "PBX Message," ...

A criminal Magecart gang successfully compromised hundreds of e-commerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online. Rather than specifically target individual websites, the hackers audaciously hacked a third-party Javascript library from French...

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a "security concern." The lockout occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing...

The website of Luas, the tram system operating in Ireland's capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days. Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland,...

Not everyone is a fan of it, but it's hard to argue convincingly that facial recognition isn't going to play a role in the future of technology. The newest Apple iPhones and Android smartphones have built-in facial recognition features that can unlock your device, but you would be wrong to think that the reliability and accuracy of the features is...

Computer users are being reminded once again to take care of the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018. Researchers at Netscout have warned of a state-sponsored attack dubbed "Stolen Pencil" that is thought to originate from North...

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks. According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015. Unlike normal ransomware attacks ...

San Francisco resident Robert Ross first realised something odd was going on when his iPhone lost its signal on 26th October. But his cellphone signal wasn't all that Ross had lost. Within minutes he had also lost his entire $1 million life savings, including the money he had stashed away for his two daughters' college education. According to media...

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again. Dutch security consultant Willem de Groot, who has been tracking MageCart and similar threats since 2015 and has come across over 40,000 compromised stores, says...

Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months. Analysts working at Qihoo 360's Netlab team say that they first identified the new botnet in September 2018. They have dubbed it "BCMUPnP_Hunter" because of its exploitation of a security hole in the...

Most people in the world would describe it as a company "admitting they've been hacked." But if you're the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you're "announcing a data security event affecting customer data." Read beyond the...

A US court has sentenced a programmer to 30 months in a federal prison in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely manage computers, but was actually used by criminals to backdoor PCs and secretly spy on victims. 21-year-old Colton Grubbs, of Stanford, Kentucky, admitted earlier this year that...

Online criminals have frequently distributed their malware attacks as fake updates for Adobe Flash. Security-savvy computer users haven't found such attacks difficult to spot and know to only get updates to Adobe Flash Player from the company's own website. A new wave of attacks, however, has added a twist to the traditional malware attack disguised...

Everyone responsible for securing organisations today recognises the significant growth in BEC (Business Email Compromise) attacks, also sometimes known as "Whaling" or "CEO fraud". BEC scammers trick accounting and finance departments into wiring considerable amounts of money into bank accounts under their control, posing as genuine suppliers...

An Australian teenager who hacked into Apple's network on multiple occasions over several months and stole sensitive files has been told that he will not be imprisoned. As Bloomberg reports, the unnamed hacker - who was 16 years old when the security breaches began - exploited a VPN designed for the use of authorized parties to access Apple's...

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...

A man who spent years on the run from the FBI for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website has finally been sent to prison. Twenty-nine-year-old Peteris Sahurovs (also known as "Piotrek" and "Sagade") was sentenced this week by a U.S. court to 33 months in prison for conspiracy to commit...

Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. Adware Doctor, which sold for $4.99 and was listed last week among the highest grossing apps in the "Paid Utilities" category of the macOS App Store, promised it would "keep your Mac safe", "get rid of annoying pop-up ads...

ABBYY, the developer of optical character recognition and text-scanning software, left a server containing 142GB of a customer's scanned documents exposed for anyone on the internet to access, no password required. The AWS-hosted MongoDB server, accidentally left configured for public access, contained some 203,896 properly OCR'd contracts, non...