News

U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a "geofence" warrant, authorities obtain location history of all devices from Google's Sensorvault database

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited. It’s a lucrative career, and anyone can find work

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims' computers with DNSpionage—a custom remote administrative

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social

Security researchers have discovered the full source code of the Carbanak malware—yes, this time it's for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks against banks, financial institutions, hospitals, and restaurants. In July last year, there was a

A white-hat hacker found a way to get into the French government's newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities. Dubbed "Tchap," the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials,

Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. <!-- adsense --> Facebook today quietly updated its March press release, adding that the actual number of

Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft's Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen, allowing users to continuously

An unprotected database belonging to JustDial, India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the

Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe

A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed Scranos—which was first discovered late last year, still appears to be a work in progress, it is

It's no secret that Google tracks you everywhere, even when you keep Google's Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude. According to Google, the company uses this location-tracking

The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet,

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service.

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. <!-- adsense --> In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that

Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix's website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once

WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London—that's almost seven years after he took refuge in the embassy to avoid extradition to Sweden over a sexual assault case. According to a short note released by London's Metropolitan Police Service, Assange was arrested immediately after the Ecuadorian government today withdraws his political asylum. Assange

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced

Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years—but remained undetected until recently. Dubbed TajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malware toolkit that not only supports a vast number of malicious plugins for distinct espionage

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .

Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory, Adobe Acrobat and Reader

A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it. Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable

Phishing is a fraudulent activity to trick you into revealing your personal and confidential information. This information usually includes bank account details, net banking details, credit/debit card numbers, login ID and passwords. Every day, countless people become unsuspecting victims of phishing attacks. With cyber criminals adopting sophisticated modes of phishing…

Quick Heal and Seqrite users are reporting that PCs fails to boot up / Freeze after installing 9th April Windows Updates and Rebooting the system. Symptoms:  Users have Quick Heal or Seqrite product installed and running on their systems. The PCs fail to boot up / Freeze after installing Windows Updates of 9-April-2019 and Rebootingthe system. There are…

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As…

At a time when toddlers can be seen playing around with tabs and teens are living in a virtual world of communication, it wouldn’t be wrong to say that today’s parents are raising a completely new and advanced breed of kids!! Not to be left behind are the schools that…

The incidents of cyber-attacks on smartphones, especially those working on the popular Android operating system, have been on a constant rise. However, a major reason people still continue to go in for android smartphones, is the fact that these are mostly cheap to buy. However, the year 2018 ended with…

There is less doubt that women are more social, expressive and vocal as compared to men and what better means to enjoy such freedom of expression than social media. Reports suggest that over 76% of social media users are women; either looking to make connections, initiate discussions on women-specific topics…

In wake of the growing incidences of targeted cyber-attacks on enterprises using Cryptojacking, due to its ease of deployment and instant return on investments; it rather comes as a surprise that malware authors are still counting on Ransomware for targeting consumers and home users. Yes, you heard it right! According…

Emotet Known for constantly changing its payload and infection vectors like spam mail, Malicious Doc and even Malicious JS files. It compromised a very high number of websites on the internet. Emotet malware campaign has existed since 2014. It comes frequently in intervals with different techniques and variants to deliver malware…

Valentine Day is that special time of the year when people are busy celebrating the essence of love. However, on the darker side, it is also a time when cyber criminals are looking to cash on your hunt for the love of your life. So, just in case you are…

Quick Heal Security Lab has spotted 28 Fake Apps with over 48,000+ (all together) installations on Google Play Store. Google play has removed a total of 28 fake apps from the Play Store after reports by Quick Heal Security Lab. The apps do not have any legitimate functionality related to…

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

Do you ever hear those stories from your parents along the lines of "when I was young..." and then there's a tale of how risky life was back then compared to today. You know, stuff like having to walk themselves to school without adult supervision, crazy stuff like that which

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose. This is

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

Wow, a weekly update back on the normal schedule! I also realised when watching this back how less tired I look compared to the last few weeks. Travel takes its toll so I touched on that a bit in this week's update, along with the usual raft of new data

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

From last week's update in Seattle to home to Sydney to back home and a late update (again). But regardless, I'm committed to continuing the cadence of doing these updates each week and 132 of them in, I'm yet to miss a week.

This week it's a combination of more

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

So firstly, sorry for the audio quality. I'm pretty damn frustrated with those Instamics right now between the flakey firmware upgrade process and the unexpected loss of recording today. I'll make sure I get on top of it for next time.

I'm sitting at the gate in Seattle right now

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when looking at the video from the day I was meant to fly in, maybe being stuck in LA wasn't such a bad thing after all:

As of 1:30

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

This will be short, ranty and to the point: these warnings are getting ridiculous:

I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet:

I’m not sure if this makes it better or

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

Heaps of stuff going on this week with all sorts of different bits and pieces. I bought a massive new stash of HIBP stickers (1ok oughta last... a few weeks?), I'll be giving them out at a heap of upcoming events, I was on the Darknet Diaries podcast (which is

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

I'm not intentionally pushing these out later than usual, but events have just been such over the last few weeks that it's worked out that way. This one really is a short one though as there hasn't been a lot of newsworthy stuff going on this week, other than the

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

It was another travel week so another slightly delayed weekly update, but still plenty of stuff going on all the same. Along with a private Sydney workshop earlier on, I'm talking about some free upcoming NDC meetup events in Brisbane and Melbourne and I'd love to get a great turnout

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That's why I'm a day late this week having finally arrived

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

I'm back home! It was an amazing trip in many ways, not least of which was the time it gave both Scott and myself to reflect on workload and managing lives which can be a bit of a never-ending series of commitments. To that effect, I've been backing off Twitter

Presently sponsored by: The Enemy Within: Unlock this free course I made for Varonis to learn all about preventing insider threats

I'm pumping this weekly update out a little bit later, pushing it just before I get on the plane back home to Australia. I've just wrapped up a week in London with Scott doing all things NDC including a couple of days of workshops and a couple of talks each.

Marcus Hutchins, who is best known for his inadvertent role in blunting the WannaCryptor outbreak two years ago, may now face a stretch behind bars

The post WannaCryptor ‘accidental hero’ pleads guilty to malware charges appeared first on WeLiveSecurity

Microsoft has admitted that some users of its web-based email services such as Outlook.com have had their account information and, in some cases, even email contents exposed

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

How approaching cybersecurity with creativity in mind can lead to better protection from digital threats

The post Embracing creativity to improve cyber-readiness appeared first on WeLiveSecurity

The gaming company has rolled out a fix for the remote code execution vulnerability, so make sure you run the platform's latest version

The post Bug in EA’s Origin client left gamers open to attacks appeared first on WeLiveSecurity

An extra layer of security never hurt anybody, and now you can turn your phone into a physical security key

The post Your Android phone can now double as a security key appeared first on WeLiveSecurity

Some users of Microsoft’s web-based email services such as Outlook.com had their account information exposed in an incident that, as it later emerged, also impacted email contents

The post Microsoft reveals breach affecting webmail users appeared first on WeLiveSecurity

More than 50 universities in the United Kingdom had their cyber-defenses tested by ethical hackers, and the 'grades' aren’t pretty

The post Hackers crack university defenses in just two hours appeared first on WeLiveSecurity

ESET researchers publish their findings on a new malware variant that the OceanLotus group uses to target Mac users

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The new wireless security protocol contains multiple design flaws that hackers could exploit for attacks on Wi-Fi passwords

The post WPA3 flaws may let attackers steal Wi-Fi passwords appeared first on WeLiveSecurity

Streaming media feature among services that take the spotlight in a report on credential-stuffing attacks in 2018

The post Credential-stuffing attacks behind 30 billion login attempts in 2018 appeared first on WeLiveSecurity

Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users

The post OceanLotus: macOS malware update appeared first on WeLiveSecurity

Two app developers stored more than half a billion records about Facebook users on unsecured cloud servers

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The databases, sitting unprotected on cloud servers, contained reams of information amassed by two apps integrated with the social network

The post 540 million records on Facebook users exposed by third-party apps appeared first on WeLiveSecurity

How can smaller businesses address their cybersecurity risks without the resources of large organizations?

The post NIST cybersecurity resources for smaller businesses appeared first on WeLiveSecurity

Aren’t we just making it too easy for online followers to become real-life trackers with the amount of open data we are posting online?

The post Look who’s stalking appeared first on WeLiveSecurity

Bithumb believes that, unlike in past incidents, this theft was the work of rogue insiders

The post Cryptocurrency exchange loses millions in heist appeared first on WeLiveSecurity

World Backup Day reminds businesses that they need to have data backup and recovery plans in place should the unthinkable happen

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

World Backup Day is a reminder that organizations and individuals need to make data backup and protection a priority

The post World Backup Day: Is your data in safe hands? appeared first on WeLiveSecurity

After he was fired for poor performance, the ex-employee was back with a vengeance, literally

The post Man jailed for destroying former employer’s data appeared first on WeLiveSecurity

More trouble in dark markets? A notorious black-market bazaar announces plans to close up shop on the same day that police announce the arrests of 61 people

The post Global police arrest dozens of people in dark web sting appeared first on WeLiveSecurity

The electric automaker is working to release a fix for the underlying vulnerability in a matter of days

The post Two white hats hack a Tesla, get to keep it appeared first on WeLiveSecurity

APT group OceanLotus has been active with new memory corruption vulnerability. Google fined 1.7 billion US$ by the EU. Plus, pick your Android security app wisely, test shows

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The social network says that the passwords were never exposed externally and that it found no abuse of the glitch

The post Facebook exposed millions of user passwords to employees appeared first on WeLiveSecurity

Our penchant for plugging in random memory sticks isn’t the only trouble with our USB hygiene, a study shows

The post Most second-hand thumb drives contain data from past owners appeared first on WeLiveSecurity

More advice for detecting and avoiding sextortion scams

The post I Still Didn’t See What You Did appeared first on WeLiveSecurity

The third penalty that Europe has levied on the tech giant in less than two years brings the total to €8.25 billion

The post Google hit with €1.49 billion antitrust fine by EU appeared first on WeLiveSecurity

ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar

The post Fake or Fake: Keeping up with OceanLotus decoys appeared first on WeLiveSecurity

It’s prudent to get a security solution for your device, but a test by AV-Comparatives shows why you need to choose judiciously

The post You should pick your Android security app wisely, test shows appeared first on WeLiveSecurity

Cyberblackmail/sextortion again raises its not-so-pretty little head

The post I didn’t see what you did, redux appeared first on WeLiveSecurity

Asian game developers again targeted in supply-chain attacks distributing malware. Facebook suffer most severe outage ever. Plus, over 2 billion records exposed by email marketing firm

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Facebook owned Instagram and WhatsApp also affected by unexplained interruption

The post Facebook suffer most severe outage ever appeared first on WeLiveSecurity

The repository of email addresses and other records would offer a gold mine of data for scammers

The post Over 2 billion records exposed by email marketing firm appeared first on WeLiveSecurity

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software

The post Gaming industry still in the scope of attackers in Asia appeared first on WeLiveSecurity

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix

The post Flaws in smart car alarms exposed 3 million cars to hijack appeared first on WeLiveSecurity

A bright tomorrow of technical delight, or a dismal future of digital dysfunction?

The post RSA conference, USA 2019: Keynotes and key words appeared first on WeLiveSecurity

Protecting your privacy is no longer just an option but a legal requirement in many parts of the world

The post RSA 2019: Protecting your privacy in a NIST and GDPR world appeared first on WeLiveSecurity

The need for better balance on International Women's Day 2019. The Anti-Phishing Working Group offers a mixed bag of findings about the phishing landscape in 2018. Plus people should waste no time in updating Chrome to the browser's latest version.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Every year on March 8, we celebrate International Women's Day to honor the social, economic, cultural and political achievements of women. But we also acknowledge that there is still a long way to go before we’ve truly reached gender parity. This day gives us the opportunity to reflect on how we can achieve that balance. So it’s particularly fitting that the theme of this year’s International Women’s Day is “Balance for Better”

The post International Women’s Day 2019: How can we be better allies? appeared first on WeLiveSecurity

It now turns out that the vulnerability in the browser was being exploited in tandem with a zero-day in Windows

The post Latest Chrome update plugs a zero-day hole appeared first on WeLiveSecurity

Some things that businesses can do to get better at it without breaking the bank

The post RSA – IoT security meets SMB appeared first on WeLiveSecurity

The latest report from the Anti-Phishing Working Group offers a mixed bag of findings about the phishing landscape in 2018

The post Payment processors remain phishers’ favorites appeared first on WeLiveSecurity

A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016

The post Teen earns US$1 million in bug bounties appeared first on WeLiveSecurity

Coinhive cryptocurrency miner to call it a day. Google aims for password-free app and site logins on Android. Plus escalating DNS attacks have domain name steward worried.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The first virtual concert to take place inside a video game attracted interest not only from players but also from scammers, who tried to take advantage of the huge event by tricking users into buying tickets even though the concert was free

The post DJ Marshmello concert on Fortnite: An iconic event that also attracted scammers appeared first on WeLiveSecurity

The organization was the victim of a watering hole attack, likely attributable to the APT LuckyMouse group

The post ICAO victim of a major cyberattack in 2016 appeared first on WeLiveSecurity

The service became notorious for its use by ne’er-do-wells looking to make a quick buck by hijacking the processing power of victim machines to generate virtual money

The post Coinhive cryptocurrency miner to call it a day next week appeared first on WeLiveSecurity

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads

The post ‘Highly critical’ bug exposes unpatched Drupal sites to attacks appeared first on WeLiveSecurity

Following the revelation that a list containing millions of stolen usernames and passwords had appeared online, we tell you a few different ways to find out if your credentials were stolen in that—or any other—security breach

The post How to spot if your password was stolen in a security breach appeared first on WeLiveSecurity

With FIDO2 certification for Android, Google is setting the stage for password-less app and website sign-ins on a billion devices

The post Google aims for password-free app and site logins on Android appeared first on WeLiveSecurity

The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications

The post Escalating DNS attacks have domain name steward worried appeared first on WeLiveSecurity