News

Every app installed on your smartphone with permission to access location service "can" continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the history of your precise location. If you

A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying

Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens... thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password. In a report shared with The Hacker News, Bob Diachenko disclosed that two days ago he found a 4.1 GB-sized

Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the

Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately. Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that

How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture.

Why would someone bother to hack a so-called "ultra-secure encrypted database that is being protected behind 13 feet high and 5 feet thick walls," when one can simply fetch a copy of the same data from other sources. French security researcher Baptiste Robert, who goes by the pseudonym "Elliot Alderson" on Twitter, with the help of an Indian researcher, who wants to remain anonymous,

Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for numerous bugs, along with many updated software, like Metasploit, theHarvester, DBeaver, and more.

It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many torrent sites, has now been banned from several torrent sites after he was repeatedly found

It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction. A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into

All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data breaches that were reported to the public, but in reality, more than half of all data breaches

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if you, like most Internet users, are also relying on above basic security practices to spot if that

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web. Last week, The Hacker News received an email from a Pakistani hacker who claims to have hacked dozens of popular websites (listed below) and selling their stolen databases online. <!

The United States Department of Justice has announced espionage charges against a former US Air Force intelligence officer with the highest level of top-secret clearance for providing the Iranian government classified defense information after she defected to Iran in 2013. Monica Elfriede Witt, 39, was a former U.S. Air Force Intelligence Specialist and Special Agent of the Air Force Office

Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost all data and backup files for its users after unknown hackers destroyed its entire U.S.

Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification. In other words, the technique allows attackers to implant malware code in a secure memory that uses protection features of SGX which are otherwise

Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps,

A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app. Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave,

Welcome back! Adobe has today released its monthly security updates to address a total of 75 security vulnerabilities across its various products, 71 of which resides in Adobe Acrobat and Reader alone. February 2019 patch Tuesday updates address several critical and important vulnerabilities in Adobe Acrobat Reader DC, Adobe Coldfusion, Creative Cloud Desktop Application, and Adobe Flash

Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. If you are an electric scooter rider, you should be concerned about yourself. In a report shared with The Hacker News in advance, researchers from mobile security firm Zimperium said

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and

A malicious Windows EXE file can even infect your Mac computer as well. Yes, you heard me right — a .exe malware on macOS. Security researchers at antivirus firm Trend Micro have discovered a novel way hackers are using in the wild to bypass Apple's macOS security protection and infect Mac computers by deploying malicious EXE files that normally run only on Windows computers. Researchers

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a "Clipper," masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging

In wake of the growing incidences of targeted cyber-attacks on enterprises using Cryptojacking, due to its ease of deployment and instant return on investments; it rather comes as a surprise that malware authors are still counting on Ransomware for targeting consumers and home users. Yes, you heard it right! According…

Emotet Known for constantly changing its payload and infection vectors like spam mail, Malicious Doc and even Malicious JS files. It compromised a very high number of websites on the internet. Emotet malware campaign has existed since 2014. It comes frequently in intervals with different techniques and variants to deliver malware…

Valentine Day is that special time of the year when people are busy celebrating the essence of love. However, on the darker side, it is also a time when cyber criminals are looking to cash on your hunt for the love of your life. So, just in case you are…

Quick Heal Security Lab has spotted 28 Fake Apps with over 48,000+ (all together) installations on Google Play Store. Google play has removed a total of 28 fake apps from the Play Store after reports by Quick Heal Security Lab. The apps do not have any legitimate functionality related to…

For any business big or small, business data is an asset that they cannot afford to compromise at any cost. With a huge amount of data, from employee details to the credit card details of customers, stored in the form of vulnerable electronic records, the loss of even a single…

While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean,…

Ransomware has become one of the most dangerous cyber-attack methods because of the different techniques it uses to encrypt the files and evade the detection of security software to earn money. Also, at a time, it’s not limited to encrypting user’s files but also deletes the files and formats the…

Recently we saw a new campaign through spam mail attachment- zip file. It contains JavaScript file which delivers a bundle of GandCrab Ransomware, Monero miner and Spammer. This bundle of multiple malware variants is nothing new, it is common for ransomware to be paired with miner and spammer. This type…

Malspam email or malicious spam emails are considered to be one of the favorite malware delivery channels for the attackers to deliver the malware to targeted victims. Attackers also run spam email campaigns to distribute their malware to a large number of users. For attackers to succeed, two things are…

Drones Unmanned Aircraft System (UAS)/ Remotely Piloted Aircraft System (RPAS) commonly known as drones/ UAV are unmanned aerial vehicle without a human pilot aboard. The potential of drones is starting to be realized and it is making a big impact. They can take on complex tasks and reduce costs minimizing…

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

It was another travel week so another slightly delayed weekly update, but still plenty of stuff going on all the same. Along with a private Sydney workshop earlier on, I'm talking about some free upcoming NDC meetup events in Brisbane and Melbourne and I'd love to get a great turnout

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That's why I'm a day late this week having finally arrived

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

I'm back home! It was an amazing trip in many ways, not least of which was the time it gave both Scott and myself to reflect on workload and managing lives which can be a bit of a never-ending series of commitments. To that effect, I've been backing off Twitter

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

I'm pumping this weekly update out a little bit later, pushing it just before I get on the plane back home to Australia. I've just wrapped up a week in London with Scott doing all things NDC including a couple of days of workshops and a couple of talks each.

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

So it's been a bit of a crazy week. I got onto the plane in Australia on Thursday evening just as Europe was waking up to the news of the 773M email address credential stuffing list I loaded into HIBP. And then the flood began; blog comments, emails, tweets -

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane...

Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Well, it's one more sunny weekly update then snow time again so I've gone particularly beachy today. I'm also particularly breachy, talking about a massive combo list I'm presently pondering for inclusion in HIBP. These lists are frequently used for account takeover attacks against the likes of Spotify which is

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Time and time again, I get emails and DMs from people that effectively boil down to this:

Hey, that paste that just appeared in Have I Been Pwned is from Spotify, looks like they've had a data breach

Many years ago, I introduced the concept of pastes to HIBP and

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

I started doing these retrospectives 3 years ago in my first year of independence. I reckon they're a good thing for everyone to do if not in written form then at least mentally to look back on your achievements of the year. They're a great way of reflecting on success

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Patience.
Frugality.
Sacrifice.
When you boil it down, what do those three things have in common? Those are choices.
Money is not peace of mind.
Money’s not happiness.
Money is, at its essence, that measure of a man’s choices.

This is part of the opening monologue of the

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

And that's it for Canada. I recorded this Saturday morning local before heading out for last runs with the family. It's been fun but as I just tweeted sitting here in the airport:

That’s it for Canada! It’s been fun, but it’s time for sunshine again 🇨🇦 ✈️ 🇦🇺 pic.

A new report shines some light on multiple aspects of the growing threat of cyber-extortion

The post Cyber-extortionists take aim at lucrative targets appeared first on WeLiveSecurity

Head of the AI/ML Team at ESET, Juraj Jánošík, looks at machine learning and cybersecurity and considers whether it is a step toward a safer world or a step closer to the brink of chaos

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

As the use of this technology grows so does the risk that attackers may hijack it

The post ML-era in cybersecurity: A step toward a safer world or the brink of chaos? appeared first on WeLiveSecurity

And that’s on top of the heartache experienced by the tens of thousands of people who fall for romance scams each year

The post How costly are sweetheart swindles? appeared first on WeLiveSecurity

Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities

The post Siegeware: When criminals take over your smart building appeared first on WeLiveSecurity

Anybody with hacking prowess can take a crack at reading votes or even rigging the vote count itself

The post Switzerland offers cash for finding security holes in its e-voting system appeared first on WeLiveSecurity

Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it?

The post Criminal hacking hits Managed Service Providers: Reasons and responses appeared first on WeLiveSecurity

Apps downloaded from Google Play were eight times less likely to compromise a device than apps from other sources

The post Google – “Here’s how we cracked down on bad apps last year” appeared first on WeLiveSecurity

A closer look at the damage caused by smoke particles and some steps you can take to aid recovery

The post Smoke damage and hard drives appeared first on WeLiveSecurity

Bank of Valetta, which went dark for a day after the fraudulent transfers of €13 million, is now looking to get the money back

The post Malta’s leading bank resumes operations after cyberheist-induced shutdown appeared first on WeLiveSecurity

ESET malware researcher Lukáš Štefanko sits down with us to discuss Android banking malware, the topic of his latest white paper. An attack on an email provider wipes out almost two decades' worth of data. Plus an interesting article from Jake Moore on the possible dangers that may come from providing your name at your local coffee shop.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper

The post Navigating the murky waters of Android banking malware appeared first on WeLiveSecurity

Instead of financial gain or other, more usual, goals, the attacker leaves ‘scorched digital earth’ behind

The post Attack at email provider wipes out almost two decades’ worth of data appeared first on WeLiveSecurity

Roses are red, violets are blue, watch out for these scams or it may happen to you

The post When love becomes a nightmare: Online dating scams appeared first on WeLiveSecurity

Innocently providing your name at your local coffee shop is just an example of how easy it can be for miscreants to cut through the ‘privacy’ of social media accounts

The post Why you should choose a pseudonym at Starbucks appeared first on WeLiveSecurity

The decision to award the bug has been welcomed but one security researcher has said that they need to do more to compensate those who find bugs

The post Apple to pay teenager who uncovered FaceTime bug appeared first on WeLiveSecurity

ESET researchers publish their latest findings on a modular Trojan called DanaBot and on a cryptocurrency stealer that takes the form of clipper malware on Google Play.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores

The post First clipper malware discovered on Google Play appeared first on WeLiveSecurity

ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs

The post DanaBot updated with new C&C communication appeared first on WeLiveSecurity

The new tool aims to help in an age when billions of login credentials are floating around the internet

The post Google rolls out Chrome extension to warn you about compromised logins appeared first on WeLiveSecurity

The watch has been found to expose its wearers to a high level of risk of being contacted and monitored by attackers

The post European Commission orders recall of children’s smartwatch over privacy concerns appeared first on WeLiveSecurity

Citing an ongoing investigation, the company wouldn’t say how or when the incident occurred

The post Houzz discloses data breach, asks some users to reset passwords appeared first on WeLiveSecurity

The recently discovered tranches of stolen login credentials freely floating around the internet total 2.2 billion records

The post Four new caches of stolen logins put Collection #1 in the shade appeared first on WeLiveSecurity

ESET researchers have spotted a large wave of ransomware-spreading spam targeting Russian users. Researchers at ESET have also detected a substantial new wave of the “Love you” malspam campaign, updated to target Japan and spread GandCrab 5.1. Plus FaceTime bug bites Apple

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Smart devices were targeted by more than one-half of cyberattacks detected in the country in 2017

The post Japan to probe citizens’ IoT devices in the name of security appeared first on WeLiveSecurity

A closer look at cybercrime as a service on the dark web

The post Cybercrime black markets: Dark web services and their prices appeared first on WeLiveSecurity

First closing in on operators, now on users, as the hunt continues and law enforcement in many countries is about to swoop down on people who bought DDoS attacks on WebStresser

The post ‘We’re coming for you’, global police warn DDoS attack buyers appeared first on WeLiveSecurity

ESET researchers have detected a substantial new wave of the “Love you” malspam campaign, updated to target Japan and spread GandCrab 5.1

The post “Love you” malspam gets a makeover for massive Japan-targeted campaign appeared first on WeLiveSecurity

The company is rushing to fix a glitch that may let other iPhone users hear and see you – before you answer the call

The post Apple takes Group FaceTime offline after discovery of spying bug appeared first on WeLiveSecurity

Even so, the database has grown to seven million voiceprints amid a controversy that puts the spotlight on the privacy implications of the collection of biometric information

The post Hear me out! Thousands tell UK taxman to wipe their voice IDs appeared first on WeLiveSecurity

Among the increased number of malicious JavaScript email attachments observed in January 2019, ESET researchers have spotted a large wave of ransomware-spreading spam targeting Russian users

The post Russia hit by new wave of ransomware spam appeared first on WeLiveSecurity

Eight months after the landmark rules came into effect, data released by the European Commission provides a glimpse into the law’s application

The post Suspected GDPR violations prompt over 95,000 complaints appeared first on WeLiveSecurity

Google fined €50 million for violating EU data privacy rules. Twitter bug may have exposed private tweets of Android users for years. Plus some interesting results from the USA following a recent ESET survey.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Study shows the majority of Americans fear the misuse of their personal data supplied to websites, and view cybercrime as a threat to their country

The post Cybersecurity Barometer: Cybercrime’s impact on privacy and security appeared first on WeLiveSecurity

Everybody loves quizzes. So why not take this one and hone your phish-spotting prowess?

The post Can you spot the phish? Take Google’s test appeared first on WeLiveSecurity

The plugin’s users are recommended to change their passwords on WPML’s website following havoc reportedly wrought by a disgruntled ex-employee

The post Former employee blamed for hack of WordPress plugin maker appeared first on WeLiveSecurity

France’s data protection watchdog issues the first major penalty under the EU’s new privacy regime

The post Google fined €50 million for violating EU data privacy rules appeared first on WeLiveSecurity

A strong password is a great start, but there are more ways to make sure that your email is as secure as possible

The post Email security does not end with your password appeared first on WeLiveSecurity

If you use Twitter for Android and want your tweets to be private, you may want to play safe and review your settings

The post Twitter bug may have exposed private tweets of Android users for years appeared first on WeLiveSecurity

The hacking duo is believed to have exploited a software flaw and compromised several SEC workstations with malware in order to take early peeks at financial disclosures

The post Two men charged with hacking into SEC in stock-trading scheme appeared first on WeLiveSecurity

773 million email IDs, 21 million passwords exposed for anyone to see in massive data dump. A car and almost $1m on offer for Tesla Model 3 hacks. Plus some resolutions for 2019 with tips for securing your router

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The vast dossier of login details appears to have been gathered from data stolen in many breaches

The post 773 million email IDs, 21 million passwords for anyone to see in massive data dump appeared first on WeLiveSecurity

As another thing to improve this year, you may want to route your focus on a device that is the nerve center of your network and, if poorly secured, the epicenter of much potential trouble

The post New Year’s resolutions: Routing done right appeared first on WeLiveSecurity

The electric car maker is raising the ante in automotive security, putting one of its swanky models as a target at a hacking contest

The post Car and almost $1m on offer for Tesla Model 3 hacks appeared first on WeLiveSecurity

Forget balaclavas or hoodies; these cybercriminals are hiding in plain sight

The post What makes a cybercriminal? appeared first on WeLiveSecurity

In our final report from CES we take a look at smart city initiatives

The post CES: Smart cities and the challenge of securing the neighborhood appeared first on WeLiveSecurity

Automotive security for cars. Do you know who your connected home is talking to? Plus some resolutions for 2019 with tips for passwords

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

No 3D-printed heads or realistic masks were needed to trick even a handful of high-end handset models into unlocking their screens

The post Face unlock on many Android smartphones falls for a photo appeared first on WeLiveSecurity

There’s a digital treasure trove to be had in your home so you should take steps to protect it

The post CES IoT security – do you know who your home is talking to? appeared first on WeLiveSecurity

What's in store for automotive security once cars morph into mobile living rooms and working spaces? And how about transportation at large?

The post CES – singularity and securing the car appeared first on WeLiveSecurity