In a repeat of the attacks against British Airways and Ticketmaster, it appear that online retailer Newegg.com has been hit by the credit card harvesting gang known as Magecart.
Human rights organisation says spyware found in countries with dubious human rights records. Pegasus Spyware may have been used outside of the ethical guidelines of its vendor, according to a new report.
In a research study, 'Closing the IT Security Gap with Automation & AI in the Era of IoT', HPE Aruba and the Ponemon Institute concludes that AI-based security automation tools are needed to halt advanced attacks that originate from IoT devices in the workplace.
Facebook Monday announced it is expanding its bug bounty program to include vulnerabilities related to access token exposure.
There's an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices.
Federal authorities seized millions dollars' worth of cryptocurrency, luxury property, and exotic cars including a Lamborghini Aventador and a £60,665 Mini Cooper from a deceased Dark Web Kingpin.
Apple yesterday released software updates for five of its offerings: Safari, ioS, watchOS, tvOS and Apple Support for iOS.
An independent cyber-security researcher has come up with a short CSS that can force Apple iOS devices to do a full restart.
Europol's fifth annual Internet Organised Crime Threat Assessment paints a pessimistic picture of the state of the fight against cyber-crime.
An attack 'similar to' ransomware forced airport staff to take key information screens offline at Bristol Airport, and four days later full service has not yet been resumed.
A threat actor has been targeting Windows and Linux servers with a self-propagating malware mash-up that's comprised of botnet, ransomware, disk wiper, cryptomining and worm elements all in one.
Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution.
Altaba, the company created in the wake of Verizon's purchase of Yahoo, reported in an SEC filing it has reached an agreement to settle three class action suits stemming from massive data breaches for US$ 47 million (£35.8 million).
Online mega-retailer Amazon reportedly has launched an investigation into employees who may have accepted bribes from independent merchants in exchange for sharing private corporate data.
Security researchers have found flaws in most computers that would enable hackers to steal sensitive data and encryption keys.
Dutch and Swiss authorities identified and arrested two Russian agents who were planning to hack into a Swiss lab analysing samples of Novichok from Salisbury and sarin gas from Syria.
A cyber-criminal group specialising in tech support scams has been employing an array of traffic distribution techniques, including malvertising, in order to reroute online users to browser locker pages.
Several US Senators queried Secretary of State Mike Pompeo in a letter earlier this week on why mandated cyber-security reforms, including the implementation of multifactor authentication (MFA), had not been implemented.
North Korean officials have denounced and denied a US indictment that accuses one of its citizens of helping carry out the 2017 WannaCry global ransomware attack.
Nearly one-third of surveyed companies that experienced a data breach in the previous 12 months said the incident cost certain employees their jobs.
In an effort to train up the US workforce and close the cyber-skills gap, a bipartisan group of lawmakers Thursday unveiled the Cyber Ready Workforce Act.
Police in Germany and Sweden, supported by Europol and Frontex, have arrested two suspects and searched multiple properties in a joint credit card fraud investigation.
Students and staff could be responsible for attacks on the infrastructure of universities and colleges, according to claims made by Jisc, the UK provider of IT services to the UK's education sector.
Threat actors such as the Cobalt Group and other APT gangs are using lightweight modular downloaders to scout and "fingerprint" target machines before launching their malware.
The now-shuttered XvBMC and Bubbles third-party add-on repositories, along with the still operating Gaia, have been hosting more than just software products.
The US Department of Justice has been busy on the cyber-crime front the past few days, accepting a guilty plea from a Russian national, extraditing a second in a separate case, and sentencing a Latvian citizen for a third hacking scheme.
The Cobalt Gang cybercrime group has launched a new round of phishing campaigns targeting primarily Russian and Romanian banking customers with CobInt, a recently discovered malicious backdoor and downloader.
There is a seasonal pattern to malware attacks which is particularly clear from analysing the behaviour of the Ramnit banking Trojan, according to researchers at Check Point.
Apple's Safari and Microsoft's Edge browser users are vulnerable to a bug that would allow attackers to spoof website addresses.
The Swiss-based data company Veeam exposed more than 445 million records when it used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access.
Google yesterday updated the its browser for Windows, Mac and Linux machines, fixing two vulnerabilities, including one considered high in severity.
Cyber-criminals exploited the MEGA Chrome extension to steal cryptocurrency and user credentials affecting 1.6 million users.
The National Cyber Security Centre initiated the request that led to the company that hosted BAways.com blocking the site, but the hosting company still has not been contacted by British police, the company told SC Magazine UK.
BlackBerry is not dead, it just moved from the physical to the digital world where it aims to utilise the mobile, security and privacy expertise gained from phones to secure the world of connected Things.
Adobe's September Patch Tuesday offering included a security update fixing an important rated update to Flash Player, along with a total of nine fixes for Cold Fusion, six of which were rated critical.
A data breach at Cork City Park by Phone service in Ireland has affected more than 5,000 people.
Rarely does the future of the internet end up in court, but that's no exaggeration today at Europe's highest court.
Apple has more rotten apps in its App Store than many people may realise and the company is not always quick to act in removing titles that have been proven malicious, according to two new reports.
Researchers for the first time have discovered a variant of the Mirai Internet of Things botnet that targets a vulnerability found in unpatched versions of the open-source Apache Struts web app development platform.
Trend Micro researchers spotted a ransomware imitating Locky being spread via spam emails targeting European countries particularly France.
The malicious cyber-group LuckyMouse has scurried out of its hole spreading a previously unknown trojan that is particularly dangerous as it uses a legitimate digital certificate developed by a cyber-security company.
Threat group Magecart, known as a web-based card skimmer, has been identified byRisk IQ as the British Airways hacker, using digital skimming code injected into payment forms to steal confidential data.
An analysis of the British Airways payment page shows that the site is loading files from seven external domains that have little or nothing to do with payment processing, according to a security expert
Two Trend Micro apps have been removed from the Apple app store in the past few days after allegations surfaced that they were exfiltrating user data
Security researchers have discovered a new mobile malware campaign targeting Iranian citizens as well as evidence that the Iranian government might be behind the operation.
Attackers are leveraging a newly discovered exploit kit in an international malvertising campaign that's been observed delivering GandCrab ransomware and the SmokeLoader malicious downloader.
Cyber-security researchers have developed a decryption tool to unlock machines infected by Ransom Warrior ransomware.
A RiskIQ researcher is catching some flak on social media for showing how some people using the dark web are misconfiguring their Tor servers enabling them to be identified.
Two OpenVPN-based virtual private network clients have reportedly updated their software after a researcher discovered that a previous attempt to patch an arbitrary code execution vulnerability was not entirely effective.
Trend Micro researchers believe the data involved in the Huazhu Hotels Group breach has already appeared for sale on the Dark Web.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense