Glitch existed since 2005, though Google claims improper access to anybody's password not proven
The US Commerce Department has temporarily relieved China's Huawei of its inclusion on the US federal Entity List, allowing the company to continue to operate with its business partners for 90 days.
Four university researchers teamed up with a security and privacy specialist at Google and contacted 27 hacker-for-hire services to hack Gmail accounts. Only five of them actually hacked the bogus accounts.
Blunder leaves confidential information left in the open at Indian outsourcer. As well as data on its own employees, HCL also accidently exposed records of customers.
An online POS skimmer used by one of the Magecart groups has been injecting an iframe that tracks the card details
The photo sharing site says it is enquiring about how the contact details of close to 50 million users were stored online in an unsecured database
News reports say Chinese hackers were able to infiltrate its networks in 2014, while the company claims that the attack took place two years later
Scams that offer the promise of getting rich quick though crypto-currency investments have tripled in the UK, swindling close to £28 million in the past twelve months, say the FCA and Action Fraud
A forum dedicated to hijacking and SIM cloning attacks has been hacked, exposing the details of nearly 113,000 forum users who now report being phished and fearful of lawenforcement follow up.
The recent mistaken exposure of the information of eight million people due to an open Elasticsearch database exposed the dangers of cloud storage security, & the importance of valuing PII data.
European Union members including the UK have launched a new regime that imposes EU sanctions on organised crime and state-sponsored cyber-attackers.
A coordinated international law enforcement operation in Europe and the US an has dismantled the GozNym cybercriminal network responsible for some €100 million of theft from its victims.
A slew of government websites in Russia are reported to provide easy access to the personal and passport details of nearly 2.3 million citizens, including government employees and high-ranking politicians.
Brussels report finds that €56 million of fines have been handed out since GDPR enacted while UK survey reports that people in the country say businesses aren't doing enough to protect their personal data.
Pro Publica was able to trace four payments sent in 2018 and 2017 from an online wallet belonging to Proven Data Recovery to a wallet maintained by Iranians believed to spread SamSam ransomware.
China responds to Huawei restrictions - tightens data privacy regulations & scrutiny of foreign firms
The Chinese government has tightened data privacy regulations, bringing cloud computing and the internet of things under the ambit of its existing "multilevel protection scheme" (MLPS), according to news reports.
Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between 23 April and 10 May.
Vast leap in attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomise SSL/TLS signatures in an attempt to evade detection attempts.
The Bluetooth device data harvester uses Windows Bluetooth APIs to find information on Bluetooth devices connected to the infected host; a binary infection scheme downloader uses steganography.
This week sees the first of SC's weekly news podcasts providing a catch up on the main stories in the cyber security sector over the past week. Presented by Tony Morbin, Editor in chief at SC Media UK, with thanks to our sponsor this week, Akamai.
McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cyber-criminal group Fxmsp claims to have stolen.
Facebook-owned messaging app urges approx 1.5bn users to update their apps after Israeli spyware exploits vulnerability. The exploit is particularly sophisticated as no user interaction is required.
Equifax estimates it has spent about US$1.4 billion (£1.1 billion) recovering from its 2017 data breach that exposed the personally identifiable information of 148 million customers.
Nigerian actors continue to launch their attacks against the breadth of all industry segments - the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year.
The dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group are explained in a new US government Malware Analysis Report (MAR).
Russian and English-speaking Fxmsp group hackers are trying to sell source code of anti-virus products obtained from a data breach of three US-based antivirus software vendors
A researcher has uncovered a massive SMS Bombing Operation in a passwordless database that exposed the sensitive information of millions of users.
A vulnerability in Microsoft's SharePoint that is being exploited in the wild, spotted by Canadiain and Saudi Arabian cyber security centres and, "It's likely multiple attackers are now using the exploit."
A rise in nation-state breaches, surpassing criminals, more social engineering attacks against C-level execs, hacks of cloud-based email servers, & compromises of payment card web apps notably up on last year.
More than 7,000 bitcoins have been stolen from crypto exchange in "large security breach"
Ponemon study finds increase in IoT-related data breaches specifically due to unsecured IoT devices accounting for 26 percent of incidents, up from 15 percent,
Researchers claim to have discovered an open Elasticsearch database containing five million records related to 1.5 million Freedom Mobile customers -- figures disputed by the telecommunications company.
NSA tools were in use by the Buckeye group well before Shadow Brokers leaked them, research claims
A spike in activity surrounding the relatively new ransomware MegaCortex was detected on 1 May hitting Europe and North America.
LightNeuron malware first to achieve persistence in Microsoft Exchange email servers allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code.
Israel Defence Forces launched an air strike last Saturday against a building that it says housed Hamas cyber-forces that had recently attempted a failed offensive operation against Israeli targets.
Malicious hackers have deleted code from Github, Bitbucket, and GitLab repos and demanded a bitcoin ransom for safe return - although no ransom payments appear to have been made by victims...
Fans promised either a download or a full viewing of the film. Streaming begins without incident but then users are prompted to create an account to continue watching.
Europol has taken down both the Wall Street Market,considered the second largest illegal online market on the dark web, and Silkkitie, aka The Valhalla Marketplace.
If the UK leads the world in cybersecurity, why does it need someone to crow about it? Brexit, perchance?
Criminals stole data from third-party servers.
Chinese hardware has many security issues
Cryptominer uses new malware loader to evade detection
Victims sent around in circles
Company claims that no images were compromised
Hackers are fully automated when it comes to the buying and selling of your details
New research finds people at risk from becoming cybercrime victims through used hard drives.
Businesses become more of a focus for criminals, latest report finds
Medical details of around 150,000 rehab patients in the open
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout