Flashpoint researchers discovered a Russian speaking underground market place named "Magbo" selling access to approximately 3,000 breached sites for as little as 50 cents.
The first-ever GDPR enforcement notice served by the Information Commissioner's Office - against the Canadian data analytics company AIQ - lay unnoticed in an obscure report despite being issued in July, according to a data protection specialist.
Equifax Ltd is fined £500,000 by the ICO for the 2017 breach of its parent company, but the fine could have been far higher, the ICO has said.
Microsoft has issued a patch for a buffer overflow vulnerability that would enable an attacker to crash Excel in operating system ranging from Windows 7 to Windows 10.
Human rights organisation says spyware found in countries with dubious human rights records, report claims.
Online mega-retailer Amazon reportedly has launched an investigation into employees who may have accepted bribes from independent merchants in exchange for sharing private corporate data.
Security researchers have found flaws in most computers that would enable hackers to steal sensitive data and encryption keys.
Nearly one-third of surveyed companies that experienced a data breach in the previous 12 months said the incident cost certain employees their jobs.
Students and staff could be responsible for attacks on the infrastructure of universities and colleges, according to claims made by Jisc, the UK provider of IT services to the UK's education sector.
Apple's Safari and Microsoft's Edge browser users are vulnerable to a bug that would allow attackers to spoof website addresses.
The Swiss-based data company Veeam exposed more than 445 million records when it used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access.
Cyber-criminals exploited the MEGA Chrome extension to steal cryptocurrency and user credentials affecting 1.6 million users.
Apple has more rotten apps in its App Store than many people may realise and the company is not always quick to act in removing titles that have been proven malicious, according to two new reports.
Two Trend Micro apps have been removed from the Apple app store in the past few days after allegations surfaced that they were exfiltrating user data
A RiskIQ researcher is catching some flak on social media for showing how some people using the dark web are misconfiguring their Tor servers enabling them to be identified.
Trend Micro researchers believe the data involved in the Huazhu Hotels Group breach has already appeared for sale on the Dark Web.
A shareholder in UK-based Nielsen has launched a class action lawsuit in the US alleging the company misled investors by claiming to be prepared for GDPR, a case which is potentially worrying for many other companies.
A security researcher has created a proof of concept that reveals how a Python module installation file can execute malicious code with root privileges while remaining totally off the radar.
Open .git directories are a bigger cyber-security problem than many might imagine, at least according to a Czech security researcher who discovered almost 400,000 web pages with an open .git directory.
For the second time in three years parental control application mSpy experienced a breach of sensitive records.
Google has released a new Chrome for Android update offering improved performance, user experience and security.
Justin Welby, the archbishop of Canterbury, has backed calls for a new regulator to control technology firms and their collection and use of personal data.
A breach at China's largest hotel operator Huazhu Hotels Group impacted more than a half-billion pieces of customer data.
The number of incidents being reported to the Information Commissioner's Office (ICO) has increased by 75 percent over the last two years, ostensibly due to companies getting their house in order for GDPR.
Smart bulbs could be used by hackers to steal data from people and organisations.
Nightwatch Cybersecurity researchers identified a sensitive data exposure via a WiFi broadcast vulnerability in Android OS.
Spanish bank DDoS'd reaction; 100 days on from GDPR...And 500 for the end of Windows 7; Chinese hackers target Japan & west; Fiserv online banking flaw fixed; CEOs most impersonated
New forms of algorithm can rewrite bits of their own code, making their inner workings unknowable to their human creators, hence new controls need to be created now, before mass-deployment of 'genetic AI.'
Revising its privacy policies, encrypted messaging service Telegram this week announced on its website that moving forward it will cooperate with terror investigations.
BAE Systems' cyber-security arm has named the first members of The Intelligence Network, an industry forum and lobbying group.
Researchers have discovered a point-of-sale malware program, RtPOS, that saves payment card data locally but does not exfiltrate it to a command-and-control server, perhaps so its activity is less likely to be detected as anomalous.
Telecom giant T-Mobile has experienced what it describes as an "unauthorised access to certain information," resulting in the potential exposure of customers' personal information.
Facebook bans MyPersonality app, notifies 4 million users affected, follows purging of suspect accounts
After the creators of the myPersonality app refused to be audited, the Facebook banned the app in a purge that saw 400 additional apps suspended; earlier this week 652 'inauthentic' accounts purged
Of 10,644 vulnerabilities reported in the first half of 2018, 3,279 of them (30.8 percent) did not make it into the official CVE or NVD systems, yet 44 percent were of high or critical risk.
Organisations globally, whether small, medium or large, will lose over 146 billion records between 2018 and 2023 as a result of static cyber-security spending and slow adoption of AI and predictive analytics,
A new speculative execution vulnerability in modern x86 microprocessors from Intel allows a malicious attacker to gain access to data stored in the L1 data cache of such microprocessors.
Hundreds of Instagram users have reported that their accounts were hacked this month with some indicators that Russian attackers may be behind the attacks.
Check Point researchers discovered a new attack surface for Android applications that leverages external storage, dubbed Man-in-the-Disk attacks.
Novel approaches to predictive cyber-security to counter cyber-threats in defence and security are being sought by the Defence and Security Accelerator (DASA).
Security researcher Ryan Stevenson spotted a vulnerability in Comcast Xfinity's in-home authentication system, which exposed the partial home addresses and partial Social Security numbers of 26.5 million customers.
Some 75 percent of IT decision makers questioned reckon that Artificial Intelligence is a silver bullet when it comes to dealing with the challenges of cyber-security.
IBM researchers at Black Hat USA 2018 announced their development of DeepLocker, described as a highly targeted and evasive attack tool powered by AI.
The Mozilla Foundation has released the latest version of its Thunderbird email client, fixing 14 security vulnerabilities, including five critical ones, three of which can result in a potentially exploitable crash.
An error involving in a Salesforce marketing cloud API could have allowed third parties to access data or for data to be corrupted.
Security researchers have uncovered a large-scale router compromise that has seen thousands of routers infected with malware based around the CoinHive browser miner.
MyHeritage, 23andMe, genetic testing firms join forces with FPF to develop guidance to protect DNA data
After data breaches at MyHeritage and Ancestry.com ratcheted up concerns that "data" collected by genetic testing companies could be at risk for exposure or, worse, exploitation, the companies have joined forces.
Fraudsters are turning to legitimate services used by call centre organisations to dynamically insert phone numbers into their scam web pages and potentially give them additional features to make their scams more successful.
A hacker who compromised the accounts of a few Reddit employees who are with the company's cloud and source code hosting providers penetrated some of its systems and accessed user data.
A server containing a database holding customer information pertaining to various UK-based online fashion retailers was discovered to be insecure after it was breached by a white-hat hacker on 9 July.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense