The large collection of files on the MEGA cloud service that exposed nearly 773 million unique emails and 21 million unique passwords and was posted on a hacking forum, came from a number of breaches and sources.
A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players' accounts, prompting developer Epic Games to fix the issues before a major incident transpired.
The World Economic Forum has identified cyber as one of the top risks to stability in the world in its Global Risks Report 2019 published this morning.
A recently discovered vulnerability in the Amadeus online reservation system made it possible to access and change reservations with just a booking number.
After experiencing several allegations of shady ties to the Russian government, in a twist of events it turns out that Kaspersky Lab may have assisted the National Security Agency (NSA) in capturing an alleged data thief.
Some Reddit users discovered they were locked out of their own accounts earlier this week after an apparent credential stuffing attack compelled the popular website to invoke password security measures.
"Every customer that we see is going through some form of digital transformation (so we are talking about) ... how security plays into that, and what some of the challenges are in managing digital risk."
The data on about 285 Singapore Airlines' Krisflyer frequent flyer program members was exposed after a software glitch following a website update allowed frequent flyers see the data of others.
Marriott International may have bumped down the number of records affected by a breach of its Starwood division to 383 million, but the hotel chain admitted that five million passport numbers stolen in the incident by an unknown hacker were unencrypted.
GDPR has opened up corporate and public minds to the importance of data privacy, but even with punitive fines looming, many organisations failed to prepare, and as infractions work their way through the system, there are more serious consequences to come.
While 2018 was a big year in the EU for data protection and cyber-security legislation, legislators in the US were also busy with new laws to protect the citizenry.
District of Columbia Attorney General Karl Racine yesterday filed a civil lawsuit against Facebook, claiming the social media giant's failure to properly safeguard its users' data constitutes a violation of the district's Consumer Protection Procedures Act (CCPA).
Turning on a "smart" light bulb may be the latest way people inadvertently flood the internet with their personal information.
Firm forced to update Options app after Google researcher Tavis Ormandy reports flaw that would allow any website to connect and inject keystrokes.
Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.
Session-hijacking side-channel attacks can risk exposing users messages in full, researchers at Cisco Talos Intelligence Group have found.
More than 120 million unique identification numbers issued by the Brazilian Federal Reserve to Brazilian citizens and tied to tax-paying resident aliens, spent months earlier this year publicly exposed on the internet.
Over the last year and a half, attackers compromised more than 40,000 credentials for various global government websites and portals, using a combination of spyware tools and phishing tactics.
After its breach, which compromised the personal data of 500 million customers, Marriott has agreed to pay for new passports if it has found that "fraud has taken place."
Citrix forced its users to reset their passwords after cyber-criminals began carrying out credential stuffing attacks against ShareFile accounts.
Sometimes a basic data breach is just the first step in a larger campaign.
New data privacy regulations, increased conversations around data security, and personal experiences of privacy issues have made UK consumers more wary about company data security practices.
Two law firms have filed class-action suits against Marriott on behalf of the 500 million customers impacted by the hotel chain's data breach, with one asking for US$ 12.5 billion (£9.8 billion) in restitution.
In a bid to simulate the development of new cyber-security solutions that could be used to secure the country's infrastructure, Estonian Ministry of Defence is supporting the launch of a start-up accelerator, CyberNorth.
Marriott's massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cyber-security needs to play when a firm is in acquisition mode.
As ElasticSearch based leaks become the latest source of massive data exposures, Sky Brasil, one of the biggest subscription television services in Brazil, is the latest to leave its customers exposed after not securing the server with a password.
A data breach of London-based startup Urban Massage exposed the personal records of more than 309,000 users including data on clients accused of sexual misconduct.
Atrium Health has reported a massive data breach exposing the PII of more than 2.6 million clients after someone gained access to a database belonging to a third-party vendor.
Error-correcting code (ECC) memory are vulnerable to Rowhammer attacks, according to security researchers.
WikiLeaks and former Trump campaign manager Paul Manafort denied reports that Manafort met with the site's founder Julian Assange several times after he sought asylum at the Ecuadorian Embassy in London.
Nintendo is struggling to contain leaks surround the release of Smash Bros. Ultimate after reports of the game being sold early in Mexico and pirated copies being released online being trawled by data miners for hidden info.
Ride-sharing tech company Uber hit with near-maximum Data Protection Act fine over cyber attack.
The Australian human resources software firm PageUp has stated that cyber-criminals installed exfiltration malware in the company's system during a breach earlier this year, but concluded that no information was removed.
VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorised guests to execute code on the host.
Reconciling freedom AND Security was the theme of this year's data protection conference organised by the Europol Data Protection Experts Network (EDEN) and the Academy of European Law (ERA).
Gaping hole in German electronic ID system allows duplicate HTTP parameters to be used to create side channel to access arbitrary records.
An Adult furry erotica site High Tail Hall suffered a data breach exposing the information of 411,755 fury fans.
Security researchers have discovered a flaw in Skype for Business that enables hackers to launch a DoS attack against the platform by sending large numbers of emojis on the instant messaging client.
A security flaw in Instagram's recently released "Download Your Data" tool could have exposed some user passwords, the company reportedly told users.
tRat malware has raised its ugly head again, being distributed through a new, more sophisticated email campaign, researchers say.
Researchers at Synopsys Software Integrity Research Center are recommending those using the D-Link DIR-850L wireless router immediately update its firmware to patch a vulnerability that could allow an unauthorised person to join the network.
While bots are a common tool of cyber-criminals for carrying out DDoS attacks and mining cryptocurrencies, a recent report found they may also be indirectly increasing the price of your airline tickets.
Dutch researcher Willem De Groot uncovered payment card malware operating embedded in the InfoWars online store.
Security experts have pointed out that British Airways' failure to monitor the output from its servers allowed hackers to maintain malicious code on its payment pages for two weeks.
Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users.
A recent study found customers would cease engaging with a brand after it experienced a breach and that overall, most respondents were unwilling to pay extra for the protection of their personal data.
Kaspersky Lab describes 8 most interesting issues from its recent event, covering criminals' data use; APT attribution; skills gap; ICS water attack; brain implant hack; false memories; lethal AI & data privacy.
A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users' contact information.
Check Point Researchers developed an attack to hijack DJI drone user accounts that may contain the user's sensitive information as well as access to the device itself.
Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial.
Weds 21st Nov, 3pm
A practical risk-based approach to implementing GDPR and building a security-aware culture in your organisation.
Brought to you in partnership with Metacompliance
Mon 19th Nov
Brought to you in partnership with Mimecast