Cyber-criminals are increasingly using legitimate programming tools and their default libraries to evade malware detection.
Flashpoint researchers discovered a Russian speaking underground market place named "Magbo" selling access to approximately 3,000 breached sites for as little as 50 cents.
Three young men who developed and deployed the original Mirai IoT botnet malware were sentenced on Tuesday in an Alaskan federal court to five years probation - a lenient punishment earned through extensive cooperation with the FBI.
Another Japanese cryptocurrency exchange was hit as thieves made off with roughly US$ 60 million (£45 million) worth of Bitcoin, Monacoin and Bitcoin Cash.
Equifax Ltd is fined £500,000 by the ICO for the 2017 breach of its parent company, but the fine could have been far higher, the ICO has said.
Microsoft has issued a patch for a buffer overflow vulnerability that would enable an attacker to crash Excel in operating system ranging from Windows 7 to Windows 10.
Detections of cryptomining malware has increased by 459 percent since last year, according to a new report released today by the Cyber Threat Alliance (CTA), citing statistics collected from several of its member companies.
Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and MacOS to address several critical and important vulnerabilities that could lead to arbitrary code execution.
Two weeks after it passed the US House of Representatives, a bill that would codify and modernise the DHS Continuous Diagnostics Mitigation (CDM) cyber-security program was introduced into the Senate.
Malicious phishing apps have once again made their way into the Google Play Store, this time imitating six online banks and a cryptocurrency exchange.
Human rights organisation says spyware found in countries with dubious human rights records, report claims.
In a research study, 'Closing the IT Security Gap with Automation & AI in the Era of IoT', HPE Aruba and the Ponemon Institute concludes that AI-based security automation tools are needed to halt advanced attacks that originate from IoT devices in the workplace.
Facebook Monday announced it is expanding its bug bounty program to include vulnerabilities related to access token exposure.
There's an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices.
Federal authorities seized millions dollars' worth of cryptocurrency, luxury property, and exotic cars including a Lamborghini Aventador and a £60,665 Mini Cooper from a deceased Dark Web Kingpin.
Apple yesterday released software updates for five of its offerings: Safari, ioS, watchOS, tvOS and Apple Support for iOS.
An independent cyber-security researcher has come up with a short CSS that can force Apple iOS devices to do a full restart.
Europol's fifth annual Internet Organised Crime Threat Assessment paints a pessimistic picture of the state of the fight against cyber-crime.
An attack 'similar to' ransomware forced airport staff to take key information screens offline at Bristol Airport, and four days later full service has not yet been resumed.
A threat actor has been targeting Windows and Linux servers with a self-propagating malware mash-up that's comprised of botnet, ransomware, disk wiper, cryptomining and worm elements all in one.
Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution.
Altaba, the company created in the wake of Verizon's purchase of Yahoo, reported in an SEC filing it has reached an agreement to settle three class action suits stemming from massive data breaches for US$ 47 million (£35.8 million).
Online mega-retailer Amazon reportedly has launched an investigation into employees who may have accepted bribes from independent merchants in exchange for sharing private corporate data.
Security researchers have found flaws in most computers that would enable hackers to steal sensitive data and encryption keys.
A cyber-criminal group specialising in tech support scams has been employing an array of traffic distribution techniques, including malvertising, in order to reroute online users to browser locker pages.
Several US Senators queried Secretary of State Mike Pompeo in a letter earlier this week on why mandated cyber-security reforms, including the implementation of multifactor authentication (MFA), had not been implemented.
North Korean officials have denounced and denied a US indictment that accuses one of its citizens of helping carry out the 2017 WannaCry global ransomware attack.
Nearly one-third of surveyed companies that experienced a data breach in the previous 12 months said the incident cost certain employees their jobs.
In an effort to train up the US workforce and close the cyber-skills gap, a bipartisan group of lawmakers Thursday unveiled the Cyber Ready Workforce Act.
Police in Germany and Sweden, supported by Europol and Frontex, have arrested two suspects and searched multiple properties in a joint credit card fraud investigation.
Students and staff could be responsible for attacks on the infrastructure of universities and colleges, according to claims made by Jisc, the UK provider of IT services to the UK's education sector.
Threat actors such as the Cobalt Group and other APT gangs are using lightweight modular downloaders to scout and "fingerprint" target machines before launching their malware.
The now-shuttered XvBMC and Bubbles third-party add-on repositories, along with the still operating Gaia, have been hosting more than just software products.
The US Department of Justice has been busy on the cyber-crime front the past few days, accepting a guilty plea from a Russian national, extraditing a second in a separate case, and sentencing a Latvian citizen for a third hacking scheme.
The Cobalt Gang cybercrime group has launched a new round of phishing campaigns targeting primarily Russian and Romanian banking customers with CobInt, a recently discovered malicious backdoor and downloader.
There is a seasonal pattern to malware attacks which is particularly clear from analysing the behaviour of the Ramnit banking Trojan, according to researchers at Check Point.
Apple's Safari and Microsoft's Edge browser users are vulnerable to a bug that would allow attackers to spoof website addresses.
The Swiss-based data company Veeam exposed more than 445 million records when it used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access.
Google yesterday updated the its browser for Windows, Mac and Linux machines, fixing two vulnerabilities, including one considered high in severity.
Cyber-criminals exploited the MEGA Chrome extension to steal cryptocurrency and user credentials affecting 1.6 million users.
Attackers are increasingly turning to advanced obfuscation techniques, including tools in the PowerShell library, to evade security software, researchers say.
BlackBerry is not dead, it just moved from the physical to the digital world where it aims to utilise the mobile, security and privacy expertise gained from phones to secure the world of connected Things.
Adobe's September Patch Tuesday offering included a security update fixing an important rated update to Flash Player, along with a total of nine fixes for Cold Fusion, six of which were rated critical.
Rarely does the future of the internet end up in court, but that's no exaggeration today at Europe's highest court.
A Russian man allegedly part of a series of hacks targeting the financial industry and resulting in the theft of data on more than 80 million people, has been extradited from the nation of Georgia to the US.
Apple has more rotten apps in its App Store than many people may realise and the company is not always quick to act in removing titles that have been proven malicious, according to two new reports.
Researchers for the first time have discovered a variant of the Mirai Internet of Things botnet that targets a vulnerability found in unpatched versions of the open-source Apache Struts web app development platform.
Trend Micro researchers spotted a ransomware imitating Locky being spread via spam emails targeting European countries particularly France.
The malicious cyber-group LuckyMouse has scurried out of its hole spreading a previously unknown trojan that is particularly dangerous as it uses a legitimate digital certificate developed by a cyber-security company.
Every vendor is pushing a threat intelligence feed, program, and/or product. How does a lean organisation separate the hype from the actual value?
Brought to you in partnership with Mimecast
Phishing has been around almost as long as the internet, but its still going strong and getting more sophisticated. Why? Because it works.
Brought to you in partnership with Cofense