Freelancer.com alerts users to recycled compromised credentials in its database

The online marketplace told users it detected login credentials matching its customers in a publicly accessible database.

Symantec distrust to begin in Chrome from April 2018

Google's browser will start the process of removing trust from old Symantec TLS certificates in Chrome 66.

Broadpwn flaw allows for remote takeover of smartphones

Makes self-propagating malware possible.

The Lazy Habits of Phishing Attackers

Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.

Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack

Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.

Inside the Investigation and Trial of Roman Seleznev

The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.

Attack Uses Docker Containers To Hide, Persist, Plant Malware

Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.

Police arrest alleged perpetrator of Fairfax DDoS

Joint effort nabs Seattle resident.

Virgin America says a hacker broke into its network, forced staff to change passwords

The attack happened days before the company was to be acquired by Alaska Air.

Google Study Quantifies Ransomware Profits

A ransomware study released Google revealed the malware earned criminals $25 million over the past two years.

How these fake Facebook and LinkedIn profiles tricked people into friending state-backed hackers

A hacking operation used photos from an unsuspecting victim's Instagram account as the lure in a campaign that lasted well over a year.

How to Build a Path Toward Diversity in Information Security

Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.

Downtime from Ransomware More Lethal to Small Businesses Than the Ransom

New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.

This Android spyware can record calls, take screenshots and video, targets Gmail, LinkedIn, Snapchat data

Google uncovers espionage conducting malware which monitors and steals information about the target - including emails, messages and calls.

No More Ransom project helps thousands of ransomware victims

After only a year, the initiative has unlocked thousands of devices, but there is more work to do.

Firing a Locked Smart Gun

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable.

How Attackers Use Machine Learning to Predict BEC Success

Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.

Android Sypware Still Collects PII Despite Outcry

Spyware called Adups found on millions of low-end phones is still collecting personal identifiable information of users despite public outcry.

Vulnerable Radiation Monitoring Devices Won’t Be Patched

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Adobe's Move to Kill Flash Is Good for Security

In recent years, Flash became one of the buggiest widely used apps out there.

Security flaw in 3G, 4G LTE networks lets hackers track phone locations

The researchers say "very little" can be done to prevent stingray-style surveillance attacks.

Car Wash Hack Can Strike Vehicle, Trap Passengers, Douse Them

Hack On Italy's Largest Bank Affects 400,000 Customers

Hackers' Own Tools Are Full Of Vulnerabilities

Majority of Consumer Believe IoT Needs Security Built In

Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.

Windows SMB Zero Day to Be Disclosed During DEF CON

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.

Facebook to Give $1 Million in Prize Money to Security Researchers

The social media giant hopes the money will spur more research into ways to defend Internet users against the more prevalent and common methods of attack.

Facebook to Give $1 Million in Prize Money to Security Researchers

The social media giant hopes the money will spur more research into ways to defend Internet users against the more prevalent and common methods of attack.

Roombas will Spy on You

The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects.

Illegal Kodi plugins may compromise your personal security

Certain third-party add-ons used to find pirated material may no longer be trustworthy.

Kaspersky Lab hands out free anti-virus

In a bid to 'secure the whole world', the Russian security firm is offering up free anti-virus protection globally.

South Australia reportedly drafting laws to force passwords out of suspects

Suspected criminals will have to reveal their computer passwords to police under proposed new child protection laws in South Australia.

The SEC Just Ruled That Ethereum ICO Tokens Are Securities

Las Vegas Locks Down Ahead Of DEFCON

Iranian Cyber Espionage Group CopyKittens Are Successful, But Not Skilled

Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.

Iranian Cyber Espionage Group CopyKittens are Successful, But Not Skilled

Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.

Academia’s Role in Security Skills Gap Examined

At Black Hat, two RIT professors are expected to deliver a talk about the professional skills gap in security and how academic programs are falling short.

Microsoft commits to eliminating Flash support in Windows by 2020

Microsoft is going public with its step-by-step plan for removing Adobe Flash support in Windows by the end of 2020.

Pwning the mainframe: How to hack the "most secure" platform on Earth

A researcher found a security flaw that granted him access to a mainframe's vital, sensitive data.

Novel Attack Tricks Servers to Cache, Expose Personal Data

Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.

Video: Cash Machine Hacked In 5 Minutes

This ransomware lets crooks spot their victim on a map

Ransomware has always been sinister - now it's creepy too.

Using AI to Break Detection Models

Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.

Black Hat USA 2017 Preview

Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas.

Regulators Question Wells Fargo Regarding Data Breach

Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.

Custom Source Code Accounts for 93% of App Vulnerabilities

A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.

IBM patent uses printed circuit boards to protect cryptographic codes

Big Blue's new patent aims to protect cryptographic keys and make them tamper-resistant.

Another Queensland police officer charged with computer hacking

A 39-year-old senior constable is due to appear in court on August 14 on charges of computer hacking and unauthorised use of information.

Snopes is in danger of closing its doors due to a business dispute

The well-known fact-checking site claims it's being held hostage by an outside vendor. But under the surface, there's a fight between contending ownership groups.

Dashlane, Researcher at Odds Over Potential Privilege Escalation Vulnerability

Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application.

Hacker Admits to Mirai Attack Against Deutsche Telekom

A hacker that goes by the name “BestBuy” admitted to a German court that he was behind an attack last year that knocked over a million Deutsche Telekom customers offline.

7 Hardware & Firmware Hacks Highlighted at Black Hat 2017

Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.

Companies Are Still Dealing With The Aftermath Of Petya

Sweden Leaked Every Car Owners' Details Last Year

Someone Tried To Off John McAfee?

China Wants To Build A $150 Billion AI Industry

IBM launches new security testing services for IoT, automotive

As the number of connected devices proliferates, security testing should occur completely through development to deployment, IBM says.

New details emerge on Fruitfly, a near-undetectable Mac backdoor

The malware went largely undetected for several years and is only detectable on a handful of security products, but the "fully featured" Mac backdoor can take control of an entire computer.

Weak Docker security could lead to magnified cybersecurity threat due to efficiency of containers

Unsecured instances of Docker can lead to potentially large vulnerabilities inside the data center. Here's what you need to know right now.

US Army Researching Bot Swarms

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of l ...

32M employees offered biochip hand implants for work monitoring, payments

The chips can be used to login to PCs, use company machines, and make purposes -- but how many will sign up?

Sweden exposed sensitive data on citizens, military personnel

Sent unredacted drivers licence database to marketers.

Microsoft rolls out cloud-based fuzzing tool

"Project Springfield" comes alive.

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's the second in two months. Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Dump the snake oil and show security researchers some respect

Hacker Summer Camp kicks off this weekend, and with many conferences, there's a very noticeable "race to first" by marketing teams. In that race, marketers need to first revere the research and respect the researchers, especially heading into the next 10 ...

Symantec Tricked Into Removing Legit Certificates By Security Researcher

Cyberwar Looms As Diplomats Dither

Money Site Sent 7 Million Spam Emails

20 Questions for Improving SMB Security

Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.

Hacking a Segway

The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used ...

Cyberwar looms as diplomats dither

Simulations at ANU's National Security College suggest that the world is sleepwalking towards war. Meanwhile, international cyber negotiations could be set back a decade.

Symantec tricked into revoking SSL certs with fake keys

Journo tests legitimacy processes.

Law enforcement shuts down two biggest dark web marketplaces

AlphaBay, Hansa gone.

#HackTor: Tor Opens up its Bug Bounty Program

The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.

Healthcare Industry Lacks Awareness of IoT threat, Survey Says

Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.

US Banks Targeted with Trickbot Trojan

Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.