Brazil’s National Data Protection Authority has started an investigation into the data leak of more than 102 million mobile phone users, after a cybercriminal claimed to have obtained the data and was selling it on the dark web.
A hacker has remotely gained access to the water treatment plant in the Florida city of Oldsmar and briefly altered the level of chemicals entering the water, before an alert employee at the plant spotted what was happening.
In the wake of a hacker scraping 99% (80TB) of posts from social media website Parler, it's been revealed the process was made easier by the site's extremely poor coding and security.
The Netherlands' Public Prosecution Service has announced that Victor Gevers, the Dutch hacker who broke into the Twitter account of US President Donald Trump in October this year, will not be punished.
The US Federal Trade Commission has announced that Zoom will be required to implement a "robust information security program" to ensure the ongoing security of its users.
More than three terabytes of clips from thousands of home security cameras have been shared online, with 'lifetime access' to the vision being offered for US$150.
A tip from a child has led to the discovery of seven adware scam apps, available on the Apple App Store and Google Play Store, which have been downloaded more than 2.4 million times and raked in at least $500,000.
Wireless networks within the US Department of the Interior (DoI) have been successfully breached ... not by high tech equipment, but $200 test units hidden in backpacks.
The source code of the Cerberus mobile banking Trojan has been released for free after failing to sell for a hoped-for $100,000 when put up for auction on Russian hacking forums.
A database containing the personal information of 2.4 million people around the world, including British Prime Minister Boris Johnson and his relatives, high ranking military officers (incl. aircraft carrier captains), the Royal Family, celebrities and diplomats, has been leaked by a Chinese company with ties to the country's military and intelligence networks.
Hackers from China and Iran are targeting those working on the 2020 election campaigns of both President Donald Trump and Joe Biden, while the same Russian military hackers who interfered with the 2016 Democratic campaign are also involved.
India's most popular shopping app has sent a 'seize and desist' notice to a US cybersecurity startup, demanding it stops claiming the app's database has been hacked.
The State Bank of Chile (Banco Estado), the third largest bank in Chile and its only public bank, was forced to shut all its branches after it was hit by a ransomware attack.
The stock market, banks, news organisations and online weather service in New Zealand have all been targeted by a series of "unprecedented" DDoS attacks.
Facebook and Google say they will stop Australians from sharing news on their platforms if Australia's new media bargaining code becomes law, after the country's competition watchdog recommended the tech giants pay news media to publish their content.
The US Government is suing North Korean hackers in order to obtain access to 280 virtual currency accounts containing in excess of $2.7 million, which was laundered through Chinese over-the-counter (OTC) cryptocurrency traders.
Researchers have shown it's possible to use a smartphone to duplicate an actual key and pick a physical lock, by using a smartphone microphone to work out the shape of a key.
A California based company has launched a 'face-pay' service that allows its customers to take a selfie, upload it via the company app and use it as a form of payment ID.
An extremely sophisticated and unique new peer-to-peer (P2P) botnet, which is fileless and aggressive in its brute-force attempts, has been breaching Secure Shell (SSH) servers around the world since January this year.
In a Consultation Paper titled Protecting Critical Infrastructure and Systems of National Significance, Australia's Government has proposed the possibility of taking control of critical infrastructure entities in the event of a serious national cyber threat.
A study from the USA calling for a complete ban on facial recognition technology in schools has found that using the technology is likely to amplify existing racial biases, which could result in disproportionate surveillance of some students.
Researchers have shown during a virtual presentation at the Defcon hacker conference how they were able to use a simple technique to hack traffic signals used by cyclists in the Netherlands.
A survey of 1,000 Americans by professional services firm KPMG has shone light on consumers' concern for they way companies safeguard their personal data, with 87% believing data privacy is a human right.
The bond hearing (held via Zoom) of the Florida teen accused of hacking numerous high-profile Twitter accounts has itself been hacked, with Zoombombers shouting racial slurs, playing music, and showing porno images.
Budget airline EasyJet is facing an £18 billion class-action lawsuit filed on behalf of nine million customers affected by a cyber attack which saw email addresses, travel details and credit card details accessed.
In excess of 192 million records, including the data of more than 250,000 customers, have been exposed when a server belonging to Brazilian cosmetic giant Natura was exposed to the public for two weeks.
Engineers at Southern Methodist University in Texas have developed software that detects ransomware, even new strains, before damage can be inflicted on a user's computer.
Video chat company Zoom is being sued by Saint Paulus Lutheran Church, one of the oldest churches in San Francisco, after an attacker hacked users' computers and played "sick and disturbing videos".
A vulnerability in Intel's Thunderbolt port, which is found in millions of PCs, allows an attacker with a few minutes physical access to the device to read and copy all its data.
Researchers have discovered vulnerabilities, one a critical zero-day, in the Wordpress plugins Elementor Pro and Ultimate Addons for Elementor, which are installed on more than 1.1 million sites.
Brute force and credential stuffing attacks are the main cause of security incidents against financial services organizations over the past three years, with DDoS attacks in second place.
A ransomware attack on the city of Stuart, Florida, has resulted in at least six suspected drug dealers walking free, after its police department was unable to access crucial case files.
In a pair of firsts, the National Security Agency (NSA) will publicly take credit for discovering a vulnerability and Microsoft will credit the NSA for reporting a security flaw, after critical vulnerability, CVE-2020-0601, is made public.
A German university is going 'old school' and issuing new passwords for the email accounts of all 38,000 of its students and staff ... by hand, after unknown malware was discovered in the university computer network.
Russia has blocked one of the domains used by stock photo and footage agency, Shutterstock, after it posted a photo of a small Russian flag planted in a pile of faeces.
A convicted Nigerian scammer serving a 24-year jail term has allegedly been involved in a million dollar scam run from inside the Lagos prison housing him.
Spear-phishing was behind the hack of Australia's Parliament House that saw attackers remain in the parliamentary network for eight days. But how did the hackers remain in the system for this length of time and what happened during those eight days?
Google is drawing fire over its Project Nightingale, which involves the transfer of medical data - from Ascension, the USA's second-largest healthcare provider - of 50 million Americans.
A new ransomware-as-a-service - Buran - is offering discounted rates. Whereas most RaaS services ask for 30-40% commission, the makers of Buran ask for 25% ... and this rate is open to negotiation.
A vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to gain unauthorised access to the user's Wi-Fi network credentials and other devices using the network.
Two critical vulnerabilities, both of which allow remote code execution on affected systems, have been found in rConfig, the free open-source configuration management utility which is used across 3.3 million devices.
Whatsapp is suing NSO Group, an Israeli cyber surveillance company, alleging it hacked more than 1,400 WhatsApp users, including senior government officials, journalists, political dissidents, human rights activists, and diplomats.
Malware has been found on the administrative network of the Kudankulam Nuclear Power Plant in India. The malware has been identified as one used by North Korean state hackers, Lazarus Group.
In excess of 1.3 million payment cards, with a possible value of more than US$130 million, are being sold on Joker's Stash, the dark web's largest virtual store for stolen card data.
In a move to avoid a repeat of 'cyber interference' at the centre of the 2016 US elections, the FBI has updated resources intended to help US citizens understand and lessen the risk of foreign influence during the 2020 elections.
The Australian Federal Police's first "restraint and forfeiture of Bitcoin" has hit paydirt with a 20-fold return after a gun runner was charged with the importation of three firearms.
China’s propaganda chief, speaking at the World Internet Conference, has stated that Cold War thinking and bully behaviour have hindered exchanges in cyberspace.
Researchers have discovered a years-old botnet that is now being used to send sextortion emails to victims, millions at a time, and making cyber criminals a tidy profit for little work.
Mastercard, eBay, Stripe and Visa have joined PayPal and parted ways with Libra Association, the organization working with Facebook to set up their crptocurrency, Libra.
A member of the Hong Kong Legislative Council has written to Apple CEO Tim Cook asking that Apple lift its ban on HKmap.live, after the app was removed from the Apple store.
A recently disclosed vBulletin zero-day (CVE-2019-16759) has been used to hack, and steal information from, online forums used by sex workers and their clients.
Around one million New Zealanders had their data compromised by a security breach at one of NZ's Primary Health Organisations, Tū Ora Compass Health, after a "global cyber incident".
A ransomware attacker got a taste of their own medicine when one of their victims hacked their server and released the decryption keys for other victims to use.
Eleven members of the Colombo crime family are among 20 people arrested on charges that include cyberstalking, after the discovery of a GPS tracking device on an MTA bus in New York City in November 2016.
Customer service software company Zendesk has been alerted to the three-year-old data breach that affected customer accounts activated before November 1, 2016.
Microsoft is making Windows 7 Extended Security Updates available to businesses of any size, instead of just larger companies with volume licensing agreements, through to January 2023.
One of the world's largest manufacturers of hearing aids, Demant, estimates that a cyber crime 'incident' will cost the company up to US$95 million, one of the most costly attacks in recent years.
Cisco has upgraded the severity of a vulnerability (CVE-2018-0296) from 'High' to 'Critical', after the Cisco Product Security Incident Response Team noticed the vulnerability in the wild in September 2019.
The 'WhiteShadow' downloader allows threat actors to potentially incorporate the downloader and associated Microsoft SQL Server infrastructure into their attacks.
Food delivery service DoorDash have confirmed that nearly 5 million consumers, Dashers, and merchants had their data compromised by a third-party service provider.
Android users are being charged hundreds of dollars for everyday apps such as calculators and barcode readers, and it's all being done within the guidelines of the in-app purchasing policy of the Google Play store.
Seventeen US utility companies - upgraded from three companies - were targeted by speak-phishing attacks between early April and late August this year.
Microsoft has taken the rare step of releasing fixes outside its usual Patch Tuesday roundup and released an emergency security update to fix two critical issues, one an Internet Explorer zero-day vulnerability and the other a Microsoft Defender bug.
High-profile accounts from the YouTube creators car community have been hacked and hijacked in what appears to be a coordinated attack, with one YouTube car enthusiast claiming that around 100,000 users were targeted.
The trojan malware botnet Emotet has reappeared and resumed its business of sending infected spam around the world, after lying dormant for four months.
The Australian Government has released its Data Sharing and Release Legislative Reforms Discussion Paper, in which it states its willingness to share its citizens' data without their consent.
One of the world's most infamous malware, Stuxnet, was delivered to its Iranian target in 2007 by a mole recruited by the Dutch intelligence agency, AIVD, while also working for the CIA and Mossad.
The US city of New Bedford, Massachusetts, rejected a ransom demand of $5.3 million and came back with a counter-offer of $400,000, while restoring encrypted data from backup.
More than 47,000 Supermicro servers in 90 countries have new vulnerabilities called USBAnywhere in their baseboard management controllers, which can allow an attacker to connect to a server and mount any USB device of their choosing to the server remotely over any network including the Internet.
Twitter founder and CEO Jack Dorsey has had his official Twitter account, @Jack (4.2 million followers) hacked. The group behind the attack used his account to tweet offensive content, including racial slurs and anti-Semitic tweets.
Personal data has been published by equipment used by the Russian Government to spy on Internet traffic. Included was information from Sarov, a 'closed town' where Russia conducts secret nuclear research.
The French National Gendarmerie and FBI have joined forces to stop Retadup, a malicious worm that has infected at least 850,000 Windows machines throughout Latin America, by making the threat destroy itself.
Medical systems built now are often three to four years away from market and will be in place for 10-15 years, so today's security technology will be 'old school' for 15-20 years.
A high-severity privilege escalation vulnerability - CVE-2019-6177 - has been discovered in Lenovo Solution Center software, where it could have been sitting for up to eight years.
A new survey shows that, among other things, nearly two thirds of registered US voters will not vote for candidates who approve of making ransomware payments.
Twenty-three towns in Texas have been attacked by a co-ordinated ransomware attack, in what authorities believe was the actions of a single threat actor.
An ex-employee has been paid at least $300,000 ransom by his former employer, Asurion, after claiming he stole the private data of more than a million customers, as well as thousands of employees.
A study showing some of the initial results of Google's 'Password Checkup extension for Chrome' shows that hundreds of thousands are still using breached usernames and passwords.
A multi-million dollar fine is on the cards for Australia's biggest medical appointment booking app, after it was found to be selling patient data to insurance brokers.
The data of millions of Instagram users has been scraped by one of the social media giant's officially sanctioned business partners, after a marketing company created detailed records of users' physical whereabouts, personal bios, and photos.
A confidential UN report has found that North Korea used cyberattacks on banks and cryptocurrency exchanges to steal US$2 billion and fund its weapons of mass destruction program.
Thousands of National Australia Bank (NAB) customers have had 'some personal information' compromised after the bank uploaded the details to the servers of two 'data service companies'.
The details of over 100 million Capital One customers across North America have been hacked, including names, addresses, phone numbers, linked bank account numbers, social security and social insurance numbers.
The details and demo exploit code for five of six 'interactionless' vulnerabilities, which impact the iOS operating system and can be exploited via the iMessage client, have been published by Google's Project Zero team.
A newly-publicised mobile malware has been linked to a Russian company that had sanctions imposed on it for alleged interference in the 2016 US presidential election.
The anonymous white-hat group, Intrusion Truth, have doxed three hackers believed to be members of a group known as APT17, with links to the Chinese Government.
Software developers are playing a leading role in the day-to-day operational responsibility for application security, as information security teams testing products before release become irrelevant.
One of Australia's leading telcos is keeping its legacy systems free from encryption, and is doing so in accordance with the country's Data Retention Act.
Despite the cybercriminals behind the ransomware-as-a-service GandCrab saying they would go into retirement, it appears the RaaS may have resurfaced under another guise.
Hackers infiltrate the DNS settings of over 180,000 routers in Brazil and redirect victims to phishing pages for online giants such as PayPal, Netflix, Gmail, and Uber.
Chinese authorities are installing malware onto the phones of travellers crossing the border into the Xinjiang region. iPhones are connected to a machine that scans them, while a surveillance app is installed on Android phones.
Google's Project Zero has found a vulnerability that can brick an iPhone, with the only option left for users being to wipe their device (losing all data) and start over with factory settings.
Security researchers have found a user database, belonging to a company that operates a smart home device management platform and consisting two billion records,
The FDA has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are open to cyber attacks, allowing someone other than a patient, caregiver or healthcare provider to change the pump’s settings.
Aggression detectors 'capable' of detecting aggressive-sounding noises such as screams, gunshots, car alarms and breaking glass are being used in schools, healthcare facilities, banks and prisons worldwide, with mixed results.
A study by researchers at the University of Colorado Boulder has found that Presidential Alerts sent by the US Wireless Emergency Alert (WEA) system may be vulnerable to attack.
Cities around the world are using technology such as facial recognition to safeguard their citizens. When does this cross the line and become an invasion of privacy? And how far are we as a society willing to go?
Officials in the US city of Riviera Beach have done what many security experts say 'you' shouldn't do. They have agreed to pay hackers the 65 Bitcoin ($600,000) ransom they have demanded for paralysing the city's computer network.
Several vulnerabilities have been found in Microsoft Management Console (MMC), allowing an attacker to deliver a malicious payload via an integrated snap-in component in MMC.
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels, the most serious allowing a remotely-triggered kernel panic on recent Linux kernels.
Around 20 million people may have had their details compromised at that American Medical Collection Agency (AMCA), after a cyber breach that lasted eight months (Aug 1, 2018 - March 30, 2019).
Millions of Spanish soccer fans have unknowingly spied for La Liga, the country's national football league, after the league's official Android app was discovered to be listening to fans' surroundings during TV coverage of soccer matches.
Legendary Indie band, Radiohead, have screwed over a hacker by releasing the same music the hacker 'accessed' and for which he/she/they demanded a reported $150,000 ransom.
A study has shown that employees at both the top and bottom of the corporate ladder are 'going rogue' and downloading software and other material on their work devices without the knowledge of their IT departments.
June's Patch Tuesday security updates have come with a warning from Microsoft that it will block the pairing of several Bluetooth Low Energy (BLE) security keys on Windows.
A botnet - named GoldBrute - has been discovered attempting to bruteforce its way into over 1.5 million Remote Desktop Protocol (RDP) servers exposed to the Internet.
After the information of 9.4 million Cathay Pacific passengers was breached in October 2018, a newly-released report by Hong Kong's privacy watchdog has found that the airline "did not take all reasonably practicable steps to protect the Affected Passengers’ personal data".
More than 25,000 Linksys Smart Wi-Fi routers are leaking information to the internet, including the MAC address of every device that has ever connected to it (full historical record), device name and operating system.
Cyber criminals know how we think and use it to their advantage. Aided by the fact 97% of people are unable to identify sophisticated fraudulent emails, phishing is on the increase and attempts have grown 65% in the last year.
A male stripper and Arabic memes were among things that greeted viewers of Cartoon Network websites in at least 16 countries throughout Europe, South America, the Middle East and Africa.
The FBI’s Internet Crime Complaint Centre (IC3) has released its 2018 Internet Crime Report and, while its contents mostly relate to cybercrime in the US, its findings aren't good.
When Mondelez International became a victim of the NotPetya ransomware attack in June 2017, their losses totalled more than US$100 million. The food and beverage conglomerate turned to their insurer, Zurich, and were shocked by what they heard.
The 2019 Telstra Security Report, covering more than 300 Aussie companies, has found that 48% had experienced a cyber attack in the past year, up 33% on 2018 figures
Kathmandu has announced it suffered a data breach that saw customers' personal and payments information captured, including billing and shipping name, address, email and phone number. Credit and debit card details used on the Kathmandu website were also accessed.
The original notice about the Starwood guest reservation database security incident - released on November 30, 2018 - stated there may have been information on up to 500 million guests involved.
