WikiLeaks has released a second batch of CIA attack tools, dubbed Dark Matter, which includes malware designed to exploit Mac OS X and iOS devices. But Apple contends the attacks target vulnerabilities in its software that have long been patched, so users are not at risk.
With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.
The U.S. Justice Department is reportedly preparing to charge multiple "Chinese middlemen" with helping to orchestrate the $81 million Bangladesh Bank heist on behalf of North Korea. Security experts have long been reporting that the attack code and tactics appear to trace to North Korea.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
A man who allegedly used a smartphone with a Tor proxy and VPN client to hide his online activities has been arrested and charged with narcotics distribution after U.S. Postal Service employees spotted him mailing large numbers of envelopes while wearing latex gloves.
One of the world's biggest botnets, Necurs, is back. But instead of flinging banking Trojans and ransomware, this time it's spouting spam aimed at influencing the price of cheap stocks, say security researchers from Cisco's Talos group.
As WikiLeaks reaches out to firms about code targeted via CIA attack tools contained in the "Vault 7" document dump, Cisco says its review of the leaked information led to the discovery of a zero-day flaw that affects 318 of its devices, including numerous switches.
Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says cybersecurity researcher Kevin Fu, who calls on manufacturers to address the risks.
McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
With ransomware attackers having already launched attack code with themes ranging from horror movies and Pokemon to Hitler to cats, it was only a matter of time before they decided to beam Star Trek's Kirk and Spock direct to would-be victims' PCs.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
Britain's GCHQ intelligence agency dismissed as "utterly ridiculous" claims that it conducted surveillance on then-candidate Donald Trump at the request of President Obama. The White House reportedly apologized to the British government for its comments.
As effective as ransomware has proven to be in attacks against so many organizations across regions and sectors, certain characteristics actually can help defenders gain an edge in detecting malware. Lastline's Engin Kirda explains how.
If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.