It's been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access. And what was inside that massive haul of data? The detailed personal information of 230 million consumers and 110 million business contacts - including phone numbers, addresses, dates of birth, estimated income,...

Computer security experts have discovered an unusual attack targeting users of Android devices. As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users' devices as they browsed the web. The warning message is customized to...

Yes, Apple is toughening up the security of iPhones with iOS 12. Yes, the steps Apple is taking will make it harder for law enforcement agencies to thwart iPhone security. But no, that's not the reason Apple is doing it. To understand better, let's take a little history lesson. Back in 2016, Apple CEO Tim Cook opposed court requests that his company...

Do you see anything suspicious in the message displayed above in this article's featured image? Alton Towers is giving away 5 free tickets to 500 families Many WhatsApp users would probably view it as innocent enough, appearing to offer free tickets to a British theme park. Indeed, some might be so convinced that the message is legitimate that...

At least half a million routers and storage devices in dozens of countries around the world have been infected by a sophisticated botnet, in preparation for an alleged planned cyber attack on Ukraine. The botnet, which has been given the rather unglamorous name of VPNFilter, is believed to be likely to be controlled by a state-sponsored hacking...

A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks. Officials from Mexico's central bank confirmed to Reuters that a series of "irregular" and unauthorised interbank money transfers involving large sums of money were detected late...

This month's Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks. The vulnerability, dubbed CVE-2018-8174, is a remote code execution flaw in the Windows VBScript Engine. It affects the latest version of Internet Explorer and any...

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...

What's happened? Security researchers at F-Secure have discovered a flaw that could allow millions of hotel rooms around the world to be accessed by unauthorised parties, without leaving a trace. A design flaw in the widely-used Vision by VingCard electronic lock software could have been exploited by intelligence agencies, thieves, and other...

London's Royal Borough of Kensington & Chelsea has been fined £120,000 (approximately US $170,000) by the Information Commissioner’s Office (ICO) after it unlawfully identified 943 people who owned vacant properties in the borough. How did the sensitive data leak out? Because of a sloppy understanding of how to wipe information properly out of Excel...

Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates. Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such...

Organizations have secrets. It doesn't necessarily mean that they're up to no good; they just may not have all of their corporate plans or internal communications laid bare for the outside world to see. But what's to stop someone from simply cutting-and-pasting an internal email and sending it from a webmail account to an external journalist or...

Online travel services firm Orbitz has revealed that it has suffered a "data security incident" which may have compromised the sensitive information of hundreds of thousands of customers. According to Orbitz, which was acquired by Expedia in two years ago, hackers were able to infiltrate a legacy version of the company's travel booking platform...

If you're responsible for your company network there's a strong possibility that you aren't keen on users installing BitTorrent clients. Not only might they be gobbling up vast amounts of bandwidth, but they could also be downloading pirated content or malware that could create headaches for your organisation. But in the case of the popular Russian...

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...

At least 400,000 servers are thought to be running a vulnerable program that can be tricked by a remote hacker into running malicious code. The problem is in versions of the open-source Exim message transfer agent (MTA). Exim, which was initially developed at the University of Cambridge, may not be a program familiar to the average computer user,...

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets. Security researchers at Cisco Talos describe how a massive phishing operation has been co-ordinated from Ukraine, after criminals purchased Google Adwords posing as...

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers. Data exposed during the breach included: Customers' first and last names Customers' home addresses Customers' dates of birth ...

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves? That way you don't have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment....