Brazil’s National Data Protection Authority has started an investigation into the data leak of more than 102 million mobile phone users, after a cybercriminal claimed to have obtained the data and was selling it on the dark web.
A hacker has remotely gained access to the water treatment plant in the Florida city of Oldsmar and briefly altered the level of chemicals entering the water, before an alert employee at the plant spotted what was happening.
The Netherlands' Public Prosecution Service has announced that Victor Gevers, the Dutch hacker who broke into the Twitter account of US President Donald Trump in October this year, will not be punished.
A tip from a child has led to the discovery of seven adware scam apps, available on the Apple App Store and Google Play Store, which have been downloaded more than 2.4 million times and raked in at least $500,000.
A database containing the personal information of 2.4 million people around the world, including British Prime Minister Boris Johnson and his relatives, high ranking military officers (incl. aircraft carrier captains), the Royal Family, celebrities and diplomats, has been leaked by a Chinese company with ties to the country's military and intelligence networks.
Hackers from China and Iran are targeting those working on the 2020 election campaigns of both President Donald Trump and Joe Biden, while the same Russian military hackers who interfered with the 2016 Democratic campaign are also involved.
Facebook and Google say they will stop Australians from sharing news on their platforms if Australia's new media bargaining code becomes law, after the country's competition watchdog recommended the tech giants pay news media to publish their content.
The US Government is suing North Korean hackers in order to obtain access to 280 virtual currency accounts containing in excess of $2.7 million, which was laundered through Chinese over-the-counter (OTC) cryptocurrency traders.
An extremely sophisticated and unique new peer-to-peer (P2P) botnet, which is fileless and aggressive in its brute-force attempts, has been breaching Secure Shell (SSH) servers around the world since January this year.
In a Consultation Paper titled Protecting Critical Infrastructure and Systems of National Significance, Australia's Government has proposed the possibility of taking control of critical infrastructure entities in the event of a serious national cyber threat.
A study from the USA calling for a complete ban on facial recognition technology in schools has found that using the technology is likely to amplify existing racial biases, which could result in disproportionate surveillance of some students.
A survey of 1,000 Americans by professional services firm KPMG has shone light on consumers' concern for they way companies safeguard their personal data, with 87% believing data privacy is a human right.
The bond hearing (held via Zoom) of the Florida teen accused of hacking numerous high-profile Twitter accounts has itself been hacked, with Zoombombers shouting racial slurs, playing music, and showing porno images.
Budget airline EasyJet is facing an £18 billion class-action lawsuit filed on behalf of nine million customers affected by a cyber attack which saw email addresses, travel details and credit card details accessed.
In excess of 192 million records, including the data of more than 250,000 customers, have been exposed when a server belonging to Brazilian cosmetic giant Natura was exposed to the public for two weeks.
In a pair of firsts, the National Security Agency (NSA) will publicly take credit for discovering a vulnerability and Microsoft will credit the NSA for reporting a security flaw, after critical vulnerability, CVE-2020-0601, is made public.
A German university is going 'old school' and issuing new passwords for the email accounts of all 38,000 of its students and staff ... by hand, after unknown malware was discovered in the university computer network.
Spear-phishing was behind the hack of Australia's Parliament House that saw attackers remain in the parliamentary network for eight days. But how did the hackers remain in the system for this length of time and what happened during those eight days?
Two critical vulnerabilities, both of which allow remote code execution on affected systems, have been found in rConfig, the free open-source configuration management utility which is used across 3.3 million devices.
Whatsapp is suing NSO Group, an Israeli cyber surveillance company, alleging it hacked more than 1,400 WhatsApp users, including senior government officials, journalists, political dissidents, human rights activists, and diplomats.
In a move to avoid a repeat of 'cyber interference' at the centre of the 2016 US elections, the FBI has updated resources intended to help US citizens understand and lessen the risk of foreign influence during the 2020 elections.
Eleven members of the Colombo crime family are among 20 people arrested on charges that include cyberstalking, after the discovery of a GPS tracking device on an MTA bus in New York City in November 2016.
Cisco has upgraded the severity of a vulnerability (CVE-2018-0296) from 'High' to 'Critical', after the Cisco Product Security Incident Response Team noticed the vulnerability in the wild in September 2019.
Android users are being charged hundreds of dollars for everyday apps such as calculators and barcode readers, and it's all being done within the guidelines of the in-app purchasing policy of the Google Play store.
Microsoft has taken the rare step of releasing fixes outside its usual Patch Tuesday roundup and released an emergency security update to fix two critical issues, one an Internet Explorer zero-day vulnerability and the other a Microsoft Defender bug.
High-profile accounts from the YouTube creators car community have been hacked and hijacked in what appears to be a coordinated attack, with one YouTube car enthusiast claiming that around 100,000 users were targeted.
More than 47,000 Supermicro servers in 90 countries have new vulnerabilities called USBAnywhere in their baseboard management controllers, which can allow an attacker to connect to a server and mount any USB device of their choosing to the server remotely over any network including the Internet.
Twitter founder and CEO Jack Dorsey has had his official Twitter account, @Jack (4.2 million followers) hacked. The group behind the attack used his account to tweet offensive content, including racial slurs and anti-Semitic tweets.
Personal data has been published by equipment used by the Russian Government to spy on Internet traffic. Included was information from Sarov, a 'closed town' where Russia conducts secret nuclear research.
The French National Gendarmerie and FBI have joined forces to stop Retadup, a malicious worm that has infected at least 850,000 Windows machines throughout Latin America, by making the threat destroy itself.
The data of millions of Instagram users has been scraped by one of the social media giant's officially sanctioned business partners, after a marketing company created detailed records of users' physical whereabouts, personal bios, and photos.
The details of over 100 million Capital One customers across North America have been hacked, including names, addresses, phone numbers, linked bank account numbers, social security and social insurance numbers.
The details and demo exploit code for five of six 'interactionless' vulnerabilities, which impact the iOS operating system and can be exploited via the iMessage client, have been published by Google's Project Zero team.
Chinese authorities are installing malware onto the phones of travellers crossing the border into the Xinjiang region. iPhones are connected to a machine that scans them, while a surveillance app is installed on Android phones.
The FDA has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are open to cyber attacks, allowing someone other than a patient, caregiver or healthcare provider to change the pump’s settings.
Aggression detectors 'capable' of detecting aggressive-sounding noises such as screams, gunshots, car alarms and breaking glass are being used in schools, healthcare facilities, banks and prisons worldwide, with mixed results.
Cities around the world are using technology such as facial recognition to safeguard their citizens. When does this cross the line and become an invasion of privacy? And how far are we as a society willing to go?
Officials in the US city of Riviera Beach have done what many security experts say 'you' shouldn't do. They have agreed to pay hackers the 65 Bitcoin ($600,000) ransom they have demanded for paralysing the city's computer network.
Millions of Spanish soccer fans have unknowingly spied for La Liga, the country's national football league, after the league's official Android app was discovered to be listening to fans' surroundings during TV coverage of soccer matches.
A study has shown that employees at both the top and bottom of the corporate ladder are 'going rogue' and downloading software and other material on their work devices without the knowledge of their IT departments.
After the information of 9.4 million Cathay Pacific passengers was breached in October 2018, a newly-released report by Hong Kong's privacy watchdog has found that the airline "did not take all reasonably practicable steps to protect the Affected Passengers’ personal data".
More than 25,000 Linksys Smart Wi-Fi routers are leaking information to the internet, including the MAC address of every device that has ever connected to it (full historical record), device name and operating system.
Cyber criminals know how we think and use it to their advantage. Aided by the fact 97% of people are unable to identify sophisticated fraudulent emails, phishing is on the increase and attempts have grown 65% in the last year.
When Mondelez International became a victim of the NotPetya ransomware attack in June 2017, their losses totalled more than US$100 million. The food and beverage conglomerate turned to their insurer, Zurich, and were shocked by what they heard.
Kathmandu has announced it suffered a data breach that saw customers' personal and payments information captured, including billing and shipping name, address, email and phone number. Credit and debit card details used on the Kathmandu website were also accessed.